Spring-security源码-Filter之HeaderWriterFilter(十二)
1.Spring-Security系列导航2.spring-security使用-登录(一)3.spring-security使用-自定义数据源(二)4.spring-security使用-更友好的方式扩展登录AuthenticationProvider(三)5.spring-security使用-获得当前用户信息(四)6.spring-security使用-同一个账号只允许登录一次(五)7.spring-security使用-session共享(六)8.spring-security使用-安全防护HttpFirewall(七)9.spring-security使用-权限控制(八)10.spring-security源码-初始化(九)11.spring-security源码-如何初始化SecurityFilterChain到Servlet12.spring-security源码-FilterChainProxy13.spring-security源码-Filter之WebAsyncManagerIntegrationFilter(十)14.Spring-security源码-Filter之SecurityContextPersistenceFilter(十一)
15.Spring-security源码-Filter之HeaderWriterFilter(十二)
16.Spring-security源码-Filter之LogoutFilter(十三)17.Spring-security源码-Filter之UsernamePasswordAuthenticationFilter(十四)18.Spring-security源码-Filter之ConcurrentSessionFilter(十五)19.Spring-security源码-Filter之SessionManagementFilter(十六)20.Spring-security源码-Filter之RememberMeAuthenticationFilter(十七)21.Spring-security源码-Filter之ExceptionTranslationFilter(十八)22.Spring-security源码-Filter之FilterSecurityInterceptor(十九)23.Spring-security源码-注解权限原理(二十)24.Spring-security源码-注解权限原理之MethodSecurityInterceptor(二十一)25.Spring-Security基于源码扩展-一套系统多套登录逻辑(二十二)26.Spring-Security基于源码扩展-自定义登录(二十三)27.Spring-Security基于源码扩展-自定义认证失败返回(二十四)28.Spring-Security基于源码扩展-自定义授权注解(二十五)提供我们在Filter链 执行之前或者之后往Header写入内容
通过HttpSecurity 可以指定 默认是在之后调用
http.headers().addHeaderWriter()
通过org.springframework.security.config.annotation.web.configurers.HeadersConfigurer 初始化
默认初始化处参考https://www.cnblogs.com/LQBlog/p/15508248.html#autoid-12-0-0
private void applyDefaultConfiguration(HttpSecurity http) throws Exception { //http本质也是build 这里都是配置默认的config configure add CsrfConfigurer http.csrf(); //默认增加一个WebAsyncManagerIntegrationFilter http.addFilter(new WebAsyncManagerIntegrationFilter()); //configures add ExceptionHandlingConfigurer http.exceptionHandling(); //configures add HeadersConfigurer http.headers(); //configures add SessionManagementConfigurer http.sessionManagement(); //configure add SecurityContextConfigurer http.securityContext(); //configure add RequestCacheConfigurer http.requestCache(); ///configure add AnonymousConfigurer http.anonymous(); ///configure add ServletApiConfigurer http.servletApi(); //configure DefaultLoginPageConfigurer http.apply(new DefaultLoginPageConfigurer<>()); //configure LogoutConfigurer http.logout(); }
<1>
org.springframework.security.web.header.HeaderWriterFilter#doFilterInternal
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { //在Filter链执行之前执行 默认是false 不建议直接修改,如果有需求可以自定在定义一个HeaderFilter 因为默认的有许多默认Writer需要在之后执行 if (this.shouldWriteHeadersEagerly) {
//<2> doHeadersBefore(request, response, filterChain); } else { //<4>在Filter链条执行之后 doHeadersAfter(request, response, filterChain); } }
<2>
org.springframework.security.web.header.HeaderWriterFilter#doHeadersBefore
private void doHeadersBefore(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { //<3>调用我们的HeaderWriters writeHeaders(request, response); //执行调用链 filterChain.doFilter(request, response); }
<3>
org.springframework.security.web.header.HeaderWriterFilter#writeHeaders
void writeHeaders(HttpServletRequest request, HttpServletResponse response) { //调用HeaderWriters 我们可以动态指定 扩展点 for (HeaderWriter writer : this.headerWriters) { writer.writeHeaders(request, response); } }
<4>
org.springframework.security.web.header.HeaderWriterFilter#doHeadersAfter
private void doHeadersAfter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { //通过HeaderWriterResponse和HeaderWriterRequest 装饰 内部类 应该是为了发生异常或者重定向 调用WriteHeader HeaderWriterResponse headerWriterResponse = new HeaderWriterResponse(request, response); HeaderWriterRequest headerWriterRequest = new HeaderWriterRequest(request, headerWriterResponse); try { filterChain.doFilter(headerWriterRequest, headerWriterResponse); } finally { //<5>调用writeHeader headerWriterResponse.writeHeaders(); } }
<5>
org.springframework.security.web.header.HeaderWriterFilter.HeaderWriterResponse#writeHeaders
protected void writeHeaders() { //如果触发了Wapper的writeHeaders 则不再触发 避免重复调用 if (isDisableOnResponseCommitted()) { return; }
//<2> HeaderWriterFilter.this.writeHeaders(this.request, getHttpResponse()); }
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
2020-11-10 spring源码阅读(二)-IOC之ClassPathXmlApplicationContext