spring security通過一系列過濾器實現(xiàn)其功能，入口過濾器如下（web.xml）：

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

其他過濾器調(diào)用順序：

?

然后通過org.springframework.security.web.FilterChainProxy過濾器獲取以下過濾器列表：

org.springframework.security.web.context.SecurityContextPersistenceFilter@4976abb4

org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@3ea61bd9

org.springframework.security.web.authentication.logout.LogoutFilter@469ddd58

org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@443b70fc

org.springframework.security.web.savedrequest.RequestCacheAwareFilter@386c58c4

org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@361af4c3

org.springframework.security.web.authentication.AnonymousAuthenticationFilter@1ec59845

org.springframework.security.web.session.SessionManagementFilter@1e6a7f1

org.springframework.security.web.access.ExceptionTranslationFilter@5b167571

org.springframework.security.web.access.intercept.FilterSecurityInterceptor@3a4b2e3c

然后由內(nèi)部類 VirtualFilterChain 依次調(diào)用這些過濾器實現(xiàn)其認(rèn)證、授權(quán)等功能 (org.springframework.security.web.FilterChainProxy$VirtualFilterChain)

細(xì)節(jié)可參考某大牛的文章：

http://dead-knight.iteye.com/category/220917

轉(zhuǎn)載于:https://www.cnblogs.com/SEC-fsq/p/5231224.html

總結(jié)

以上是生活随笔為你收集整理的spring security原理的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。