热门标签
当前位置: article > 正文
spring-security 默认登录页面(一)_spring security 默认登录页面
作者:Cpp五条 | 2024-06-12 15:07:33
赞
踩
spring security 默认登录页面
Spring Security是一个强大且高度可定制的身份验证和访问控制框架。天然与Spring整合,易扩展,引入jar包就可以用了,在boot自动装载下,不需要任何配置就可以控制资源访问。那么默认登录页是如何产生的呢?
版本信息
| 内容 | 版本 |
|---|---|
| JDK | 17 |
| spring-boot-starter-web | 3.2.2 |
| spring-boot-starter-security | 3.2.2 |
| spring-security | 6.2.1 |
项目搭建步骤
-
访问 https://start.spring.io/ 自动生成项目
-
添加依赖 Spring Web、Spring Security
-
生成项目, 点击 GENERATE,会下载一个压缩包
-
添加 controller 代码
package com.example.security.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HelloController {
@GetMapping(value = "/hello")
public String hello() {
return "Hello Security";
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 启动项目, 访问 http://localhost:8080/hello,会重定向到登录页面
为啥为重定向到登录页面?登录页面如何生成的?
源码解析
- 先找一下 spring-boot-test-autoconfigure jar 包,找到文件org.springframework.boot.autoconfigure.AutoConfiguration.imports,检索 security, 发现有如下类
过滤器链是通过 SecurityAutoConfiguration 导入的类SpringBootWebSecurityConfiguration 配置的 org.springframework.boot.autoconfigure.security.servlet.SpringBootWebSecurityConfiguration.WebSecurityEnablerConfiguration
打印出默认过滤器链
2024-02-01T23:19:18.288+08:00 INFO 15696 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@748ac6f3, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@68f6e55d, org.springframework.security.web.context.SecurityContextHolderFilter@3238e2aa, org.springframework.security.web.header.HeaderWriterFilter@71adfedd, org.springframework.web.filter.CorsFilter@6fff46bf, org.springframework.security.web.csrf.CsrfFilter@5f36c8e3, org.springframework.security.web.authentication.logout.LogoutFilter@217bf99e, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@67022ea, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@38b3f208, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@1835dc92, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@7ec95456, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2577a95d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1668919e, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@3aaa3c39, org.springframework.security.web.access.ExceptionTranslationFilter@17e9bc9e, org.springframework.security.web.access.intercept.AuthorizationFilter@7327a447]
- 1
/** * Adds the {@link EnableWebSecurity @EnableWebSecurity} annotation if Spring Security * is on the classpath. This will make sure that the annotation is present with * default security auto-configuration and also if the user adds custom security and * forgets to add the annotation. If {@link EnableWebSecurity @EnableWebSecurity} has * already been added or if a bean with name * {@value BeanIds#SPRING_SECURITY_FILTER_CHAIN} has been configured by the user, this * will back-off. */ @Configuration(proxyBeanMethods = false) @ConditionalOnMissingBean(name = BeanIds.SPRING_SECURITY_FILTER_CHAIN) @ConditionalOnClass(EnableWebSecurity.class) @EnableWebSecurity static class WebSecurityEnablerConfiguration { }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
核心的注解类 org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
org.springframework.security.config.annotation.web.builders.WebSecurity#performBuild
在类org.springframework.security.web.FilterChainProxy.VirtualFilterChain#doFilter 加一个断点, 看每个过滤器做了啥
经过调试,发现默认页面在 org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter 这个类生成的,方法 generateLoginPageHtml
过滤器处理具体分析
spring-boot-starter-security 默认会加载以下过滤器
[DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[ org.springframework.security.web.session.DisableEncodeUrlFilter@65a9ea3c, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@70f68288, org.springframework.security.web.context.SecurityContextHolderFilter@22c53d82, org.springframework.security.web.header.HeaderWriterFilter@2577a95d, org.springframework.web.filter.CorsFilter@46911148, org.springframework.security.web.csrf.CsrfFilter@6d0be7ab, org.springframework.security.web.authentication.logout.LogoutFilter@58af5076, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1fbf088b, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@3b4a1a75, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@2db1b657, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@650c405c, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@68d6d775, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@b67cc70, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@7e351d7, org.springframework.security.web.access.ExceptionTranslationFilter@9301672, org.springframework.security.web.access.intercept.AuthorizationFilter@11d045b4]]]
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
开启 Trace 级别日志
修改 application.properties 文件,增加日志配置
logging.level.org.springframework.security=TRACE
- 1
访问地址 http://localhost:8080/hello, 可以看到有详细的日志输出
2024-02-03T09:24:07.863+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@4eaa375c, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@2404b5a, org.springframework.security.web.context.SecurityContextHolderFilter@6088451e, org.springframework.security.web.header.HeaderWriterFilter@3ba3d4b6, org.springframework.web.filter.CorsFilter@3af58f76, org.springframework.security.web.csrf.CsrfFilter@6bcb12e6, org.springframework.security.web.authentication.logout.LogoutFilter@3a7e365, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5f05c8d6, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@5416f8db, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@2ead6ba4, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@7885776b, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2f10f633, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1642eeae, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@31a2a9fa, org.springframework.security.web.access.ExceptionTranslationFilter@40de8f93, org.springframework.security.web.access.intercept.AuthorizationFilter@78422efb]] (1/1) 2024-02-03T09:24:07.864+08:00 DEBUG 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Securing GET /hello 2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/16) 2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/16) 2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/16) 2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/16) 2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/16) 2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (6/16) 2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.csrf.CsrfFilter : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS] 2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (7/16) 2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.a.logout.LogoutFilter : Did not match request to Ant [pattern='/logout', POST] 2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking UsernamePasswordAuthenticationFilter (8/16) 2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST] 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (9/16) 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking DefaultLogoutPageGeneratingFilter (10/16) 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] .w.a.u.DefaultLogoutPageGeneratingFilter : Did not render default logout page since request did not match [Ant [pattern='/logout', GET]] 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking BasicAuthenticationFilter (11/16) 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.a.www.BasicAuthenticationFilter : Did not process authentication request since failed to find username and password in Basic Authorization header 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (12/16) 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (13/16) 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (14/16) 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (15/16) 2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (16/16) 2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] estMatcherDelegatingAuthorizationManager : Authorizing SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@219ea36b] 2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] estMatcherDelegatingAuthorizationManager : Checking authorization on SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@219ea36b] using org.springframework.security.authorization.AuthenticatedAuthorizationManager@2973568c 2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not find SecurityContext in HttpSession 9103C6E281234FE6BA1B598A7FC64D41 using the SPRING_SECURITY_CONTEXT session attribute 2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication] 2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication] 2024-02-03T09:24:07.868+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=9103C6E281234FE6BA1B598A7FC64D41], Granted Authorities=[ROLE_ANONYMOUS]] 2024-02-03T09:24:07.868+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=9103C6E281234FE6BA1B598A7FC64D41], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied org.springframework.security.access.AccessDeniedException: Access Denied at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:181) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:58) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:189) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:175) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) ~[spring-webmvc-6.1.3.jar:6.1.3] at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:225) ~[spring-security-config-6.2.1.jar:6.2.1] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.1.3.jar:6.1.3] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at java.base/java.lang.Thread.run(Thread.java:842) ~[na:na] 2024-02-03T09:24:07.878+08:00 DEBUG 13892 --- [nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:8080/hello?continue to session 2024-02-03T09:24:07.878+08:00 DEBUG 13892 --- [nio-8080-exec-7] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4f223bee, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]] 2024-02-03T09:24:07.878+08:00 DEBUG 13892 --- [nio-8080-exec-7] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@d902300 2024-02-03T09:24:07.878+08:00 DEBUG 13892 --- [nio-8080-exec-7] o.s.s.web.DefaultRedirectStrategy : Redirecting to http://localhost:8080/login 2024-02-03T09:24:07.878+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure] 2024-02-03T09:24:07.885+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@4eaa375c, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@2404b5a, org.springframework.security.web.context.SecurityContextHolderFilter@6088451e, org.springframework.security.web.header.HeaderWriterFilter@3ba3d4b6, org.springframework.web.filter.CorsFilter@3af58f76, org.springframework.security.web.csrf.CsrfFilter@6bcb12e6, org.springframework.security.web.authentication.logout.LogoutFilter@3a7e365, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5f05c8d6, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@5416f8db, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@2ead6ba4, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@7885776b, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2f10f633, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1642eeae, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@31a2a9fa, org.springframework.security.web.access.ExceptionTranslationFilter@40de8f93, org.springframework.security.web.access.intercept.AuthorizationFilter@78422efb]] (1/1) 2024-02-03T09:24:07.885+08:00 DEBUG 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Securing GET /login 2024-02-03T09:24:07.885+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (6/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.csrf.CsrfFilter : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS] 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (7/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.s.w.a.logout.LogoutFilter : Did not match request to Ant [pattern='/logout', POST] 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking UsernamePasswordAuthenticationFilter (8/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST] 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (9/16) 2024-02-03T09:24:07.887+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
重定向到 /login 流程图
流程图说明
- 过滤器链,org.springframework.security.web.FilterChainProxy.VirtualFilterChain#doFilter,一个接着一个filter 执行
- DefaultLoginPageGeneratingFilter,默认登录页生成过滤器。判断当前url 是否是login、loginError,logout 的url,如果是,就生成登录页面,并且输出到浏览器
- AuthorizationFilter,权限过滤器,判断当前用户是否有权限访问url。当浏览器访问 /hello 地址,经过 AnonymousAuthenticationFilter 过滤器,未获取到认证信息,会生成匿名的认证Token-AnonymousAuthenticationToken。
授权认证器校验到当前的AnonymousAuthenticationToken无权限访问/hello, 抛出AccessDeniedException异常
- ExceptionTranslationFilter,异常处理过滤器,处理 AuthenticationException、AccessDeniedException异常。它catch 到 AuthorizationFilter 抛出的 AccessDeniedException异常,调用 handleSpringSecurityException 方法处理异常
根据不同的异常类型,不同的处理逻辑
处理AccessDeniedException 异常
由于是匿名的认证用户,执行sendStartAuthentication方法
- DelegatingAuthenticationEntryPoint 开始处理异常 commence 方法
匹配到 LoginUrlAuthenticationEntryPoint,登录URL身份验证入口点,它生成重定向的URL http://localhost:8080/login。
- DefaultRedirectStrategy,默认的重定向策略类,重定向到登录地址 http://localhost:8080/login
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/Cpp五条/article/detail/708520
推荐阅读
相关标签
