Spring Security Web 5.1.2 源码解析 -- ExceptionTranslationFilter

最新推荐文章于 2025-09-13 05:04:45 发布
原创 最新推荐文章于 2025-09-13 05:04:45 发布 · 1.3k 阅读 · 1 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

探讨Spring Security中ExceptionTranslationFilter如何处理AccessDeniedException和AuthenticationException,通过转换异常为HTTP响应,实现认证流程的启动及权限拒绝的处理。

概述

该过滤器的作用是处理过滤器链中发生的 AccessDeniedExceptionAuthenticationException 异常,将它们转换成相应的HTTP响应。

当检测到 AuthenticationException 异常时,该过滤器会启动 authenticationEntryPoint,也就是启动认证流程。

当检测到 AccessDeniedException 异常时,该过滤器先判断当前用户是否为匿名访问或者Remember Me访问。如果是这两种情况之一,会启动 authenticationEntryPoint逻辑。如果安全配置开启了用户名/密码表单认证,通常这个authenticationEntryPoint会对应到一个LoginUrlAuthenticationEntryPoint。它执行时会将用户带到登录页面,开启登录认证流程。

如果不是匿名访问或者Remember Me访问,接下来的处理会交给一个 AccessDeniedHandler 来完成。缺省情况下,这个 AccessDeniedHandler 的实现类是 AccessDeniedHandlerImpl,它会:

  1. 请求添加HTTP 403异常属性,记录相应的异常;
  2. 然后往写入响应HTTP状态码403;
  3. foward到相应的错误页面。

使用该过滤器必须要设置以下属性:

  1. authenticationEntryPoint:用于启动认证流程的处理器(handler)
  2. requestCache:认证过程中涉及到保存请求时使用的请求缓存策略,缺省情况下是基于sessionHttpSessionRequestCache

如果你想观察该过滤器的行为,可以在未登录状态下访问一个受登录保护的页面,系统会抛出AccessDeniedException并最终进入该Filter的职责流程。

源代码解析

package org.springframework.security.web.access;

import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.security.web.util.ThrowableCauseExtractor;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

import org.springframework.context.support.MessageSourceAccessor;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;


public class ExceptionTranslationFilter extends GenericFilterBean {

	// ~ Instance fields
	// =====================================================================================
	
	private AccessDeniedHandler accessDeniedHandler = new AccessDeniedHandlerImpl();
	private AuthenticationEntryPoint authenticationEntryPoint;
	// 用于判断一个Authentication是否Anonymous,Remember Me,
	// 缺省使用 AuthenticationTrustResolverImpl
	private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
	// 用于分析一个Throwable抛出的原因,使用本类自定义的嵌套类DefaultThrowableAnalyzer,
	// 主要是加入了对ServletException的分析
	private ThrowableAnalyzer throwableAnalyzer = new DefaultThrowableAnalyzer();

	// 请求缓存,缺省使用HttpSessionRequestCache,在遇到异常启动认证过程时会用到,
	// 因为要先把原始请求缓存下来,一旦认证成功结果,需要把原始请求提出重新跳转到相应URL
	private RequestCache requestCache = new HttpSessionRequestCache();

	private final MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();

	public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint) {
		this(authenticationEntryPoint, new HttpSessionRequestCache());
	}

	public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint,
			RequestCache requestCache) {
		Assert.notNull(authenticationEntryPoint,
				"authenticationEntryPoint cannot be null");
		Assert.notNull(requestCache, "requestCache cannot be null");
		this.authenticationEntryPoint = authenticationEntryPoint;
		this.requestCache = requestCache;
	}

	// ~ Methods
	// ====================================================================================

	@Override
	public void afterPropertiesSet() {
		Assert.notNull(authenticationEntryPoint,
				"authenticationEntryPoint must be specified");
	}

	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
			throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) req;
		HttpServletResponse response = (HttpServletResponse) res;

