关于springSecurity
来源:互联网 发布:w7怎么设置网络共享 编辑:程序博客网 时间:2024/05/16 04:04
保存请求与移除请求
//save requestorg.springframework.security.web.access.ExceptionTranslationFilter#doFilter{handleSpringSecurityException(request, response, chain, ase);}org.springframework.security.web.access.ExceptionTranslationFilter#handleSpringSecurityException{sendStartAuthentication(request,response,chain,new InsufficientAuthenticationException("Full authentication is required to access this resource"));}org.springframework.security.web.access.ExceptionTranslationFilter#sendStartAuthentication{requestCache.saveRequest(request, response);}org.springframework.security.web.savedrequest.HttpSessionRequestCache#saveRequest{request.getSession().setAttribute(SAVED_REQUEST, savedRequest);}//remove request//case 1org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter#doFilter{successfulAuthentication(request, response, chain, authResult);}org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter#successfulAuthentication{successHandler.onAuthenticationSuccess(request, response, authResult);}org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler#onAuthenticationSuccess{requestCache.removeRequest(request, response);}org.springframework.security.web.savedrequest.HttpSessionRequestCache#removeRequest{session.removeAttribute(SAVED_REQUEST);}//case 2org.springframework.security.web.savedrequest.RequestCacheAwareFilter#doFilter{HttpServletRequest wrappedSavedRequest = requestCache.getMatchingRequest((HttpServletRequest) request, (HttpServletResponse) response);}org.springframework.security.web.savedrequest.HttpSessionRequestCache#getMatchingRequest{removeRequest(request, response);}org.springframework.security.web.savedrequest.HttpSessionRequestCache#removeRequest{session.removeAttribute(SAVED_REQUEST);}
保存Session(如果要持久化到redis就要看
org.springframework.security.web.context.SecurityContextPersistenceFilter#doFilter{repo.saveContext(contextAfterChainExecution, holder.getRequest(),holder.getResponse());}org.springframework.security.web.context.HttpSessionSecurityContextRepository#saveContext{responseWrapper.saveContext(context);}org.springframework.security.web.context.HttpSessionSecurityContextRepository.SaveToSessionResponseWrapper#saveContext{HttpSession httpSession = request.getSession(false);httpSession.setAttribute(springSecurityContextKey, context);}
这个repo在springSecurity有两种实现:org.springframework.security.web.context.HttpSessionSecurityContextRepository和org.springframework.security.web.context.NullSecurityContextRepository(这种实现为了不保存session,比如服务端保持无状态),如果想要注入自己的实现,比如保存到数据库之类的方法如下:重写org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.web.builders.HttpSecurity)
http.securityContext().securityContextRepository(securityContextRepository)
授权拦截处理:
.authorizeRequests().antMatchers("/me").access("#oauth2.hasScope('read')")
这一类:
org.springframework.security.web.access.intercept.FilterSecurityInterceptor#invoke{InterceptorStatusToken token = super.beforeInvocation(fi);}org.springframework.security.access.intercept.AbstractSecurityInterceptor#beforeInvocation{this.accessDecisionManager.decide(authenticated, object, attributes);}
启用全局方法安全这一类(详细看<十springSecurity启用全局方法使用aop的分析>):对拦截方法类生成代理,在调用方法前先调用前置通知
org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor#invoke{InterceptorStatusToken token = super.beforeInvocation(mi);}org.springframework.security.access.intercept.AbstractSecurityInterceptor#beforeInvocation{this.accessDecisionManager.decide(authenticated, object, attributes);}
这两类最终都由decide方法作出决定是否授权
0 0
- 关于springSecurity
- SpringSecurity
- SpringSecurity
- SpringSecurity
- 再说springsecurity
- SpringSecurity入门
- springsecurity框架
- SpringSecurity hideUserNotFoundExceptions
- SpringSecurity配置
- SpringSecurity初识
- SpringSecurity地址
- SpringSecurity框架
- springSecurity随笔
- springSecurity注解
- springsecurity推荐
- springsecurity小结
- [转]acegi/springsecurity简介
- acegi/springsecurity acl 简介
- java 连接Redis的小例子
- fzu 2091 播放器(字符串栈模拟)
- Android开发系列(十一) QQ登陆界面——Android控件使用实例
- bzoj3173【TJOI2013】最长上升子序列
- DedeCMS反馈页面SQL注入漏洞
- 关于springSecurity
- 向mysql中插入数据(时间,图片)
- Linux多线程与同步
- 磁盘缓存
- bzoj3174【TJOI2013】拯救小矮人
- apache lucene solr 官网历史版本下载地址
- BZOJ3160 万径人踪灭 FFT+manacher
- 寻找两个排序数组的中位数
- iframe 中使用 window.name