Home >Java >javaTutorial >What is the execution process of SpringBoot integrating Spring Security filter chain loading?

What is the execution process of SpringBoot integrating Spring Security filter chain loading?

王林
王林forward
2023-05-11 22:55:041109browse

    1. Introduction

    In the Spring Boot project, we introduce the Spring Security dependency and do nothing. When the project Spring Security is started, it will take effect. The access request is intercepted.

    Spring Boot provides an automated configuration solution for Spring Security, which allows you to use Spring Security with less configuration.

    So how does this filter chain load and implement interception?

    2. Spring Security filter chain loading

    1.2. Register a filter named springSecurityFilterChain

    When the Spring Boot project is started, the SecurityFilterAutoConfiguration class The DelegatingFilterProxyRegistrationBean registration filter will be loaded, with the name springSecurityFilterChain.

    What is the execution process of SpringBoot integrating Spring Security filter chain loading?

    Note: The name of springSecurityFilterChain is fixed.

    DelegatingFilterProxyRegistrationBean After successful registration, the filter is loaded into the register. Then call the getFilter() method to generate the DelegatingFilterProxy proxy object and register it in IOC.

    What is the execution process of SpringBoot integrating Spring Security filter chain loading?

    3. View the DelegatingFilterProxy class

    When we access the project, we will enter the doFilter method of the DelegatingFilterProxy class .

    The DelegatingFilterProxy class is essentially a Filter, which indirectly implements the Filter interface, but in doFilter, it actually calls the implementation class of the proxy Filter obtained from the Spring container.

    What is the execution process of SpringBoot integrating Spring Security filter chain loading?

    The returned FilterChainProxy object.

    It can be seen that the DelegatingFilterProxy class gets a FilterChainProxy filter through the name springSecurityFilterChain, and this filter is ultimately executed. doFilter method.

    Verify that the springSecurityFilterChain noun cannot be modified
    View the initDelegate method.

    What is the execution process of SpringBoot integrating Spring Security filter chain loading?

    4. View the FilterChainProxy class

    FilterChainProxy class is essentially a Filter, so view the doFilter method. Pay attention to the properties in this class.

    public class FilterChainProxy extends GenericFilterBean {
        private static final Log logger = LogFactory.getLog(FilterChainProxy.class);
        private static final String FILTER_APPLIED =
                FilterChainProxy.class.getName().concat(".APPLIED");
        // 过滤器链
        private List<SecurityFilterChain> filterChains;
        private FilterChainProxy.FilterChainValidator filterChainValidator;
        private HttpFirewall firewall;

    4.1 View doFilterInternal method

    Are you surprised? All 15 filters are here!

    What is the execution process of SpringBoot integrating Spring Security filter chain loading?

    4.2 View the getFilters method

    It turns out that these filters are encapsulated into SecurityFilterChain objects.

    What is the execution process of SpringBoot integrating Spring Security filter chain loading?

    ##5 View the SecurityFilterChain interface

    SecurityFilterChain class is an interface, and there is only one implementation class DefaultSecurityFilterChain class.
    DefaultSecurityFilterChainThe constructor method of the class initializes the List filters, which are put in by passing parameters.

    What is the execution process of SpringBoot integrating Spring Security filter chain loading?

    When are the filter chain parameters passed in?

    6. View the SpringBootWebSecurityConfiguration class

    Create

    Spring Security The filter chain is handed over to Spring boot for automatic configuration by SpringBootWebSecurityConfigurationClass creation injection.

    What is the execution process of SpringBoot integrating Spring Security filter chain loading?

    View the

    WebSecurityConfigurerAdapter class.

    What is the execution process of SpringBoot integrating Spring Security filter chain loading?

    Then the HttpSecurity object will be injected. HttpSecurity can be understood as the http core configuration of Spring Security, which stores the filter chain, request matching path and other related authentication and authorization important information in Spring Security. method.

    Then we started to create the Spring Security filter chain, which was automatically configured by Spring Boot. There are 15 filters in total.

    Use OrderedFilter for proxy and set the order attribute.
    After the addition is completed, encapsulate these filters into DefaultSecurityFilterChain objects.

    Finally load springSecurityFilterChain through WebSecurityConfiguration configuration. The securityFilterChains attribute is maintained in WebSecurityConfiguration and will store all filters in the filter chain.

    The above is the detailed content of What is the execution process of SpringBoot integrating Spring Security filter chain loading?. For more information, please follow other related articles on the PHP Chinese website!

    Statement:
    This article is reproduced at:yisu.com. If there is any infringement, please contact admin@php.cn delete