在spring-security.xml文件中配置

在配置文件中我們主要使用標簽來過多成配置

<!-- 配置不攔截的資源 --> <security:http pattern="/login.jsp" security="none"/> <security:http pattern="/failer.jsp" security="none"/> <security:http pattern="/css/**" security="none"/> <security:http pattern="/img/**" security="none"/> <security:http pattern="/plugins/**" security="none"/><security:http auto-config="true" use-expressions="false"><security:intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN"/><security:form-loginlogin-page="/login.jsp"login-processing-url="/login.do"default-target-url="/index.jsp"authentication-failure-url="/failer.jsp"authentication-success-forward-url="/pages/main.jsp"/> </security:http>

http標簽是自定義標簽，我們可以在spring-security-config包中查看

http\://www.springframework.org/schema/security=org.springframework.security.config.SecurityName spaceHandler

繼續(xù)查看SecurityNamespaceHandler類，在其init方法

public void init() {loadParsers(); }

在loadParsers()方法中，指定由HttpSecurityBeanDefinitionParser進行解析

parsers.put(Elements.HTTP, new HttpSecurityBeanDefinitionParser());

在HttpSecurityBeanDefinitionParser完成具體解析的parse方法中

registerFilterChainProxyIfNecessary(pc, pc.extractSource(element));

這里就是注冊了名為springSecurityFilterChain的filterChainProxy類

接下我們在看一下注冊一系列Filter的地方createFilterChain，在這個方法中我們重點關(guān)注

AuthenticationConfigBuilder authBldr = new AuthenticationConfigBuilder(element,forceAutoConfig, pc, httpBldr.getSessionCreationPolicy(),httpBldr.getRequestCache(), authenticationManager,httpBldr.getSessionStrategy(), portMapper, portResolver,httpBldr.getCsrfLogoutHandler());

我們可以查看AuthenticationConfigBuilder創(chuàng)建代碼

public AuthenticationConfigBuilder(Element element, boolean forceAutoConfig,ParserContext pc, SessionCreationPolicy sessionPolicy,BeanReference requestCache, BeanReference authenticationManager,BeanReference sessionStrategy, BeanReference portMapper,BeanReference portResolver, BeanMetadataElement csrfLogoutHandler) {this.httpElt = element;this.pc = pc;this.requestCache = requestCache;autoConfig = forceAutoConfig| "true".equals(element.getAttribute(ATT_AUTO_CONFIG));this.allowSessionCreation = sessionPolicy != SessionCreationPolicy.NEVER&& sessionPolicy != SessionCreationPolicy.STATELESS;this.portMapper = portMapper;this.portResolver = portResolver;this.csrfLogoutHandler = csrfLogoutHandler;createAnonymousFilter();createRememberMeFilter(authenticationManager);createBasicFilter(authenticationManager);createFormLoginFilter(sessionStrategy, authenticationManager);createOpenIDLoginFilter(sessionStrategy, authenticationManager);createX509Filter(authenticationManager);createJeeFilter(authenticationManager);createLogoutFilter();createLoginPageFilterIfNeeded();createUserDetailsServiceFactory();createExceptionTranslationFilter(); }

?

總結(jié)

以上是生活随笔為你收集整理的springSecurity源码分析-spring-security.xml文件配置的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。