Home >Java >javaTutorial >What is the execution process of SpringBoot integrating Spring Security filter chain loading?
In the Spring Boot project, we introduce the Spring Security dependency and do nothing. When the project Spring Security is started, it will take effect. The access request is intercepted.
Spring Boot provides an automated configuration solution for Spring Security, which allows you to use Spring Security with less configuration.
So how does this filter chain load and implement interception?
When the Spring Boot project is started, the SecurityFilterAutoConfiguration
class The DelegatingFilterProxyRegistrationBean
registration filter will be loaded, with the name springSecurityFilterChain
.
Note: The name of springSecurityFilterChain is fixed.
DelegatingFilterProxyRegistrationBean
After successful registration, the filter is loaded into the register. Then call the getFilter() method to generate the DelegatingFilterProxy
proxy object and register it in IOC
.
When we access the project, we will enter the doFilter
method of the DelegatingFilterProxy
class .
The DelegatingFilterProxy class is essentially a Filter, which indirectly implements the Filter interface, but in doFilter, it actually calls the implementation class of the proxy Filter obtained from the Spring container.
The returned FilterChainProxy
object.
It can be seen that the DelegatingFilterProxy
class gets a FilterChainProxy
filter through the name springSecurityFilterChain
, and this filter is ultimately executed. doFilter
method.
Verify that the springSecurityFilterChain noun cannot be modified
View the initDelegate method.
FilterChainProxy
class is essentially a Filter, so view the doFilter
method. Pay attention to the properties in this class.
public class FilterChainProxy extends GenericFilterBean { private static final Log logger = LogFactory.getLog(FilterChainProxy.class); private static final String FILTER_APPLIED = FilterChainProxy.class.getName().concat(".APPLIED"); // 过滤器链 private List<SecurityFilterChain> filterChains; private FilterChainProxy.FilterChainValidator filterChainValidator; private HttpFirewall firewall;
Are you surprised? All 15 filters are here!
It turns out that these filters are encapsulated into SecurityFilterChain objects.
##5 View the SecurityFilterChain interfaceSecurityFilterChain class is an interface, and there is only one implementation class
DefaultSecurityFilterChain class.
DefaultSecurityFilterChainThe constructor method of the class initializes the List filters, which are put in by passing parameters.
Spring Security The filter chain is handed over to
Spring boot for automatic configuration by
SpringBootWebSecurityConfigurationClass creation injection.
WebSecurityConfigurerAdapter class.
Use OrderedFilter for proxy and set the order attribute.
After the addition is completed, encapsulate these filters into DefaultSecurityFilterChain objects.
Finally load springSecurityFilterChain through WebSecurityConfiguration configuration. The securityFilterChains attribute is maintained in WebSecurityConfiguration and will store all filters in the filter chain.
The above is the detailed content of What is the execution process of SpringBoot integrating Spring Security filter chain loading?. For more information, please follow other related articles on the PHP Chinese website!