What is the relationship between WebSecurity and HttpSecurity in Spring Security 04/21 Update SLTechnology News&Howtos

What is the relationship between WebSecurity and HttpSecurity in Spring Security

2025-04-21 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Shulou(Shulou.com)06/03 Report--

This article is to share with you about the relationship between WebSecurity and HttpSecurity in Spring Security. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

A few days ago, some fans wrote to me: what is the relationship between WebSecurity and HttpSecurity? When asked by me at that time, I probably only knew that the relationship between them was similar to that between TypeScript and JavaScript, but the details were not very clear. So I did a brief study on it over the weekend.

The essence of HttpSecurity

A new way to configure HttpSecurity was introduced in the new game of Spring Security 5.4 a few days ago:

@ Bean SecurityFilterChain filterChain (HttpSecurity http) throws Exception {return http .antMatcher ("/ *") .authorizeRequests (authorize-> authorize .anyRequest (). Authenticated ()) .build ();}

In fact, we can know that HttpSecurity is used to build a filter SecurityFilterChain that contains a series of filter chains, and our usual configuration revolves around building SecurityFilterChain. And we have to take out this old picture:

Safety filter chain

From the figure above, you can see that the built ones have to be handed over to FilterChainProxy to act as agents, isn't it a bit superfluous?

The essence of WebSecurity

In some cases this is superfluous, but more often we may need to configure multiple SecurityFilterChain to implement multiple access control policies.

Multiple SecurityFilterChain

In order to finely manage the lifecycle of multiple SecurityFilterChain, it is necessary to have an agent that uniformly manages these SecurityFilterChain. This is the meaning of WebSecurity. The following is the underlying logic of WebSecurity's build method:

@ Override protected Filter performBuild () throws Exception {Assert.state (! this.securityFilterChainBuilders.isEmpty (), ()-> "At least one SecurityBuilder"

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.