Shulou(Shulou.com)06/02 Report--

This article mainly explains "A brief introduction to the spring security filter chain". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "A brief introduction to the spring security filter chain".

SpringSecurity adopts the design pattern of responsibility chain, which has a long filter chain. Now describe each of the filter chains:

WebAsyncManagerIntegrationFilter: integrates the Security context with the WebAsyncManager in Spring Web that handles asynchronous request mapping.

SecurityContextPersistenceFilter: load the security context information related to the request into SecurityContextHolder before each request is processed, and then store the information about the request in SecurityContextHolder into a "repository" after the request is processed, and then clear the information in SecurityContextHolder. For example, this filter is used to maintain a user's security information in Session.

HeaderWriterFilter: used to add header information to the response.

CsrfFilter: used to handle cross-site request forgery.

LogoutFilter: used to handle logout.

UsernamePasswordAuthenticationFilter: used to process form-based login requests to get a user name and password from the form. Requests from / login are processed by default. When getting a user name and password from a form, the default form name values are username and password, which can be modified by setting the values of the filter's usernameParameter and passwordParameter parameters.

DefaultLoginPageGeneratingFilter: if the login page is not configured, this filter is configured when the system initializes and is used to generate a login form page when login is required.

BasicAuthenticationFilter: detects and processes http basic authentication.

RequestCacheAwareFilter: the cache used to process requests.

SecurityContextHolderAwareRequestFilter: mainly wraps the request object request.

AnonymousAuthenticationFilter: detects whether an Authentication object exists in the SecurityContextHolder and provides it with an anonymous Authentication if it does not exist.

SessionManagementFilter: filter for managing session

ExceptionTranslationFilter: handles AccessDeniedException and AuthenticationException exceptions.

FilterSecurityInterceptor: can be seen as the exit of the filter chain.

RememberMeAuthenticationFilter: when a user accesses resources directly without logging in, find out the user's information from the cookie. If Spring Security can identify the remember me cookie provided by the user, the user will not have to fill in the user name and password, but will log in directly to the system. This filter is not enabled by default.

-

At this point, I believe that you have a deeper understanding of the "brief introduction of the spring security filter chain". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.