filter别名、常用的filter类及命名空间:
| Alias |
Filter Class |
Namespace Element or Attribute |
| CHANNEL_FILTER |
ChannelProcessingFilter |
http/ intercept-url@ requires-channel |
| SECURITY_CONTEXT_FILTER |
SecurityContextPersistenceFilter |
http |
| CONCURRENT_SESSION_FILTER |
ConcurrentSessionFilter |
session-management/ concurrency-control |
| LOGOUT_FILTER |
LogoutFilter |
http/logout |
| X509_FILTER |
X509AuthenticationFilter |
http/x509 |
| PRE_AUTH_FILTER |
AstractPreAuthenticated ProcessingFilter Subclasses |
N/A |
| CAS_FILTER |
CasAuthenticationFilter |
N/A |
| FORM_LOGIN_FILTER |
UsernamePasswordAuthenticationFilter |
http/form-login |
| BASIC_AUTH_FILTER |
BasicAuthenticationFilter |
http/http-basic |
| SERVLET_API_SUPPORT_FILTER |
SecurityContextHolderAwareRequestFilter |
http/ @servlet-api-provision |
| JAAS_API_SUPPORT_FILTER |
JaasApiIntegrationFilter |
http/ @jaas-api-provision |
| REMEMBER_ME_FILTER |
RememberMeAuthenticationFilter |
http/remember-me |
| ANONYMOUS_FILTER |
AnonymousAuthenticationFilter |
http/anonymous |
| SESSION_MANAGEMENT_FILTER |
SessionManagementFilter |
session-management |
| EXCEPTION_TRANSLATION_FILTER |
ExceptionTranslationFilter |
http |
| FILTER_SECURITY_INTERCEPTOR |
FilterSecurityInterceptor |
http |
| SWITCH_USER_FILTER |
SwitchUserFilter |
N/A |
- 登陆验证的配置:
<httpauto-config='true'>
<form-loginlogin-page='/login.jsp'/>
</http>
登陆的默认响应类是:UsernamePasswordAuthenticationFilter,访问路径是/j_spring_security_check。用户名、密码是j_username和j_password
- 自定义filter:
<custom-filter position="FORM_LOGIN_FILTER" ref="myFilter" />
</http>
<beans:bean id="myFilter" class="com.mycompany.MySpecialAuthenticationFilter"/>
添加http命名空间下的Filter,如SecurityContextPersistenceFilter。并覆盖FORM_LOGIN_FILTER所对应的UsernamePasswordAuthenticationFilter。