当前位置:   article > 正文

spring-security 默认登录页面(一)_spring security 默认登录页面

spring security 默认登录页面

Spring Security是一个强大且高度可定制的身份验证和访问控制框架。天然与Spring整合,易扩展,引入jar包就可以用了,在boot自动装载下,不需要任何配置就可以控制资源访问。那么默认登录页是如何产生的呢?

版本信息

内容版本
JDK17
spring-boot-starter-web3.2.2
spring-boot-starter-security3.2.2
spring-security6.2.1

项目搭建步骤

  1. 访问 https://start.spring.io/ 自动生成项目
    在这里插入图片描述

  2. 添加依赖 Spring Web、Spring Security
    在这里插入图片描述

  3. 生成项目, 点击 GENERATE,会下载一个压缩包

  4. 添加 controller 代码

package com.example.security.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HelloController {

    @GetMapping(value = "/hello")
    public String hello() {
        return "Hello Security";
    }
}
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  1. 启动项目, 访问 http://localhost:8080/hello,会重定向到登录页面
    在这里插入图片描述为啥为重定向到登录页面?登录页面如何生成的?

源码解析

  1. 先找一下 spring-boot-test-autoconfigure jar 包,找到文件org.springframework.boot.autoconfigure.AutoConfiguration.imports,检索 security, 发现有如下类
    在这里插入图片描述
    过滤器链是通过 SecurityAutoConfiguration 导入的类SpringBootWebSecurityConfiguration 配置的 org.springframework.boot.autoconfigure.security.servlet.SpringBootWebSecurityConfiguration.WebSecurityEnablerConfiguration
    在这里插入图片描述
    打印出默认过滤器链
2024-02-01T23:19:18.288+08:00  INFO 15696 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@748ac6f3, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@68f6e55d, org.springframework.security.web.context.SecurityContextHolderFilter@3238e2aa, org.springframework.security.web.header.HeaderWriterFilter@71adfedd, org.springframework.web.filter.CorsFilter@6fff46bf, org.springframework.security.web.csrf.CsrfFilter@5f36c8e3, org.springframework.security.web.authentication.logout.LogoutFilter@217bf99e, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@67022ea, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@38b3f208, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@1835dc92, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@7ec95456, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2577a95d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1668919e, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@3aaa3c39, org.springframework.security.web.access.ExceptionTranslationFilter@17e9bc9e, org.springframework.security.web.access.intercept.AuthorizationFilter@7327a447]
  • 1
	/**
	 * Adds the {@link EnableWebSecurity @EnableWebSecurity} annotation if Spring Security
	 * is on the classpath. This will make sure that the annotation is present with
	 * default security auto-configuration and also if the user adds custom security and
	 * forgets to add the annotation. If {@link EnableWebSecurity @EnableWebSecurity} has
	 * already been added or if a bean with name
	 * {@value BeanIds#SPRING_SECURITY_FILTER_CHAIN} has been configured by the user, this
	 * will back-off.
	 */
	@Configuration(proxyBeanMethods = false)
	@ConditionalOnMissingBean(name = BeanIds.SPRING_SECURITY_FILTER_CHAIN)
	@ConditionalOnClass(EnableWebSecurity.class)
	@EnableWebSecurity
	static class WebSecurityEnablerConfiguration {

	}
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16

核心的注解类 org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
在这里插入图片描述
在这里插入图片描述
org.springframework.security.config.annotation.web.builders.WebSecurity#performBuild
在这里插入图片描述
在类org.springframework.security.web.FilterChainProxy.VirtualFilterChain#doFilter 加一个断点, 看每个过滤器做了啥
在这里插入图片描述
经过调试,发现默认页面在 org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter 这个类生成的,方法 generateLoginPageHtml
在这里插入图片描述

