SpringSecurity的配置详解——websecurity

Websecurity类主要的继承关系为自Websecurity->AbstractConfiguredSecurityBuilder->AbstractSecurityBuilder,其中上一步调用的build方法就在AbstractSecurityBuilder中 

SpringSecurity在这个类中实现了创建FilterChain的方法——performbuild

/***
*在生成发生后立即执行可运行文件*
*@参数后期生成操作
*@返回@link websecurity进行进一步的自定义
*/
@Overrideprotected Filter performBuild() throws Exception {Assert.state(!securityFilterChainBuilders.isEmpty(),"At least one SecurityBuilder needs to be specified. Typically this done by adding a @Configuration that extends WebSecurityConfigurerAdapter. More advanced users can invoke "+ WebSecurity.class.getSimpleName()+ ".addSecurityFilterChainBuilder directly");int chainSize = ignoredRequests.size() + securityFilterChainBuilders.size();List securityFilterChains = new ArrayList(chainSize);for (RequestMatcher ignoredRequest : ignoredRequests) {securityFilterChains.add(new DefaultSecurityFilterChain(ignoredRequest));}for (SecurityBuilder securityFilterChainBuilder : securityFilterChainBuilders) {securityFilterChains.add(securityFilterChainBuilder.build());}FilterChainProxy filterChainProxy = new FilterChainProxy(securityFilterChains);if (httpFirewall != null) {filterChainProxy.setFirewall(httpFirewall);}filterChainProxy.afterPropertiesSet();Filter result = filterChainProxy;if (debugEnabled) {logger.warn("\n\n"+ "********************************************************************\n"+ "**********        Security debugging is enabled.       *************\n"+ "**********    This may include sensitive information.  *************\n"+ "**********      Do not use in a production system!     *************\n"+ "********************************************************************\n\n");result = new DebugFilter(filterChainProxy);}postBuildAction.run();return result;}

在构建FilterChain的过程中，我们可以发现使用了两个关键的对象——ignoredRequest和securityFilterChainBuilders：

int chainSize = ignoredRequests.size() + securityFilterChainBuilders.size();
List securityFilterChains = new ArrayList(chainSize);

int chainSize = ignoredRequests.size() + securityFilterChainBuilders.size();

首先，我们来看一看securityFilterChainBuilders：

在WebSecurityConfigureAdapter类中的init方法中有如下语句：

final HttpSecurity http = getHttp();
web.addSecurityFilterChainBuilder(http)

也就是说，这个securityFilterChainBuilders中存放的是获取到的httpSecurity实例对象（此处应该注意的是虽然我们的http对象是通过一种"add"的形式添加到securityFilterChainBuilders中的，但是，通过阅读WebSecurityConfigureAdapter的getHttp（）方法中的代码我们可以知道一个WebSecurityConfigureAdapter类中通过getHttp（）方法只会获得一个http实例——）

之后我们通过阅读HttpSecurity类的代码可以知道，这个http实例中包含了我们创建过滤器链所需要的各种过滤器的配置类的实例；

那么，既然我们创建FilterChain所需要的配置实例已经包含

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！