spring security 源码解析
2022-08-03 09:25:10 0 举报AI智能生成
spring security 源码解析,关注我,后续有更多的源码解析
作者其他创作
大纲/内容
1. 核心类
1. 注解 @EnableWebSecurity
3. WebSecurityConfiguration
1. SecurityExpressionHandler 权限表达式支持
2. springSecurityFilterChain 这个就是核心过滤器类
3. 方法 setFilterChainProxySecurityConfigurer() 这个是最先执行
4. SpringWebMvcImportSelector
1. WebMvcSecurityConfiguration
1. AuthenticationPrincipalArgumentResolver
2. CurrentSecurityContextArgumentResolver
3. CsrfTokenArgumentResolver
5. OAuth2ImportSelector 暂不解析
2. 注解 @EnableGlobalAuthentication
6. AuthenticationConfiguration 全局的认证器, 如果没有自己写 webSecurityConfig, 就会使用这个
3. 核心的 Filter类
1. UsernamePasswordAuthenticationFilter
2. BasicAuthenticationFilter
3. AnonymousAuthenticationFilter
4. RememberMeAuthenticationFilter
5. LogoutFilter
4. <font color="#ff0000">FilterChainProxy 最核心的类</font>
2. webSecurity 初始化过程<br>
1. WebSecurityConfiguration#setFilterChainProxySecurityConfigurer<br>
1. webSecurity = objectPostProcessor<br> .postProcess(new WebSecurity(objectPostProcessor));<br>
2. webSecurityConfigurers.sort(AnnotationAwareOrderComparator.INSTANCE);
3. 循环遍历 webSecurityConfigurers. 来apply webSecurity 对象,最终添加到 configurers 中
4. this.webSecurityConfigurers = webSecurityConfigurers,用来生成 webSecurity
2. WebSecurityConfiguration#springSecurityFilterChain
1. 判断 webSecurityConfigurers 是否为空,如果为空, 则创建默认的配置其来初始化
2. webSecurity.build()
1. <font color="#ff0000">doBuild()</font>
1. beforeInit() 默认就是空实现
2. init()
<font color="#ff0000">WebSecurityConfigurerAdapter</font>
1. <font color="#ff0000">HttpSecurity http = getHttp()</font>
1. <font color="#ff0000">authenticationManager()</font>
2. <font color="#ff0000">new HttpSecurity()</font>
3. httpSecurity 的默认设置
4. <font color="#ff0000">configure(http), 执行自定义的配置</font>
2. <font color="#ff0000">web.addSecurityFilterChainBuilder(http)</font>
3. postBuildAction()
3. beforeConfigure()
WebSecurity 类是空实现
4. configure()
<br>
5. performBuild()
WebSecurity 类
1. <font color="#ff0000">ignoredRequests 配置,不被拦截的请求</font>
2. securityFilterChainBuilders 配置
3. <font color="#ff0000">filterChainProxy = new FilterChainProxy(securityFilterChains)</font>
4. new DebugFilter(filterChainProxy)
5. <font color="#ff0000">filterChainProxy.afterPropertiesSet();</font>
HttpSecurity 类
1. <font color="#000000">filters.sort(comparator);</font><br>
2. <font color="#ff0000">return new DefaultSecurityFilterChain(requestMatcher, filters);</font>
3. 示例代码
0 条评论
下一页
