本文共 4304 字，大约阅读时间需要 14 分钟。

1、在web.xml文件当中配置

问题:为什么DelegatingFilterProxy的filter-name必须是springSecurityFilterChain?

   	
    
     springSecurityFilterChain
    	
    
     org.springframework.web.filter.DelegatingFilterProxy
    
   
   	
    
     springSecurityFilterChain
    	
    
     /*/ur1-pattern>
    
   

protected void initFilterBean() throws ServletException {
   		synchronized (this.delegateMonitor) {
   			if (this.delegate == null) {
   				// If no target bean name specified, use filter name.				if (this.targetBeanName == null) {
   					this.targetBeanName = getFilterName();				}				// Fetch Spring root application context and initialize the delegate early,				// if possible. If the root application context will be started after this				// filter proxy, we'll have to resort to lazy initialization.				WebApplicationContext wac = findWebApplicationContext();				if (wac != null) {
   					this.delegate = initDelegate(wac);				}			}		}	}

在上这代码中this.targetBeanName=getFilterName()就是获取名称叫做springSecurityFilterChain

通过在doFilter就去中我们会发现真正干活的其实是delegate这个Filter

而delegate其实就是FilterChainProxy

@Override	public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)			throws ServletException, IOException {
   		// Lazily initialize the delegate if necessary.		Filter delegateToUse = this.delegate;		if (delegateToUse == null) {
   			synchronized (this.delegateMonitor) {
   				delegateToUse = this.delegate;				if (delegateToUse == null) {
   					WebApplicationContext wac = findWebApplicationContext();					if (wac == null) {
   						throw new IllegalStateException("No WebApplicationContext found: " +								"no ContextLoaderListener or DispatcherServlet registered?");					}					delegateToUse = initDelegate(wac);				}				this.delegate = delegateToUse;			}		}

FilterChainProxy是spring在解析配置文件时装配到上下文中，并且beanName为springSecurityFilterChain，

2.在spring-security.xml文件中配置

在配置文件中我们主要使用标签来过多成配置

http标签是自定义标签，我们可以在spring-security-config包中查看

http://www.springframework.org/schema/security=org.springframework.security.config.SecurityName spaceHandler

继续查看SecurityNamespaceHandler类，在其init方法

public void init() {
    	loadParsers(); }

在loadParsers()方法中，指定由HttpSecurityBeanDefinitionParser进行解析

parsers.put(Elements.HTTP, new HttpSecurityBeanDefinitionParser());

在HttpSecurityBeanDefinitionParser完成具体解析的parse方法中

registerFilterChainProxyIfNecessary(pc, pc.extractSource(element));

这里就是注册了名为springSecurityFilterChain的filterChainProxy类

AuthenticationConfigBuilder authBldr = new AuthenticationConfigBuilder(element, forceAutoConfig, pc, httpBldr.getSessionCreationPolicy(), 	httpBldr.getRequestCache(), authenticationManager, httpBldr.getSessionStrategy(), 	portMapper, portResolver, httpBldr.getCsrfLogoutHandler());

我们可以查看AuthenticationConfigBuilder创建代码

public AuthenticationConfigBuilder(Element element, boolean forceAutoConfig, ParserContext pc, SessionCreationPolicy sessionPolicy, BeanReference requestCache, BeanReference authenticationManager, BeanReference sessionStrategy, BeanReference portMapper, BeanReference portResolver, BeanMetadataElement csrfLogoutHandler) {
    	this.httpElt = element; this.pc = pc; this.requestCache = requestCache; autoConfig = forceAutoConfig | "true".equals(element.getAttribute(ATT_AUTO_CONFIG)); 		this.allowSessionCreation = sessionPolicy != SessionCreationPolicy.NEVER && sessionPolicy != SessionCreationPolicy.STATELESS;		 this.portMapper = portMapper; 	 this.portResolver = portResolver; 	 this.csrfLogoutHandler = csrfLogoutHandler; 	 	 createAnonymousFilter(); 	 createRememberMeFilter(authenticationManager);	 createBasicFilter(authenticationManager); 	 createFormLoginFilter(sessionStrategy, authenticationManager); 	 	 createOpenIDLoginFilter(sessionStrategy, authenticationManager); 	 createX509Filter(authenticationManager); 	 createJeeFilter(authenticationManager); 	 createLogoutFilter(); 	 createLoginPageFilterIfNeeded();	createUserDetailsServiceFactory(); 	createExceptionTranslationFilter(); }

转载地址：https://code100.blog.csdn.net/article/details/116895378 如侵犯您的版权，请留言回复原文章的地址，我们会给您删除此文章，给您带来不便请您谅解！