Springsecurity之标签解析

时间  2019-11-17
标签 springsecurity 标签 解析 栏目 Spring 繁體版
原文   原文链接

    注意:Springsecurity版本是4.3.x.RELEASEjava

    在Springsecurity源码的config模块的resources/META-INF下有spring.handlers和spring.schemas,spring.handlers的内容以下List-1所示:web

    List-1spring

http\://www.springframework.org/schema/security=org.springframework.security.config.SecurityNamespaceHandler

    了解过Spring自定义注解的,应该知道NamespaceHandler是作什么的,Spring框架在解析标签时,会调用注册了的对应的NamespaceHandler,下面咱们来看下SecurityNamespaceHandler。框架

    SecurityNamespaceHandler实现了接口NamespaceHandler,NamespaceHandler它三个方法,分别是init、parse、decorate,init方法就是一些初始化之类的。SecurityNamespaceHandler的init方法以下ide

    List-2this

public void init() {
		loadParsers();
	}

	private void loadParsers() {
		// Parsers
		parsers.put(Elements.LDAP_PROVIDER, new LdapProviderBeanDefinitionParser());
		parsers.put(Elements.LDAP_SERVER, new LdapServerBeanDefinitionParser());
		parsers.put(Elements.LDAP_USER_SERVICE, new LdapUserServiceBeanDefinitionParser());
		parsers.put(Elements.USER_SERVICE, new UserServiceBeanDefinitionParser());
		parsers.put(Elements.JDBC_USER_SERVICE, new JdbcUserServiceBeanDefinitionParser());
		parsers.put(Elements.AUTHENTICATION_PROVIDER,
				new AuthenticationProviderBeanDefinitionParser());
		parsers.put(Elements.GLOBAL_METHOD_SECURITY,
				new GlobalMethodSecurityBeanDefinitionParser());
		parsers.put(Elements.AUTHENTICATION_MANAGER,
				new AuthenticationManagerBeanDefinitionParser());
		parsers.put(Elements.METHOD_SECURITY_METADATA_SOURCE,
				new MethodSecurityMetadataSourceBeanDefinitionParser());

		// Only load the web-namespace parsers if the web classes are available
		if (ClassUtils.isPresent(FILTER_CHAIN_PROXY_CLASSNAME, getClass()
				.getClassLoader())) {
			parsers.put(Elements.DEBUG, new DebugBeanDefinitionParser());
			parsers.put(Elements.HTTP, new HttpSecurityBeanDefinitionParser());
			parsers.put(Elements.HTTP_FIREWALL, new HttpFirewallBeanDefinitionParser());
			parsers.put(Elements.FILTER_SECURITY_METADATA_SOURCE,
					new FilterInvocationSecurityMetadataSourceParser());
			parsers.put(Elements.FILTER_CHAIN, new FilterChainBeanDefinitionParser());
			filterChainMapBDD = new FilterChainMapBeanDefinitionDecorator();
		}

		if (ClassUtils.isPresent(MESSAGE_CLASSNAME, getClass().getClassLoader())) {
			parsers.put(Elements.WEBSOCKET_MESSAGE_BROKER,
					new WebSocketMessageBrokerSecurityBeanDefinitionParser());
		}
	}

    解析咱们看到的http标签使用的就是HttpSecurityBeanDefinitionParser,解析authentication-manager使用的就是AuthenticationManagerBeanDefinitionParser。来看下HttpSecurityBeanDefinitionParser的parser方法,以下图1所示:spa

          

                                                                              图1 code

    图1中的createFilterChain方法中,xml

       

                                                                            图2 blog

    如图2中所示的红框内,就是获取Filter,在拿到Filter以后,会对它们进行排序,这个看下SecurityFilters,以下List-3所示,排序是根据List-3中的属性order的值进行排序的。

    List-3 

enum SecurityFilters {
	FIRST(Integer.MIN_VALUE),
	CHANNEL_FILTER,
	SECURITY_CONTEXT_FILTER,
	CONCURRENT_SESSION_FILTER,
	/** {@link WebAsyncManagerIntegrationFilter} */
	WEB_ASYNC_MANAGER_FILTER,
	HEADERS_FILTER,
	CORS_FILTER,
	CSRF_FILTER,
	LOGOUT_FILTER,
	X509_FILTER,
	PRE_AUTH_FILTER,
	CAS_FILTER,
	FORM_LOGIN_FILTER,
	OPENID_FILTER,
	LOGIN_PAGE_FILTER,
	DIGEST_AUTH_FILTER,
	BASIC_AUTH_FILTER,
	REQUEST_CACHE_FILTER,
	SERVLET_API_SUPPORT_FILTER,
	JAAS_API_SUPPORT_FILTER,
	REMEMBER_ME_FILTER,
	ANONYMOUS_FILTER,
	SESSION_MANAGEMENT_FILTER,
	EXCEPTION_TRANSLATION_FILTER,
	FILTER_SECURITY_INTERCEPTOR,
	SWITCH_USER_FILTER,
	LAST(Integer.MAX_VALUE);

	private static final int INTERVAL = 100;
	private final int order;

	private SecurityFilters() {
		order = ordinal() * INTERVAL;
	}

	private SecurityFilters(int order) {
		this.order = order;
	}

	public int getOrder() {
		return order;
	}
}
相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程