SpringSecurity之基本原理——過濾器加載過程

點擊上方“藍字”，發(fā)現(xiàn)更多精彩。

前一篇講解了S p r i n g S e c u r i t y的過濾器鏈的基本只是，今天我們就要進入過濾器，看看其加載過程是如何的？

相信認真度過第一篇文章的小伙伴還記得，我說在S p r i n g B o o t出現(xiàn)后，幫助我們省去了那些繁瑣的配置，實現(xiàn)了自動配置。那么，我們更應該了解他是如何實現(xiàn)自動加載的了！

0 1 過濾器如何進行加載

要是用過濾器，就必須配置過濾器 DelegatingFilterProxy ，之所以我們在前面的示例中沒有進行配置，是因為Spring Boot 為我們完成了。

具體的加載邏輯如下圖所示：

0 2 代碼實現(xiàn)

首先進入到DelegatingFilterProxy類中的d o F i l t e r中

                
                  
                    

                
                
                     public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
                
                
                  
                    

                
                
                          Filter delegateToUse = this.delegate;
                
                
                  
                    

                
                
                          if (delegateToUse == null) {
                
                
                  
                    

                
                
                              Object var5 = this.delegateMonitor;
                
                
                  
                    

                
                
                              synchronized(this.delegateMonitor) {
                
                
                  
                    

                
                
                                  delegateToUse = this.delegate;
                
                
                  
                    

                
                
                                  if (delegateToUse == null) {
                
                
                  
                    

                
                
                                      WebApplicationContext wac = this.findWebApplicationContext();
                
                
                  
                    

                
                
                                      if (wac == null) {
                
                
                  
                    

                
                
                                          throw new IllegalStateException("No WebApplicationContext found: no ContextLoaderListener or DispatcherServlet registered?");
                
                
                  
                    

                
                
                                      }
                
                
                  
                    

                
                
                  
                    

                
                
                  
                    

                
                
                                      delegateToUse = this.initDelegate(wac);
                
                
                  
                    

                
                
                                  }
                
                
                  
                    

                
                
                  
                    

                
                
                  
                    

                
                
                                  this.delegate = delegateToUse;
                
                
                  
                    

                
                
                              }
                
                
                  
                    

                
                
                          }
                
                
                  
                    

                
                
                  
                    

                
                
                  
                    

                
                
                          this.invokeDelegate(delegateToUse, request, response, f i l t e r C h a i n);
                
                
                  
                    

                
                
                      }
                
                
                  
                    

                
                
                  
                    

                
                
                  
                    

                
                
                  執(zhí)行delegateToUse = this.initDelegate(wac);后進入到F i l t e r C h a i n P r o x y 類中，
                
                
                  
                    

                
                
                  
                    

                
                
                  
                    

                
                
                  List<Filter> filters = this.getFilters((HttpServletRequest)firewallRequest);加載所有的過濾器
                
                
                  
                    

                
                
                   public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
                
                
                  
                    

                
                
                          boolean clearContext = request.getAttribute(FILTER_APPLIED) == null;
                
                
                  
                    

                
                
                          if (!clearContext) {
                
                
                  
                    

                
                
                              this.doFilterInternal(request, response, chain);
                
                
                  
                    

                
                
                          } else {
                
                
                  
                    

                
                
                              try {
                
                
                  
                    

                
                
                                  request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
                
                
                  
                    

                
                
                                  this.doFilterInternal(request, response, chain);
                
                
                  
                    

                
                
                              } catch (Exception var11) {
                
                
                  
                    

                
                
                                  Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(var11);
                
                
                  
                    

                
                
                                  Throwable requestRejectedException = this.throwableAnalyzer.getFirstThrowableOfType(RequestRejectedException.class, causeChain);
                
                
                  
                    

                
                
                                  if (!(requestRejectedException instanceof RequestRejectedException)) {
                
                
                  
                    

                
                
                                      throw var11;
                
                
                  
                    

                
                
                                  }
                
                
                  
                    

                
                
                  
                    

                
                
                  
                    

                
                
                                  this.requestRejectedHandler.handle((HttpServletRequest)request, (HttpServletResponse)response, (RequestRejectedException)requestRejectedException);
                
                
                  
                    

                
                
                              } finally {
                
                
                  
                    

                
                
                                  SecurityContextHolder.clearContext();
                
                
                  
                    

                
                
                                  request.removeAttribute(FILTER_APPLIED);
                
                
                  
                    

                
                
                              }
                
                
                  
                    

                
                
                  
                    

                
                
                  
                    

                
                
                          }
                
                
                  
                    

                
                
                      }
                
                
                  
                    

                
                
                  
                    

                
                
                  
                    

                
                
                  private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
                
                
                  
                    

                
                
                          FirewalledRequest firewallRequest = this.firewall.getFirewalledRequest((HttpServletRequest)request);
                
                
                  
                    

                
                
                          HttpServletResponse firewallResponse = this.firewall.getFirewalledResponse((HttpServletResponse)response);
                
                
                  
                    

                
                
                          List<Filter> filters = this.getFilters((HttpServletRequest)firewallRequest);
                
                
                  
                    

                
                
                          if (filters != null && filters.size() != 0) {
                
                
                  
                    

                
                
                              if (logger.isDebugEnabled()) {
                
                
                  
                    

                
                
                                  logger.debug(LogMessage.of(() -> {
                
                
                  
                    

                
                
                                      return "Securing " + requestLine(firewallRequest);
                
                
                  
                    

                
                
                                  }));
                
                
                  
                    

                
                
                              }
                
                
                  
                    

                
                
                  
                    

                
                
                  
                    

                
                
                              FilterChainProxy.VirtualFilterChain virtualFilterChain = new FilterChainProxy.VirtualFilterChain(firewallRequest, chain, filters);
                
                
                  
                    

                
                
                              virtualFilterChain.doFilter(firewallRequest, firewallResponse);
                
                
                  
                    

                
                
                          } else {
                
                
                  
                    

                
                
                              if (logger.isTraceEnabled()) {
                
                
                  
                    

                
                
                                  logger.trace(LogMessage.of(() -> {
                
                
                  
                    

                
                
                                      return "No security for " + requestLine(firewallRequest);
                
                
                  
                    

                
                
                                  }));
                
                
                  
                    

                
                
                              }
                
                
                  
                    

                
                
                  
                    

                
                
                  
                    

                
                
                              firewallRequest.reset();
                
                
                  
                    

                
                
                              chain.doFilter(firewallRequest, firewallResponse);
                
                
                  
                    

                
                
                          }
                
                
                  
                    

                
                
                      }
                
              

往期 精彩 回顧



開篇點睛——Elasticsearch 工欲善其事必先利其器——Elasticsearch安裝 如何將網(wǎng)站全部變成灰色的素裝效果，瞧過來 宇訊代碼生成器開源了 微信支付系列之——統(tǒng)一下單 springboot自動裝配原理 如何優(yōu)雅的實現(xiàn)接口防刷 系統(tǒng)日志規(guī)范