		// 在任何请求到达时不做任何操作,直接放行,继续filter chain的执行,
		// 但是使用一个 try-catch 来捕获filter chain中接下来会发生的各种异常,
		// 重点关注其中的以下异常,其他异常继续向外抛出 :
		// AuthenticationException : 认证失败异常,通常因为认证信息错误导致
		// AccessDeniedException : 访问被拒绝异常,通常因为权限不足导致
		try {
			chain.doFilter(request, response);

			logger.debug("Chain processed normally");
		}
		catch (IOException ex) {
			throw ex;
		}
		catch (Exception ex) {
			// Try to extract a SpringSecurityException from the stacktrace
			Throwable[] causeChain = throwableAnalyzer.determineCauseChain(ex);
			// 检测ex是否由AuthenticationException或者AccessDeniedException异常导致
			RuntimeException ase = (AuthenticationException) throwableAnalyzer
					.getFirstThrowableOfType(AuthenticationException.class, causeChain);

			if (ase == null) {
				ase = (AccessDeniedException) throwableAnalyzer.getFirstThrowableOfType(
						AccessDeniedException.class, causeChain);
			}

			if (ase != null) {
				if (response.isCommitted()) {
				
				// 如果response已经提交,则没办法向响应中转换和写入这些异常了,只好抛一个异常
				throw new ServletException(
		"Unable to handle the Spring Security Exception because the response is already committed.", 
				ex);
			
				}
				// 如果ex是由AuthenticationException或者AccessDeniedException异常导致,
				// 并且响应尚未提交,这里将这些Spring Security异常翻译成相应的 http response。
				handleSpringSecurityException(request, response, chain, ase);
			}
			else {
				// Rethrow ServletExceptions and RuntimeExceptions as-is
				if (ex instanceof ServletException) {
					throw (ServletException) ex;
				}
				else if (ex instanceof RuntimeException) {
					throw (RuntimeException) ex;
				}

				// Wrap other Exceptions. This shouldn't actually happen
				// as we've already covered all the possibilities for doFilter
				throw new RuntimeException(ex);
			}
		}
	}

	public AuthenticationEntryPoint getAuthenticationEntryPoint() {
		return authenticationEntryPoint;
	}

	protected AuthenticationTrustResolver getAuthenticationTrustResolver() {
		return authenticationTrustResolver;
	}

	// 此方法仅用于处理两种Spring Security 异常:
	// AuthenticationException , AccessDeniedException
	private void handleSpringSecurityException(HttpServletRequest request,
			HttpServletResponse response, FilterChain chain, RuntimeException exception)
			throws IOException, ServletException {
		if (exception instanceof AuthenticationException) {
			logger.debug(
				"Authentication exception occurred; redirecting to authentication entry point",
				exception);

			// 如果是 AuthenticationException 异常,启动认证流程
			sendStartAuthentication(request, response, chain,
					(AuthenticationException) exception);
		}
		else if (exception instanceof AccessDeniedException) {		
			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
			
			if (authenticationTrustResolver.isAnonymous(authentication) || 
				authenticationTrustResolver.isRememberMe(authentication)) {
			// 如果当前认证token是匿名或者RememberMe token				
				
			logger.debug(
			"Access is denied (user is " + 
			(authenticationTrustResolver.isAnonymous(authentication) 
			? "anonymous" 
			: "not fully authenticated") + "); redirecting to authentication entry point",
			exception);

			// 如果是 AccessDeniedException 异常,而且当前登录主体是匿名状态或者
			// Remember Me认证,则也启动认证流程
			sendStartAuthentication(
				request,
				response,
				chain,
				new InsufficientAuthenticationException(
				messages.getMessage(
						"ExceptionTranslationFilter.insufficientAuthentication",
						"Full authentication is required to access this resource")));
			}
			else {
				logger.debug(
				"Access is denied (user is not anonymous); delegating to AccessDeniedHandler",
				exception);

				// 如果是 AccessDeniedException 异常,而且当前用户不是匿名,也不是
				// Remember Me, 而是真正经过认证的某个用户,则说明是该用户权限不足,
				// 则交给 accessDeniedHandler 处理,缺省告知其权限不足
				// 注意 : 如果当前被请求的页面被配置成RememberMe权限可访问,但实际上
				// 当前当前安全上下文中的token是fullAuthenticated的,则也会走到这个流程
				accessDeniedHandler.handle(request, response,
						(AccessDeniedException) exception);
			}
		}
	}

	// 发起认证流程
	protected void sendStartAuthentication(HttpServletRequest request,
			HttpServletResponse response, FilterChain chain,
			AuthenticationException reason) throws ServletException, IOException {
		// SEC-112: Clear the SecurityContextHolder's Authentication, as the
		// existing Authentication is no longer considered valid

		// 将SecurityContextHolder中SecurityContext的authentication设置为null
		SecurityContextHolder.getContext().setAuthentication(null);

