spring security 源码解析
2022-08-03 09:25:10 0 举报AI智能生成
spring security 源码解析,关注我,后续有更多的源码解析
作者其他创作
大纲/内容
1. 核心类
1. 注解 @EnableWebSecurity
3. WebSecurityConfiguration
1. SecurityExpressionHandler 权限表达式支持
2. springSecurityFilterChain 这个就是核心过滤器类
3. 方法 setFilterChainProxySecurityConfigurer() 这个是最先执行
4. SpringWebMvcImportSelector
1. WebMvcSecurityConfiguration
1. AuthenticationPrincipalArgumentResolver
2. CurrentSecurityContextArgumentResolver
3. CsrfTokenArgumentResolver
5. OAuth2ImportSelector 暂不解析
2. 注解 @EnableGlobalAuthentication
6. AuthenticationConfiguration 全局的认证器, 如果没有自己写 webSecurityConfig, 就会使用这个
3. 核心的 Filter类
1. UsernamePasswordAuthenticationFilter
2. BasicAuthenticationFilter
3. AnonymousAuthenticationFilter
4. RememberMeAuthenticationFilter
5. LogoutFilter
4. FilterChainProxy 最核心的类
2. webSecurity 初始化过程
1. WebSecurityConfiguration#setFilterChainProxySecurityConfigurer
1. webSecurity = objectPostProcessor
.postProcess(new WebSecurity(objectPostProcessor));
.postProcess(new WebSecurity(objectPostProcessor));
2. webSecurityConfigurers.sort(AnnotationAwareOrderComparator.INSTANCE);
3. 循环遍历 webSecurityConfigurers. 来apply webSecurity 对象,最终添加到 configurers 中
4. this.webSecurityConfigurers = webSecurityConfigurers,用来生成 webSecurity
2. WebSecurityConfiguration#springSecurityFilterChain
1. 判断 webSecurityConfigurers 是否为空,如果为空, 则创建默认的配置其来初始化
2. webSecurity.build()
1. doBuild()
1. beforeInit() 默认就是空实现
2. init()
WebSecurityConfigurerAdapter
1. HttpSecurity http = getHttp()
1. authenticationManager()
2. new HttpSecurity()
3. httpSecurity 的默认设置
4. configure(http), 执行自定义的配置
2. web.addSecurityFilterChainBuilder(http)
3. postBuildAction()
3. beforeConfigure()
WebSecurity 类是空实现
4. configure()
5. performBuild()
WebSecurity 类
1. ignoredRequests 配置,不被拦截的请求
2. securityFilterChainBuilders 配置
3. filterChainProxy = new FilterChainProxy(securityFilterChains)
4. new DebugFilter(filterChainProxy)
5. filterChainProxy.afterPropertiesSet();
HttpSecurity 类
1. filters.sort(comparator);
2. return new DefaultSecurityFilterChain(requestMatcher, filters);
3. 示例代码
0 条评论
下一页
