简体   繁体   English

FilterChainProxy的doFilter方法如何工作?

[英]How does the doFilter method of the FilterChainProxy work?

I was going through the source code of the org.springframework.security.web.FilterChainProxy class. 我正在查看org.springframework.security.web.FilterChainProxy类的源代码。 I want to undersatnd how its doFilter method work. 我想了解其doFilter方法的工作方式。 The following is the code. 以下是代码。

public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException 
{
    FilterInvocation fi = new FilterInvocation(request, response, chain);
    List<Filter> filters = getFilters(fi.getRequestUrl());

    if (filters == null || filters.size() == 0) {
        if (logger.isDebugEnabled()) {
            logger.debug(fi.getRequestUrl() +
                    filters == null ? " has no matching filters" : " has an empty filter list");
        }

        chain.doFilter(request, response);

        return;
    }

    VirtualFilterChain virtualFilterChain = new VirtualFilterChain(fi, filters);
    virtualFilterChain.doFilter(fi.getRequest(), fi.getResponse());

} }

My understanding is If I define custom filter not related to Spring in the web.xml , they will be included in the FilterChain object passed to the FilterChainProxy (I understand this happens via the DelegatingFilterProxy). 我的理解是,如果我在web.xml中定义了与Spring不相关的自定义过滤器,它们将包含在传递给FilterChainProxy的FilterChain对象中(我知道这是通过DelegatingFilterProxy发生的)。 Is that correct? 那是对的吗?

I think the IF block gets executed when there are non-spring Filters defined in the web.xml and when there are no Filters defined in the application context. 我认为当web.xml中定义了非spring过滤器并且应用程序上下文中没有定义过滤器时,IF块就会执行。

VirtualFilterChain here caters for Filters defined in the application text. VirtualFilterChain在这里满足应用程序文本中定义的过滤器。

There is a return statement in the If block which prevents VirtualFilterChain section getting executed. If块中有一个return语句,可防止执行VirtualFilterChain部分。

But how does this handle both Filters defined in the web.xml and the ones defined in the application context? 但是,这如何处理web.xml中定义的过滤器和应用程序上下文中定义的过滤器?

the "filterChain" parameter refers to the Servlet filters defined in web.xml. “ filterChain”参数是指在web.xml中定义的Servlet过滤器。 Look at this code in DelegatingFilterProxy.java 在DelegatingFilterProxy.java中查看此代码

public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {

    // Lazily initialize the delegate if necessary.
    Filter delegateToUse = this.delegate;
    if (delegateToUse == null) {
        ...
    }

    // Let the delegate perform the actual doFilter operation.
    invokeDelegate(delegateToUse, request, response, filterChain);
}

The invokeDelegate(...) is what invokes FilterChainProxy's doFilter(...) method. invokeDelegate(...)调用FilterChainProxy的doFilter(...)方法。

List<Filter> filters = getFilters(fi.getRequestUrl());

generates a list of Spring Security filters that match given url (some filters are listed in this section ). 生成与给定url匹配的Spring Security过滤器列表( 本节中列出了一些过滤器)。

If no Spring Security filters match the requestUrl, the execution just moves on to the rest of the filters defined in web.xml. 如果没有Spring Security过滤器与requestUrl匹配,则执行将继续进行到web.xml中定义的其余过滤器。 That's what the if() block is for. 这就是if()块的用途。

virtualFilterChain.doFilter(fi.getRequest(), fi.getResponse());

This is where Spring Security filters' doFilter(...) methods get called. 这就是Spring Security过滤器的doFilter(...)方法被调用的地方。 So, for example, if you have UsernamePasswordAuthenticationFilter as one of the filters configured, then virtualFilterChain.doFilter(...) will eventually invoke UsernamePasswordAuthenticationFilter's doFilter(...) method. 因此,例如,如果您将UsernamePasswordAuthenticationFilter作为配置的过滤器之一,则virtualFilterChain.doFilter(...)最终将调用UsernamePasswordAuthenticationFilter的doFilter(...)方法。

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM