spring-security源码-Filter之WebAsyncManagerIntegrationFilter(十)

合集 - spring-security源码阅读(28)

1.Spring-Security系列导航2021-11-152.spring-security使用-登录(一)2020-12-103.spring-security使用-自定义数据源(二)2020-12-224.spring-security使用-更友好的方式扩展登录AuthenticationProvider(三)2021-01-045.spring-security使用-获得当前用户信息(四)2021-01-056.spring-security使用-同一个账号只允许登录一次(五)2021-01-067.spring-security使用-session共享(六)2021-01-078.spring-security使用-安全防护HttpFirewall(七)2021-01-299.spring-security使用-权限控制(八)2021-11-0310.spring-security源码-初始化(九)2021-11-0411.spring-security源码-如何初始化SecurityFilterChain到Servlet2024-03-1012.spring-security源码-FilterChainProxy2024-03-10

13.spring-security源码-Filter之WebAsyncManagerIntegrationFilter(十)2021-11-09

14.Spring-security源码-Filter之SecurityContextPersistenceFilter(十一)2021-11-0915.Spring-security源码-Filter之HeaderWriterFilter(十二)2021-11-1016.Spring-security源码-Filter之LogoutFilter(十三)2021-11-1017.Spring-security源码-Filter之UsernamePasswordAuthenticationFilter(十四)2021-11-1018.Spring-security源码-Filter之ConcurrentSessionFilter(十五)2021-11-1019.Spring-security源码-Filter之SessionManagementFilter(十六)2021-11-1120.Spring-security源码-Filter之RememberMeAuthenticationFilter(十七)2021-11-1121.Spring-security源码-Filter之ExceptionTranslationFilter(十八)2021-11-1222.Spring-security源码-Filter之FilterSecurityInterceptor(十九)2021-11-1323.Spring-security源码-注解权限原理(二十)2021-11-1324.Spring-security源码-注解权限原理之MethodSecurityInterceptor(二十一)2021-11-1525.Spring-Security基于源码扩展-一套系统多套登录逻辑(二十二)2021-11-1526.Spring-Security基于源码扩展-自定义登录(二十三)2021-11-1527.Spring-Security基于源码扩展-自定义认证失败返回(二十四)2021-11-1528.Spring-Security基于源码扩展-自定义授权注解(二十五)2021-11-15

收起

文章主目录

• 作用
• WebAsyncTask简单例子
• 初始化处
• WebAsyncManagerIntegrationFilter
• <1>

回到顶部

作用

我们获取当前登录用户信息是根据SecurityContextHolder.getContext()获取的,SecurityContextHolder.getContext()本质是ThreadLocal实现

Spring MVC WebAsyncTask是异步另外一个线程 所以用于保证我们在Task 线程也能通过SecurityContextHolder.getContext()获取

回到顶部

WebAsyncTask简单例子

GetMapping("/completion")
public WebAsyncTask<String> asyncTaskCompletion() {
    // 打印处理线程名
    out.println(format("请求处理线程：%s", currentThread().getName()));

    // 模拟开启一个异步任务，超时时间为10s
    WebAsyncTask<String> asyncTask = new WebAsyncTask<>(10 * 1000L, () -> {
        out.println(format("异步工作线程：%s", currentThread().getName()));
        // 任务处理时间5s，不超时
        sleep(5 * 1000L);
        return asyncService.generateUUID();
    });

    // 任务执行完成时调用该方法
    asyncTask.onCompletion(() -> out.println("任务执行完成"));
    out.println("继续处理其他事情");
    return asyncTask;
}

输出

请求处理线程：http-nio-8080-exec-2
继续处理其他事情
异步工作线程：MvcAsync1
任务执行完成

回到顶部

初始化处

参考《spring-security源码-初始化(九)》

private void applyDefaultConfiguration(HttpSecurity http) throws Exception {
        //http本质也是build 这里都是配置默认的config configure add CsrfConfigurer
        http.csrf();
        //默认增加一个WebAsyncManagerIntegrationFilter
        http.addFilter(new WebAsyncManagerIntegrationFilter());
        //configures add ExceptionHandlingConfigurer
        http.exceptionHandling();
        //configures add HeadersConfigurer
        http.headers();
        //configures add SessionManagementConfigurer
        http.sessionManagement();
        //configure add SecurityContextConfigurer
        http.securityContext();
        //configure add RequestCacheConfigurer
        http.requestCache();
        ///configure add AnonymousConfigurer
        http.anonymous();
        ///configure add ServletApiConfigurer
        http.servletApi();
        //configure DefaultLoginPageConfigurer
        http.apply(new DefaultLoginPageConfigurer<>());
        //configure LogoutConfigurer
        http.logout();
    }

回到顶部

WebAsyncManagerIntegrationFilter

public final class WebAsyncManagerIntegrationFilter extends OncePerRequestFilter {
    private static final Object CALLABLE_INTERCEPTOR_KEY = new Object();

    public WebAsyncManagerIntegrationFilter() {
    }

    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        //获取WebAsync 异步管理器
        WebAsyncManager asyncManager = WebAsyncUtils.getAsyncManager(request);
        //如果没有初始化SecurityContextCallableProcessingInterceptor
        SecurityContextCallableProcessingInterceptor securityProcessingInterceptor = (SecurityContextCallableProcessingInterceptor)asyncManager.getCallableInterceptor(CALLABLE_INTERCEPTOR_KEY);
        if (securityProcessingInterceptor == null) {
            //则手动创建Spring Security的SecurityContextCallableProcessingInterceptor
            //<1>核心原理应该是在开启异步的时候通过拦截器 设置当前Context
            asyncManager.registerCallableInterceptor(CALLABLE_INTERCEPTOR_KEY, new SecurityContextCallableProcessingInterceptor());
        }

        filterChain.doFilter(request, response);
    }
}

回到顶部

<1>

public final class SecurityContextCallableProcessingInterceptor extends CallableProcessingInterceptorAdapter {
    private volatile SecurityContext securityContext;

    public SecurityContextCallableProcessingInterceptor() {
    }

    public SecurityContextCallableProcessingInterceptor(SecurityContext securityContext) {
        Assert.notNull(securityContext, "securityContext cannot be null");
        this.setSecurityContext(securityContext);
    }

    public <T> void beforeConcurrentHandling(NativeWebRequest request, Callable<T> task) {
        if (this.securityContext == null) {
            // before 开启Task之前设置SecurityContext 
            this.setSecurityContext(SecurityContextHolder.getContext());
        }

    }

    public <T> void preProcess(NativeWebRequest request, Callable<T> task) {
        //负责Task线程写入
        SecurityContextHolder.setContext(this.securityContext);
    }

    public <T> void postProcess(NativeWebRequest request, Callable<T> task, Object concurrentResult) {
        //负责Task线程清空
        SecurityContextHolder.clearContext();
    }

    private void setSecurityContext(SecurityContext securityContext) {
        this.securityContext = securityContext;
    }
}