		// 保存当前请求,一旦认证成功,认证机制会再次提取该请求并跳转到该请求对应的页面
		requestCache.saveRequest(request, response);

		// 准备工作已经做完,开始认证流程
		logger.debug("Calling Authentication entry point.");
		authenticationEntryPoint.commence(request, response, reason);
	}

	public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
		Assert.notNull(accessDeniedHandler, "AccessDeniedHandler required");
		this.accessDeniedHandler = accessDeniedHandler;
	}

	public void setAuthenticationTrustResolver(
			AuthenticationTrustResolver authenticationTrustResolver) {
		Assert.notNull(authenticationTrustResolver,
				"authenticationTrustResolver must not be null");
		this.authenticationTrustResolver = authenticationTrustResolver;
	}

	public void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer) {
		Assert.notNull(throwableAnalyzer, "throwableAnalyzer must not be null");
		this.throwableAnalyzer = throwableAnalyzer;
	}

	/**
	 * Default implementation of ThrowableAnalyzer which is capable of also
	 * unwrapping ServletExceptions.
	 */
	private static final class DefaultThrowableAnalyzer extends ThrowableAnalyzer {
	
		protected void initExtractorMap() {
			super.initExtractorMap();

			registerExtractor(ServletException.class, new ThrowableCauseExtractor() {
				public Throwable extractCause(Throwable throwable) {
					ThrowableAnalyzer.verifyThrowableHierarchy(throwable,
							ServletException.class);
					return ((ServletException) throwable).getRootCause();
				}
			});
		}