过滤器处理具体分析

spring-boot-starter-security 默认会加载以下过滤器

[DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[
org.springframework.security.web.session.DisableEncodeUrlFilter@65a9ea3c, 
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@70f68288, 
org.springframework.security.web.context.SecurityContextHolderFilter@22c53d82, 
org.springframework.security.web.header.HeaderWriterFilter@2577a95d, 
org.springframework.web.filter.CorsFilter@46911148, 
org.springframework.security.web.csrf.CsrfFilter@6d0be7ab, 
org.springframework.security.web.authentication.logout.LogoutFilter@58af5076, 
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1fbf088b, 
org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@3b4a1a75, 
org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@2db1b657, 
org.springframework.security.web.authentication.www.BasicAuthenticationFilter@650c405c, 
org.springframework.security.web.savedrequest.RequestCacheAwareFilter@68d6d775, 
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@b67cc70, 
org.springframework.security.web.authentication.AnonymousAuthenticationFilter@7e351d7, 
org.springframework.security.web.access.ExceptionTranslationFilter@9301672, 
org.springframework.security.web.access.intercept.AuthorizationFilter@11d045b4]]]
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17

开启 Trace 级别日志

修改 application.properties 文件,增加日志配置

logging.level.org.springframework.security=TRACE
  • 1

访问地址 http://localhost:8080/hello, 可以看到有详细的日志输出

2024-02-03T09:24:07.863+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@4eaa375c, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@2404b5a, org.springframework.security.web.context.SecurityContextHolderFilter@6088451e, org.springframework.security.web.header.HeaderWriterFilter@3ba3d4b6, org.springframework.web.filter.CorsFilter@3af58f76, org.springframework.security.web.csrf.CsrfFilter@6bcb12e6, org.springframework.security.web.authentication.logout.LogoutFilter@3a7e365, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5f05c8d6, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@5416f8db, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@2ead6ba4, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@7885776b, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2f10f633, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1642eeae, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@31a2a9fa, org.springframework.security.web.access.ExceptionTranslationFilter@40de8f93, org.springframework.security.web.access.intercept.AuthorizationFilter@78422efb]] (1/1)
2024-02-03T09:24:07.864+08:00 DEBUG 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Securing GET /hello
2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/16)
2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/16)
2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/16)
2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/16)
2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking CorsFilter (5/16)
2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (6/16)
2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.csrf.CsrfFilter         : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS]
2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (7/16)
2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Ant [pattern='/logout', POST]
2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking UsernamePasswordAuthenticationFilter (8/16)
2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST]
2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (9/16)
2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (10/16)
2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] .w.a.u.DefaultLogoutPageGeneratingFilter : Did not render default logout page since request did not match [Ant [pattern='/logout', GET]]
2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking BasicAuthenticationFilter (11/16)
2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.a.www.BasicAuthenticationFilter  : Did not process authentication request since failed to find username and password in Basic Authorization header
2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/16)
2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache        : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/16)
2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/16)
2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (15/16)
2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (16/16)
2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] estMatcherDelegatingAuthorizationManager : Authorizing SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@219ea36b]
2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] estMatcherDelegatingAuthorizationManager : Checking authorization on SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@219ea36b] using org.springframework.security.authorization.AuthenticatedAuthorizationManager@2973568c
2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not find SecurityContext in HttpSession 9103C6E281234FE6BA1B598A7FC64D41 using the SPRING_SECURITY_CONTEXT session attribute
2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-02-03T09:24:07.868+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=9103C6E281234FE6BA1B598A7FC64D41], Granted Authorities=[ROLE_ANONYMOUS]]
2024-02-03T09:24:07.868+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.a.ExceptionTranslationFilter     : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=9103C6E281234FE6BA1B598A7FC64D41], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied

org.springframework.security.access.AccessDeniedException: Access Denied
	at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:181) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:58) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:189) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:175) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.2.1.jar:6.2.1]
	at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) ~[spring-webmvc-6.1.3.jar:6.1.3]
	at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:225) ~[spring-security-config-6.2.1.jar:6.2.1]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.1.3.jar:6.1.3]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.1.3.jar:6.1.3]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-10.1.18.jar:10.1.18]
	at java.base/java.lang.Thread.run(Thread.java:842) ~[na:na]

