spring security 源码解析

1. SecurityExpressionHandler 权限表达式支持

2. springSecurityFilterChain 这个就是核心过滤器类

3.  方法 setFilterChainProxySecurityConfigurer()  这个是最先执行

3. WebSecurityConfiguration

1. AuthenticationPrincipalArgumentResolver

2. CurrentSecurityContextArgumentResolver

3. CsrfTokenArgumentResolver

1.  WebMvcSecurityConfiguration

4. SpringWebMvcImportSelector

5. OAuth2ImportSelector 暂不解析

1. 注解 @EnableWebSecurity

2. 注解 @EnableGlobalAuthentication

1. UsernamePasswordAuthenticationFilter

2. BasicAuthenticationFilter

3. AnonymousAuthenticationFilter

4. RememberMeAuthenticationFilter

5. LogoutFilter

3. 核心的 Filter类

4. FilterChainProxy 最核心的类

1. 核心类

1. webSecurity = objectPostProcessor    .postProcess(new WebSecurity(objectPostProcessor));

2. webSecurityConfigurers.sort(AnnotationAwareOrderComparator.INSTANCE);

3. 循环遍历 webSecurityConfigurers. 来apply webSecurity 对象，最终添加到 configurers 中

4. this.webSecurityConfigurers = webSecurityConfigurers，用来生成 webSecurity

1. WebSecurityConfiguration#setFilterChainProxySecurityConfigurer

1. 判断 webSecurityConfigurers 是否为空，如果为空， 则创建默认的配置其来初始化 

1. beforeInit() 默认就是空实现

1. authenticationManager()

2. new HttpSecurity()

3. httpSecurity 的默认设置

4. configure(http)， 执行自定义的配置

1. HttpSecurity http = getHttp()

2. web.addSecurityFilterChainBuilder(http)

3. postBuildAction()

WebSecurityConfigurerAdapter

2. init()

WebSecurity 类是空实现

3. beforeConfigure()

4. configure()

1. ignoredRequests 配置，不被拦截的请求

2. securityFilterChainBuilders 配置

3. filterChainProxy = new FilterChainProxy(securityFilterChains)

4. new DebugFilter(filterChainProxy)

5. filterChainProxy.afterPropertiesSet();

WebSecurity 类

1. filters.sort(comparator);

2. font color=\"#ff0000\

HttpSecurity 类

5. performBuild()

1. doBuild()

2. webSecurity.build()

2. WebSecurityConfiguration#springSecurityFilterChain

2. webSecurity 初始化过程

3. 示例代码

spring security 源码解析