	}

}

参考文章

spring-security(十九)核心Filter-ExceptionTranslationFilter
高枫的博客
02-27 1531
前言: 在spring的安全过滤器链中ExceptionTranslationFilter在FilterSecurityInterceptor的前面,这个过滤器自身并不执行具体的安全防护,他主要处理FilterSecurityInterceptor这个过滤器抛出的各种异常,并返回给客户端一个合适的http响应。 一、ExceptionTranslationFilter功能和属性 1.在类...
springsecurity初体验(5.3.5官方文档)-1
tianyadaoke2020的博客
08-27 1911
5.1.2 密码存储 PasswordEncoder,5.0之前默认的NoOpPasswordEncoder ,框架用了DelegatingPasswordEncoder模式,方便将来更新存储方式的时候不用变动框架。 创建委托: PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); 创建自定义的委托: String idForEncode = "bcrypt"; M
Spring Security3源码分析-ExceptionTranslationFilter分析
Dead_Knight的专栏
05-09 303
ExceptionTranslationFilter过滤器对应的类路径为 org.springframework.security.web.access.ExceptionTranslationFilter 从类名就看出这个过滤器用于异常翻译的。但是从这个过滤器在filterchain中的位置来看,它仅仅处于倒数第三的位置(这个filter后面分为是FilterSecurityIntercep...
Spring Security核心组件:ExceptionTranslationFilter详解
最新发布
gitblog_01127的博客
09-13 961
你是否曾为Spring Security中认证失败和授权拒绝的异常处理逻辑感到困惑?作为Web应用安全防护的核心框架,Spring Security需要将Java异常优雅地转换为HTTP响应。ExceptionTranslationFilter(异常转换过滤器)正是这一过程的关键桥梁,它不执行实际的安全验证,却承担着连接安全异常与用户界面响应的重要职责。本文将深入剖析ExceptionTransl...
ExceptionTranslationFilter详解
小汤圆
08-11 1822
ExceptionTranslationFilter异常转换过滤器位于整个springSecurityFilterChain的后方,用来转换整个链路中出现的异常,将其转化,顾名思义,转化以意味本身并不处理。一般其只处理两大类异常:AccessDeniedException访问异常和AuthenticationException认证异常。 这个过滤器非常重要,因为它将Java中的异常和HTTP的响应连接在了一起,这样在处理异常时,我们不用考虑密码错误该跳到什么页面,账号锁定该如何,只需要关注自己的业务逻辑,抛
SpringBoot3-Security之异常处理ExceptionTranslationFilter
qq_45090949的博客
12-06 353
本文主要研究异常处理过滤器。
Spring Security-认证过程的发起(ExceptionTranslationFilter,AuthenticationEntryPoint)
热门推荐
kaikai8552的专栏
02-24 1万+
发起的条件:      用户访问资源时,发生授权异常(AuthenticationException)或认证异(AccessDeniedException),ExceptionTranslationFilter通过调用AuthenticationEntryPoint的commence方法发起认证过程。如果ExceptionTranslationFilter接收到的是授权异常,并且当前认证过的票据不
spring security 参考手册中文版
02-01
Web - spring-security-web.jar 25 配置 - spring-security-config.jar 26 LDAP - spring-security-ldap.jar 26 ACL - spring-security-acl.jar 26 CAS - spring-security-cas.jar 26 OpenID - spring-security-...
C:\Users\dell\.jdks\openjdk-23.0.1\bin\java.exe -XX:TieredStopAtLevel=1 -Dspring.output.ansi.enabled=always -Dcom.sun.management.jmxremote -Dspring.jmx.enabled=true -Dspring.liveBeansView.mbeanDomain -Dspring.application.admin.enabled=true "-Dmanagement.endpoints.jmx.exposure.include=*" "-javaagent:D:\腾讯电脑管家软件搬家\软件搬家\IntelliJ IDEA 2024.3.1.1\lib\idea_rt.jar=49785:D:\腾讯电脑管家软件搬家\软件搬家\IntelliJ IDEA 2024.3.1.1\bin" -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8 -Dsun.stderr.encoding=UTF-8 -classpath D:\BaiduNetdiskDownload\demo\target\classes;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter-aop\2.7.6\spring-boot-starter-aop-2.7.6.jar;C:\Users\dell\.m2\repository\org\aspectj\aspectjweaver\1.9.7\aspectjweaver-1.9.7.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter-jdbc\2.7.6\spring-boot-starter-jdbc-2.7.6.jar;C:\Users\dell\.m2\repository\com\zaxxer\HikariCP\4.0.3\HikariCP-4.0.3.jar;C:\Users\dell\.m2\repository\org\springframework\spring-jdbc\5.3.24\spring-jdbc-5.3.24.jar;C:\Users\dell\.m2\repository\jakarta\transaction\jakarta.transaction-api\1.3.3\jakarta.transaction-api-1.3.3.jar;C:\Users\dell\.m2\repository\jakarta\persistence\jakarta.persistence-api\2.2.3\jakarta.persistence-api-2.2.3.jar;C:\Users\dell\.m2\repository\org\hibernate\hibernate-core\5.6.14.Final\hibernate-core-5.6.14.Final.jar;C:\Users\dell\.m2\repository\org\jboss\logging\jboss-logging\3.4.3.Final\jboss-logging-3.4.3.Final.jar;C:\Users\dell\.m2\repository\net\bytebuddy\byte-buddy\1.12.19\byte-buddy-1.12.19.jar;C:\Users\dell\.m2\repository\antlr\antlr\2.7.7\antlr-2.7.7.jar;C:\Users\dell\.m2\repository\org\jboss\jandex\2.4.2.Final\jandex-2.4.2.Final.jar;C:\Users\dell\.m2\repository\com\fasterxml\classmate\1.5.1\classmate-1.5.1.jar;C:\Users\dell\.m2\repository\org\hibernate\common\hibernate-commons-annotations\5.1.2.Final\hibernate-commons-annotations-5.1.2.Final.jar;C:\Users\dell\.m2\repository\org\glassfish\jaxb\jaxb-runtime\2.3.7\jaxb-runtime-2.3.7.jar;C:\Users\dell\.m2\repository\org\glassfish\jaxb\txw2\2.3.7\txw2-2.3.7.jar;C:\Users\dell\.m2\repository\com