Shulou(Shulou.com)06/01 Report--

This article mainly introduces "what is HttpSecurity". In daily operation, I believe many people have doubts about what HttpSecurity is. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful for you to answer the doubts about "what is HttpSecurity?" Next, please follow the editor to study!

1. reel silk from cocoons -- make a painstaking investigation

First, let's take a look at HttpSecurity's inheritance diagram:

As you can see, HttpSecurity inherits from AbstractConfiguredSecurityBuilder and implements both SecurityBuilder and HttpSecurityBuilder interfaces.

Let's look at the definition of HttpSecurity:

Public final class HttpSecurity extends

AbstractConfiguredSecurityBuilder

Implements SecurityBuilder

HttpSecurityBuilder {

/ /...

}

Every class here has generics, which makes people a little dazzling.

Let me take out this generic class and tell you about it, and my friends will understand.

There are mainly two generics, DefaultSecurityFilterChain and HttpSecurity,HttpSecurity, needless to say, this is our protagonist today, so what is DefaultSecurityFilterChain?

We have to start with SecurityFilterChain.

1.1 SecurityFilterChain

Let's take a look at the definition:

Public interface SecurityFilterChain {

Boolean matches (HttpServletRequest request)

List getFilters ()

}

SecurityFilterChain is actually what we usually call the filter chain in Spring Security, which defines two methods, one is the matches method used to match the request, and the other getFilters method returns a List collection in which there is a Filter object. When a request comes, use the matches method to compare whether the request matches the current chain, and if it matches, return the filter in the getFilters method. The current request then passes through the filters in the List collection one by one. this

The SecurityFilterChain interface has only one implementation class, and that is DefaultSecurityFilterChain:

Public final class DefaultSecurityFilterChain implements SecurityFilterChain {

Private static final Log logger = LogFactory.getLog (DefaultSecurityFilterChain.class)

Private final RequestMatcher requestMatcher

Private final List filters

Public DefaultSecurityFilterChain (RequestMatcher requestMatcher, Filter... Filters) {

This (requestMatcher, Arrays.asList (filters))

}

Public DefaultSecurityFilterChain (RequestMatcher requestMatcher, List filters) {

Logger.info ("Creating filter chain:" + requestMatcher + "," + filters)

This.requestMatcher = requestMatcher

This.filters = new ArrayList (filters)

}

Public RequestMatcher getRequestMatcher () {

Return requestMatcher

}

Public List getFilters () {

Return filters

}

Public boolean matches (HttpServletRequest request) {

Return requestMatcher.matches (request)

}

@ Override

Public String toString () {

Return "[" + requestMatcher + "," + filters + "]"

}

}

DefaultSecurityFilterChain only implements the methods in SecurityFilterChain, and there is nothing particularly worth talking about, so Brother Song will not talk about it.

So from the above introduction, you can see that DefaultSecurityFilterChain is actually equivalent to a filter chain in Spring Security, a DefaultSecurityFilterChain represents a filter chain, if there are multiple filter chains in the system, there will be multiple DefaultSecurityFilterChain objects.

Next, let's sort out the parent classes of HttpSecurity.

1.2 SecurityBuilderpublic interface SecurityBuilder {

O build () throws Exception

}

SecurityBuilder is used to build a filter chain. When HttpSecurity implements SecurityBuilder, the generic type passed in is DefaultSecurityFilterChain, so the function of the SecurityBuilder#build method is very clear, which is used to build a filter chain.

1.3 HttpSecurityBuilder

HttpSecurityBuilder see that names are used to build HttpSecurity. However, it is only an interface. The specific implementation is in HttpSecurity. The interface is defined as follows:

Public interface HttpSecurityBuilder extends

SecurityBuilder {

C getConfigurer (

Class clazz)

C removeConfigurer (

Class clazz)

Void setSharedObject (Class sharedType, C object)

C getSharedObject (Class sharedType)

H authenticationProvider (AuthenticationProvider authenticationProvider)

H userDetailsService (UserDetailsService userDetailsService) throws Exception

H addFilterAfter (Filter filter, Class)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.