This abstract class is also inherited from AccessControlFilter . It is used to handle the permission check after login
He has an attribute unauthorizedUrl , indicating which page should be transferred if there is no corresponding permission. , this does not need to be configured, but if it is not configured, it is empty by default, and a browser default 401 page will be returned.
Look at his subclasses:
·HostFilter
·PermissionAuthorizationFilter
· PortFilter
·RolesAuthorizationFilter
The first HostFilter and the third ProtFilter will not be used in production, so I didn't look at them.