Spring-security源码-Filter之HeaderWriterFilter(十二)
提供我们在Filter链 执行之前或者之后往Header写入内容
通过HttpSecurity 可以指定 默认是在之后调用
http.headers().addHeaderWriter()
通过org.springframework.security.config.annotation.web.configurers.HeadersConfigurer 初始化
默认初始化处参考https://www.cnblogs.com/LQBlog/p/15508248.html#autoid-12-0-0
private void applyDefaultConfiguration(HttpSecurity http) throws Exception { //http本质也是build 这里都是配置默认的config configure add CsrfConfigurer http.csrf(); //默认增加一个WebAsyncManagerIntegrationFilter http.addFilter(new WebAsyncManagerIntegrationFilter()); //configures add ExceptionHandlingConfigurer http.exceptionHandling(); //configures add HeadersConfigurer http.headers(); //configures add SessionManagementConfigurer http.sessionManagement(); //configure add SecurityContextConfigurer http.securityContext(); //configure add RequestCacheConfigurer http.requestCache(); ///configure add AnonymousConfigurer http.anonymous(); ///configure add ServletApiConfigurer http.servletApi(); //configure DefaultLoginPageConfigurer http.apply(new DefaultLoginPageConfigurer<>()); //configure LogoutConfigurer http.logout(); }
<1>
org.springframework.security.web.header.HeaderWriterFilter#doFilterInternal
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { //在Filter链执行之前执行 默认是false 不建议直接修改,如果有需求可以自定在定义一个HeaderFilter 因为默认的有许多默认Writer需要在之后执行 if (this.shouldWriteHeadersEagerly) {
//<2> doHeadersBefore(request, response, filterChain); } else { //<4>在Filter链条执行之后 doHeadersAfter(request, response, filterChain); } }
<2>
org.springframework.security.web.header.HeaderWriterFilter#doHeadersBefore
private void doHeadersBefore(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { //<3>调用我们的HeaderWriters writeHeaders(request, response); //执行调用链 filterChain.doFilter(request, response); }
<3>
org.springframework.security.web.header.HeaderWriterFilter#writeHeaders
void writeHeaders(HttpServletRequest request, HttpServletResponse response) { //调用HeaderWriters 我们可以动态指定 扩展点 for (HeaderWriter writer : this.headerWriters) { writer.writeHeaders(request, response); } }
<4>
org.springframework.security.web.header.HeaderWriterFilter#doHeadersAfter
private void doHeadersAfter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { //通过HeaderWriterResponse和HeaderWriterRequest 装饰 内部类 应该是为了发生异常或者重定向 调用WriteHeader HeaderWriterResponse headerWriterResponse = new HeaderWriterResponse(request, response); HeaderWriterRequest headerWriterRequest = new HeaderWriterRequest(request, headerWriterResponse); try { filterChain.doFilter(headerWriterRequest, headerWriterResponse); } finally { //<5>调用writeHeader headerWriterResponse.writeHeaders(); } }
<5>
org.springframework.security.web.header.HeaderWriterFilter.HeaderWriterResponse#writeHeaders
protected void writeHeaders() { //如果触发了Wapper的writeHeaders 则不再触发 避免重复调用 if (isDisableOnResponseCommitted()) { return; }
//<2> HeaderWriterFilter.this.writeHeaders(this.request, getHttpResponse()); }