\sun\istack\istack-commons-runtime\3.0.12\istack-commons-runtime-3.0.12.jar;C:\Users\dell\.m2\repository\com\sun\activation\jakarta.activation\1.2.2\jakarta.activation-1.2.2.jar;C:\Users\dell\.m2\repository\org\springframework\data\spring-data-jpa\2.7.6\spring-data-jpa-2.7.6.jar;C:\Users\dell\.m2\repository\org\springframework\data\spring-data-commons\2.7.6\spring-data-commons-2.7.6.jar;C:\Users\dell\.m2\repository\org\springframework\spring-orm\5.3.24\spring-orm-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\spring-context\5.3.24\spring-context-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\spring-tx\5.3.24\spring-tx-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\spring-beans\5.3.24\spring-beans-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\spring-aspects\5.3.24\spring-aspects-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter\2.7.6\spring-boot-starter-2.7.6.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter-logging\2.7.6\spring-boot-starter-logging-2.7.6.jar;C:\Users\dell\.m2\repository\ch\qos\logback\logback-classic\1.2.11\logback-classic-1.2.11.jar;C:\Users\dell\.m2\repository\ch\qos\logback\logback-core\1.2.11\logback-core-1.2.11.jar;C:\Users\dell\.m2\repository\org\apache\logging\log4j\log4j-to-slf4j\2.17.2\log4j-to-slf4j-2.17.2.jar;C:\Users\dell\.m2\repository\org\apache\logging\log4j\log4j-api\2.17.2\log4j-api-2.17.2.jar;C:\Users\dell\.m2\repository\org\slf4j\jul-to-slf4j\1.7.36\jul-to-slf4j-1.7.36.jar;C:\Users\dell\.m2\repository\jakarta\annotation\jakarta.annotation-api\1.3.5\jakarta.annotation-api-1.3.5.jar;C:\Users\dell\.m2\repository\org\yaml\snakeyaml\1.30\snakeyaml-1.30.jar;C:\Users\dell\.m2\repository\org\springframework\spring-aop\5.3.24\spring-aop-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\security\spring-security-config\5.7.5\spring-security-config-5.7.5.jar;C:\Users\dell\.m2\repository\org\springframework\security\spring-security-web\5.7.5\spring-security-web-5.7.5.jar;C:\Users\dell\.m2\repository\org\springframework\spring-expression\5.3.24\spring-expression-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter-thymeleaf\2.7.6\spring-boot-starter-thymeleaf-2.7.6.jar;C:\Users\dell\.m2\repository\org\thymeleaf\thymeleaf-spring5\3.0.15.RELEASE\thymeleaf-spring5-3.0.15.RELEASE.jar;C:\Users\dell\.m2\repository\org\thymeleaf\thymeleaf\3.0.15.RELEASE\thymeleaf-3.0.15.RELEASE.jar;C:\Users\dell\.m2\repository\org\attoparser\attoparser\2.0.5.RELEASE\attoparser-2.0.5.RELEASE.jar;C:\Users\dell\.m2\repository\org\unbescape\unbescape\1.1.6.RELEASE\unbescape-1.1.6.RELEASE.jar;C:\Users\dell\.m2\repository\org\thymeleaf\extras\thymeleaf-extras-java8time\3.0.4.RELEASE\thymeleaf-extras-java8time-3.0.4.RELEASE.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter-web\2.7.6\spring-boot-starter-web-2.7.6.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter-json\2.7.6\spring-boot-starter-json-2.7.6.jar;C:\Users\dell\.m2\repository\com\fasterxml\jackson\core\jackson-databind\2.13.4.2\jackson-databind-2.13.4.2.jar;C:\Users\dell\.m2\repository\com\fasterxml\jackson\core\jackson-annotations\2.13.4\jackson-annotations-2.13.4.jar;C:\Users\dell\.m2\repository\com\fasterxml\jackson\core\jackson-core\2.13.4\jackson-core-2.13.4.jar;C:\Users\dell\.m2\repository\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.13.4\jackson-datatype-jdk8-2.13.4.jar;C:\Users\dell\.m2\repository\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.13.4\jackson-datatype-jsr310-2.13.4.jar;C:\Users\dell\.m2\repository\com\fasterxml\jackson\module\jackson-module-parameter-names\2.13.4\jackson-module-parameter-names-2.13.4.