spring security原理图及其解释
用户发出订单修改页面的请求,Access Decision Manager进行拦截,然后对比用户的授权和次页面需要的授权是不是有重合的部分,如果有重合的部分,那面页面就授权成功,如果失败就通知用户。
We can see that a component called the access decision manager is responsible for determining whether a principal has the appropriate level of access, based on the match between the authority possessed by the principal and the authority requested by the resource.
Adding the Spring DelegatingFilterProxy to your web.xml file
The o.s.web.filter.DelegatingFilterProxy is a servlet filter that allows Spring Security to wrap all application requests and ensure that they are appropriately secured.
Comprehending the overall flow of web requests and how they move through the chain of responsibility is crucial to our success with advanced topics in Spring Security. Keep in mind the basic concepts of authentication and authorization as they fit into the overall architecture of our protected system.
How requests are processed?
The Spring Security architecture relies heavily on the use of delegates and servlet filters to provide layers of functionality around the context of a web application request.
Servlet Filters (classes that implement the javax.servlet.Filter interface) are used to intercept user requests and perform pre-or post-processing, or redirect the request altogether, depending on the function of the servlet filter. The final destination servlet is the Spring MVC dispatcher servlet, in the case of the JBCP Pets online store, but in theory, it could represent any web servlet. The following
diagram illustrates how a servlet filter wraps a user's web request:
The automatic configuration attribute in the Spring Security XML configuration file sets up a series of ten servlet filters, which are applied in a sequence through the use of a Java EE servlet filter chain. The filter chain is a Java EE Servlet API concept specified by the javax.servlet.FilterChain interface that allows a web application to direct that a chain of servlet filters should apply to any given request.
Similar to a physical chain made from metal links, each servlet filter represents a link in the chain of method calls used to process the user's request. Requests travel along the chain, being processed by each filter in turn.
The automatic configuration option sets up 10 Spring Security filters for you. Understanding what these default filters do, and where and how they are configured, is critical to advanced work with Spring Security.
These filters, and the order in which they are applied, are described in the following table. Most of these filters will be described again as we proceed through our work on the JBCP Pets online store, so don't worry if you don't understand exactly what they do now.
You may wonder how the DelegatingFilterProxy is able to locate the filter chain that's configured by Spring Security. Recall that we needed to give the DelegatingFilterProxy a filter name in the web.xml file:
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
The name of this filter is no coincidence, and in fact is expected for Spring Security to wire itself to the DelegatingFilterProxy appropriately. Unless explicitly configured, the DelegatingFilterProxy will look for a configured bean in the Spring WebApplicationContext of the same name (as specified in the filter-name element). More detail on the configurability of the DelegatingFilterProxy is available in the Javadoc for the class.
最新文章
- Mac下Intellij IDEA Console中文是?
- freemaker时间格式转换,精确到毫秒
- 高性能JavaScript(您值得一看)
- android开发系列之消息机制
- Android:再按一次退出程序
- 【转】cocos2d-x游戏开发(十四)用shader使图片背景透明
- 在安装MySQL Workbentch的时候出现如下问题,已经解决。
- ubuntu 下修改host文件
- Linux Shell(初识)
- LeetCode OJ 292.Nim Gam19. Remove Nth Node From End of List
- python升级pip和Django安装
- 关于SQL优化的一点建议
- Hadoop学习笔记04_Hbase
- 数组,集合,字符串,bean,map
- oc门
- 自定义oncontextmenu
- 实现Quartz的动态增删改查
- 【SpringBoot】SpringBoot性能优化
- fis3 scss 版本报错
- java类加载器的一些测试