spring security 源码解析
2022-08-03 09:25:10 0 举报
AI智能生成
登录查看完整内容
spring security 源码解析,关注我,后续有更多的源码解析
作者其他创作
大纲/内容
1. SecurityExpressionHandler 权限表达式支持
2. springSecurityFilterChain 这个就是核心过滤器类
3. 方法 setFilterChainProxySecurityConfigurer() 这个是最先执行
3. WebSecurityConfiguration
1. AuthenticationPrincipalArgumentResolver
2. CurrentSecurityContextArgumentResolver
3. CsrfTokenArgumentResolver
1. WebMvcSecurityConfiguration
4. SpringWebMvcImportSelector
5. OAuth2ImportSelector 暂不解析
1. 注解 @EnableWebSecurity
2. 注解 @EnableGlobalAuthentication
1. UsernamePasswordAuthenticationFilter
2. BasicAuthenticationFilter
3. AnonymousAuthenticationFilter
4. RememberMeAuthenticationFilter
5. LogoutFilter
3. 核心的 Filter类
4. FilterChainProxy 最核心的类
1. 核心类
1. webSecurity = objectPostProcessor .postProcess(new WebSecurity(objectPostProcessor));
2. webSecurityConfigurers.sort(AnnotationAwareOrderComparator.INSTANCE);
3. 循环遍历 webSecurityConfigurers. 来apply webSecurity 对象,最终添加到 configurers 中
4. this.webSecurityConfigurers = webSecurityConfigurers,用来生成 webSecurity
1. WebSecurityConfiguration#setFilterChainProxySecurityConfigurer
1. 判断 webSecurityConfigurers 是否为空,如果为空, 则创建默认的配置其来初始化
1. beforeInit() 默认就是空实现
1. authenticationManager()
2. new HttpSecurity()
3. httpSecurity 的默认设置
4. configure(http), 执行自定义的配置
1. HttpSecurity http = getHttp()
2. web.addSecurityFilterChainBuilder(http)
3. postBuildAction()
WebSecurityConfigurerAdapter
2. init()
WebSecurity 类是空实现
3. beforeConfigure()
4. configure()
1. ignoredRequests 配置,不被拦截的请求
2. securityFilterChainBuilders 配置
3. filterChainProxy = new FilterChainProxy(securityFilterChains)
4. new DebugFilter(filterChainProxy)
5. filterChainProxy.afterPropertiesSet();
WebSecurity 类
1. filters.sort(comparator);
2. font color=\"#ff0000\
HttpSecurity 类
5. performBuild()
1. doBuild()
2. webSecurity.build()
2. WebSecurityConfiguration#springSecurityFilterChain
2. webSecurity 初始化过程
3. 示例代码
spring security 源码解析
0 条评论
回复 删除
下一页