Spring-security源码-Filter之HeaderWriterFilter(十二)

提供我们在Filter链 执行之前或者之后往Header写入内容

通过HttpSecurity  可以指定 默认是在之后调用

 http.headers().addHeaderWriter()

通过org.springframework.security.config.annotation.web.configurers.HeadersConfigurer 初始化

默认初始化处参考https://www.cnblogs.com/LQBlog/p/15508248.html#autoid-12-0-0

private void applyDefaultConfiguration(HttpSecurity http) throws Exception {
        //http本质也是build 这里都是配置默认的config configure add CsrfConfigurer
        http.csrf();
        //默认增加一个WebAsyncManagerIntegrationFilter
        http.addFilter(new WebAsyncManagerIntegrationFilter());
        //configures add ExceptionHandlingConfigurer
        http.exceptionHandling();
        //configures add HeadersConfigurer
        http.headers();
        //configures add SessionManagementConfigurer
        http.sessionManagement();
        //configure add SecurityContextConfigurer
        http.securityContext();
        //configure add RequestCacheConfigurer
        http.requestCache();
        ///configure add AnonymousConfigurer
        http.anonymous();
        ///configure add ServletApiConfigurer
        http.servletApi();
        //configure DefaultLoginPageConfigurer
        http.apply(new DefaultLoginPageConfigurer<>());
        //configure LogoutConfigurer
        http.logout();
    }

<1>

org.springframework.security.web.header.HeaderWriterFilter#doFilterInternal

   @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
        //在Filter链执行之前执行 默认是false 不建议直接修改,如果有需求可以自定在定义一个HeaderFilter 因为默认的有许多默认Writer需要在之后执行
        if (this.shouldWriteHeadersEagerly) {
//<2> doHeadersBefore(request, response, filterChain); }
else { //<4>在Filter链条执行之后 doHeadersAfter(request, response, filterChain); } }

<2>

org.springframework.security.web.header.HeaderWriterFilter#doHeadersBefore

  private void doHeadersBefore(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws IOException, ServletException {
        //<3>用我们的HeaderWriters
        writeHeaders(request, response);
        //执行调用链
        filterChain.doFilter(request, response);
    }

<3>

org.springframework.security.web.header.HeaderWriterFilter#writeHeaders

  void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
        //调用HeaderWriters 我们可以动态指定 扩展点
        for (HeaderWriter writer : this.headerWriters) {
            writer.writeHeaders(request, response);
        }
    }

<4>

org.springframework.security.web.header.HeaderWriterFilter#doHeadersAfter

 private void doHeadersAfter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws IOException, ServletException {
        //通过HeaderWriterResponse和HeaderWriterRequest 装饰 内部类 应该是为了发生异常或者重定向 调用WriteHeader
        HeaderWriterResponse headerWriterResponse = new HeaderWriterResponse(request, response);
        HeaderWriterRequest headerWriterRequest = new HeaderWriterRequest(request, headerWriterResponse);
        try {
            filterChain.doFilter(headerWriterRequest, headerWriterResponse);
        }
        finally {
            //<5>调用writeHeader
            headerWriterResponse.writeHeaders();
        }
    }

<5>

org.springframework.security.web.header.HeaderWriterFilter.HeaderWriterResponse#writeHeaders

 protected void writeHeaders() {
        //如果触发了Wapper的writeHeaders 则不再触发 避免重复调用
        if (isDisableOnResponseCommitted()) {
            return;
        }
//<2> HeaderWriterFilter.
this.writeHeaders(this.request, getHttpResponse()); }

 

posted @ 2021-11-10 10:39  意犹未尽  阅读(427)  评论(0编辑  收藏  举报