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter-tomcat\2.7.6\spring-boot-starter-tomcat-2.7.6.jar;C:\Users\dell\.m2\repository\org\apache\tomcat\embed\tomcat-embed-core\9.0.69\tomcat-embed-core-9.0.69.jar;C:\Users\dell\.m2\repository\org\apache\tomcat\embed\tomcat-embed-websocket\9.0.69\tomcat-embed-websocket-9.0.69.jar;C:\Users\dell\.m2\repository\org\springframework\spring-web\5.3.24\spring-web-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\spring-webmvc\5.3.24\spring-webmvc-5.3.24.jar;C:\Users\dell\.m2\repository\org\apache\tomcat\embed\tomcat-embed-el\9.0.69\tomcat-embed-el-9.0.69.jar;C:\Users\dell\.m2\repository\org\hibernate\validator\hibernate-validator\6.2.5.Final\hibernate-validator-6.2.5.Final.jar;C:\Users\dell\.m2\repository\jakarta\validation\jakarta.validation-api\2.0.2\jakarta.validation-api-2.0.2.jar;C:\Users\dell\.m2\repository\org\thymeleaf\extras\thymeleaf-extras-springsecurity6\3.1.2.RELEASE\thymeleaf-extras-springsecurity6-3.1.2.RELEASE.jar;C:\Users\dell\.m2\repository\org\thymeleaf\thymeleaf-spring6\3.1.2.RELEASE\thymeleaf-spring6-3.1.2.RELEASE.jar;C:\Users\dell\.m2\repository\org\slf4j\slf4j-api\1.7.36\slf4j-api-1.7.36.jar;C:\Users\dell\.m2\repository\com\mysql\mysql-connector-j\8.0.31\mysql-connector-j-8.0.31.jar;C:\Users\dell\.m2\repository\org\projectlombok\lombok\1.18.30\lombok-1.18.30.jar;C:\Users\dell\.m2\repository\commons-fileupload\commons-fileupload\1.5\commons-fileupload-1.5.jar;C:\Users\dell\.m2\repository\commons-io\commons-io\2.11.0\commons-io-2.11.0.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot\2.7.6\spring-boot-2.7.6.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-autoconfigure\2.7.6\spring-boot-autoconfigure-2.7.6.jar;C:\Users\dell\.m2\repository\jakarta\xml\bind\jakarta.xml.bind-api\2.3.3\jakarta.xml.bind-api-2.3.3.jar;C:\Users\dell\.m2\repository\jakarta\activation\jakarta.activation-api\1.2.2\jakarta.activation-api-1.2.2.jar;C:\Users\dell\.m2\repository\org\springframework\spring-core\5.3.24\spring-core-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\spring-jcl\5.3.24\spring-jcl-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\security\spring-security-core\5.7.5\spring-security-core-5.7.5.jar;C:\Users\dell\.m2\repository\org\springframework\security\spring-security-crypto\5.7.5\spring-security-crypto-5.7.5.jar com.example.club.ClubApplication . ____ _ __ _ _ /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ \\/ ___)| |_)| | | | | || (_| | ) ) ) ) ' |____| .__|_| |_|_| |_\__, | / / / / =========|_|==============|___/=/_/_/_/ :: Spring Boot :: (v2.7.6) 2025-06-23 20:25:46.155 INFO 10184 --- [ main] com.example.club.ClubApplication : Starting ClubApplication using Java 23.0.1 on DESKTOP-TBMIJJH with PID 10184 (D:\BaiduNetdiskDownload\demo\target\classes started by dell in D:\BaiduNetdiskDownload\demo) 2025-06-23 20:25:46.156 DEBUG 10184 --- [ main] com.example.club.ClubApplication : Running with Spring Boot v2.7.6, Spring v5.3.24 2025-06-23 20:25:46.156 INFO 10184 --- [ main] com.example.club.ClubApplication : No active profile set, falling back to 1 default profile: "default" 2025-06-23 20:25:46.620 INFO 10184 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode. 2025-06-23 20:25:46.662 INFO 10184 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 37 ms. Found 4 JPA repository interfaces. 2025-06-23 20:25:47.019 INFO 10184 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http) 2025-06-23 20:25:47.026 INFO 10184 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat] 2025-06-23 20:25:47.026 INFO 10184 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.69] 2025-06-23 20:25:47.123 INFO 10184 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext 2025-06-23 20:25:47.123 INFO 10184 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 926 ms 2025-06-23 20:25:47.219 INFO 10184 --- [ main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default] 2025-06-23 20:25:47.259 INFO 10184 --- [ main] org.hibernate.Version : HHH000412: Hibernate ORM core version 5.6.14.Final 2025-06-23 20:25:47.365 INFO 10184 --- [ main] o.hibernate.annotations.common.Version : HCANN000001: Hibernate Commons Annotations {5.1.2.Final} 2025-06-23 20:25:47.428 INFO 10184 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting... 2025-06-23 20:25:47.531 INFO 10184 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed. 2025-06-23 20:25:47.542 INFO 10184 --- [ main] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.MySQL8Dialect Hibernate: create table activity ( id bigint not null auto_increment, content TEXT, cover_image varchar(255), publish_time datetime(6), title