2024-02-03T09:24:07.878+08:00 DEBUG 13892 --- [nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache        : Saved request http://localhost:8080/hello?continue to session
2024-02-03T09:24:07.878+08:00 DEBUG 13892 --- [nio-8080-exec-7] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4f223bee, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]
2024-02-03T09:24:07.878+08:00 DEBUG 13892 --- [nio-8080-exec-7] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@d902300
2024-02-03T09:24:07.878+08:00 DEBUG 13892 --- [nio-8080-exec-7] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://localhost:8080/login
2024-02-03T09:24:07.878+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match request to [Is Secure]
2024-02-03T09:24:07.885+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@4eaa375c, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@2404b5a, org.springframework.security.web.context.SecurityContextHolderFilter@6088451e, org.springframework.security.web.header.HeaderWriterFilter@3ba3d4b6, org.springframework.web.filter.CorsFilter@3af58f76, org.springframework.security.web.csrf.CsrfFilter@6bcb12e6, org.springframework.security.web.authentication.logout.LogoutFilter@3a7e365, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5f05c8d6, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@5416f8db, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@2ead6ba4, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@7885776b, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2f10f633, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1642eeae, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@31a2a9fa, org.springframework.security.web.access.ExceptionTranslationFilter@40de8f93, org.springframework.security.web.access.intercept.AuthorizationFilter@78422efb]] (1/1)
2024-02-03T09:24:07.885+08:00 DEBUG 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Securing GET /login
2024-02-03T09:24:07.885+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/16)
2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/16)
2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/16)
2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/16)
2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking CorsFilter (5/16)
2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (6/16)
2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.csrf.CsrfFilter         : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS]
2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (7/16)
2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Ant [pattern='/logout', POST]
2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking UsernamePasswordAuthenticationFilter (8/16)
2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST]
2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (9/16)
2024-02-03T09:24:07.887+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match request to [Is Secure]

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139

重定向到 /login 流程图

在这里插入图片描述

流程图说明

  1. 过滤器链,org.springframework.security.web.FilterChainProxy.VirtualFilterChain#doFilter,一个接着一个filter 执行
  2. DefaultLoginPageGeneratingFilter,默认登录页生成过滤器。判断当前url 是否是login、loginError,logout 的url,如果是,就生成登录页面,并且输出到浏览器
    在这里插入图片描述
  3. AuthorizationFilter,权限过滤器,判断当前用户是否有权限访问url。当浏览器访问 /hello 地址,经过 AnonymousAuthenticationFilter 过滤器,未获取到认证信息,会生成匿名的认证Token-AnonymousAuthenticationToken。
    在这里插入图片描述
    授权认证器校验到当前的AnonymousAuthenticationToken无权限访问/hello, 抛出AccessDeniedException异常
    在这里插入图片描述
  4. ExceptionTranslationFilter,异常处理过滤器,处理 AuthenticationException、AccessDeniedException异常。它catch 到 AuthorizationFilter 抛出的 AccessDeniedException异常,调用 handleSpringSecurityException 方法处理异常
    在这里插入图片描述
    根据不同的异常类型,不同的处理逻辑
    在这里插入图片描述处理AccessDeniedException 异常
    在这里插入图片描述
    由于是匿名的认证用户,执行sendStartAuthentication方法
    在这里插入图片描述
  5. DelegatingAuthenticationEntryPoint 开始处理异常 commence 方法
    在这里插入图片描述
    匹配到 LoginUrlAuthenticationEntryPoint,登录URL身份验证入口点,它生成重定向的URL http://localhost:8080/login。
    在这里插入图片描述
  6. DefaultRedirectStrategy,默认的重定向策略类,重定向到登录地址 http://localhost:8080/login
    在这里插入图片描述
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/Cpp五条/article/detail/708520
推荐阅读
相关标签
  

闽ICP备14008679号