Security principle analysis

Others 2021-01-22 23:14:06 views: null

Security principle analysis

Spring Security filter chain

Spring Security uses a chain of responsibility design pattern, which has a very long filter chain. Now explain each of this filter chain:

  1. WebAsyncManagerIntegrationFilter: Integrate the Security context with the WebAsyncManager used to process asynchronous request mapping in Spring Web.
  2. SecurityContextPersistenceFilter: Load the security context information related to the request into the SecurityContextHolder before each request is processed, and then after the request is processed, store the information about the request in the SecurityContextHolder in a "repository", and then store the SecurityContextHolder Clearing information in, for example, maintaining a user's security information in the Session is handled by this filter.
  3. HeaderWriterFilter: Used to add header information to the response.
  4. CsrfFilter: Used to deal with cross-site request forgery.
  5. LogoutFilter: Used to process logout.
  6. UsernamePasswordAuthenticationFilter: Used to process form-based login requests and obtain username and password from the form. From the default processing /loginrequest. When the user name and password acquired from the form, the form name of the default value usernameand password, these values can be modified by setting the value of the filter and passwordParameter usernameParameter two parameters.
  7. DefaultLoginPageGeneratingFilter: If the login page is not configured, this filter will be configured when the system is initialized and used to generate a login form page when a login is required.
  8. BasicAuthenticationFilter: detect and process http basic authentication.
  9. RequestCacheAwareFilter: The cache used to process requests.
  10. SecurityContextHolderAwareRequestFilter: Mainly wraps the request object request.
  11. AnonymousAuthenticationFilter: Detect whether there is an Authentication object in the SecurityContextHolder, and if it does not exist, provide it with an anonymous Authentication.
  12. SessionManagementFilter: filter for managing session
  13. ExceptionTranslationFilter: handle AccessDeniedException and AuthenticationException exceptions.
  14. FilterSecurityInterceptor: can be seen as the exit of the filter chain.
  15. RememberMeAuthenticationFilter: When the user directly accesses the resource without logging in, find the user's information from the cookie. If Spring Security can recognize the remember me cookie provided by the user, the user will not need to fill in the user name and password, but directly log in to the system. The filter is disabled by default.

Spring Security flowchart

Let's first look at the following Spring Security execution flow chart. As long as you understand the Spring Security execution process, this framework will become very simple:

640?wx_fmt=png

Flow Description

  1. The client initiates a request to enter the Security filter chain.
  2. When it comes to LogoutFilter, judge whether it is the logout path, if it is the logout path, go to logoutHandler, if the logout is successful, go to the logoutSuccessHandler to logout successfully, if the logout fails, then the ExceptionTranslationFilter; if it is not the logout path, go directly to the next A filter.
  3. When it comes to UsernamePasswordAuthenticationFilter, it is judged whether it is the login path. If it is, then enter the filter for login operation. If the login fails, go to the AuthenticationFailureHandler to process the login failure handler, if the login is successful, go to the AuthenticationSuccessHandler to process the login success handler, if not login The request does not enter the filter.
  4. When you get to FilterSecurityInterceptor, you will get the uri. According to the uri, you will find the corresponding authentication manager. The authentication manager will do the authentication work. If the authentication succeeds, it will go to the Controller layer, otherwise it will go to the AccessDeniedHandler authentication failure handler.

The underlying code of two common filters in the filter chain

1.UsernamePasswordAuthenticationFilter filter

Insert picture description here

2.ExceptionTranslation filter

Insert picture description here

Guess you like

Origin blog.csdn.net/qq_45950109/article/details/111320764
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com