varchar(255), primary key (id) ) engine=InnoDB Hibernate: create table blog ( id bigint not null auto_increment, content TEXT, create_time datetime(6), title varchar(255), visibility varchar(255), user_id bigint, primary key (id) ) engine=InnoDB Hibernate: create table friendship ( id bigint not null auto_increment, status varchar(255), friend_id bigint, user_id bigint, primary key (id) ) engine=InnoDB Hibernate: create table user ( id bigint not null auto_increment, created_at datetime(6), email varchar(255) not null, failed_login_attempts integer not null, last_login datetime(6), password varchar(255) not null, profile_pic varchar(255), real_name varchar(255), role varchar(255), status varchar(255), username varchar(255) not null, primary key (id) ) engine=InnoDB Hibernate: alter table user drop index UK_sb8bbouer5wak8vyiiy4pf2bx Hibernate: alter table user add constraint UK_sb8bbouer5wak8vyiiy4pf2bx unique (username) Hibernate: alter table blog add constraint FKpxk2jtysqn41oop7lvxcp6dqq foreign key (user_id) references user (id) Hibernate: alter table friendship add constraint FK11spi5x122uxevijievf5g7iu foreign key (friend_id) references user (id) Hibernate: alter table friendship add constraint FKb9biiilqk4uo9g72qbaopolea foreign key (user_id) references user (id) 2025-06-23 20:25:48.148 INFO 10184 --- [ main] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform] 2025-06-23 20:25:48.153 INFO 10184 --- [ main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default' 2025-06-23 20:25:48.179 WARN 10184 --- [ main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning 2025-06-23 20:25:48.595 INFO 10184 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@57e6d56a, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5c1687d1, org.springframework.security.web.context.SecurityContextPersistenceFilter@478c84aa, org.springframework.security.web.header.HeaderWriterFilter@1ddc8fc, org.springframework.security.web.csrf.CsrfFilter@4745bcc6, org.springframework.security.web.authentication.logout.LogoutFilter@25d23478, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@299ddfff, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@18d1d137, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3cab07dd, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@1504b493, org.springframework.security.web.session.SessionManagementFilter@1e288c76, org.springframework.security.web.access.ExceptionTranslationFilter@221961af, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@7fce1069] 2025-06-23 20:25:48.693 INFO 10184 --- [ main] o.s.b.a.w.s.WelcomePageHandlerMapping : Adding welcome page template: index 2025-06-23 20:25:48.839 INFO 10184 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path '' 2025-06-23 20:25:48.845 INFO 10184 --- [ main] com.example.club.ClubApplication : Started ClubApplication in 2.943 seconds (JVM running for 3.493)
06-24
on-migrate=true#如果数据库非空,需要基线化第四步:修改安全配置,使用数据库用户移除以下配置:spring.security.user.name=adminspring.security.user.password=adminpassspring.security.user.roles=ADMIN并实现...
SpringSecurity的HTTP权限控制
风雨的博客
10-24 6117
Spring Security的HTTP权限控制 简介 一个能够为基于Spring的企业应用系统提供声明式的安全訪问控制解决方式的安全框架(简单说是对访问权限进行控制嘛),应用的安全性包括用户认证(Authentication)和用户授权(Authorization)两个部分。用户认证指的是验证某个用户是否为系统中的合法主体,也就是说用户能否访问该系统。用户认证一般要求用户提供用户名和密码。系统...
SpringSecurity整合JWT
胡峻峥的博客
01-19 1339
一、前言   最近负责支付宝小程序后端项目设计,这里主要分享一下用户会话、接口鉴权的设计。参考过微信小程序后端的设计,会话需要依靠redis。相关的开发人员和我说依靠Redis并不是很靠谱,redis在业务高峰期不稳定,容易出现问题,总会出现用户会话丢失、超时的问题。之前听过JWT相关的设计,决定尝试一下。 二、什么是JWT   JSON Web Token(JWT)是一个开放标准(RFC ...
解决:org.springframework.security.access.AccessDeniedException Access is denied
m0_67394360的博客
04-29 1461
最近在使用SpringSecurity时涉及到从数据库中获取用户,结果一直报错,错误如下 Secure object: FilterInvocation: URL: /index.jsp; Attributes: [hasRole('ROLE_USER')] 2017-06-29 23:02:27 731 [DEBUG] Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationT
Spring Security--异常处理过滤器
oPeiJie1的博客
02-12 825
Spring Secutiy异常处理
Spring Security - ExceptionTranslationFilter
qq:489366879
11-08 949
1.首先判断是不是SpringSecurity产生的异常,如果是将在handleSpringSecurityException(request, response, chain, ase)处理,否则抛出ServletException/RuntimeException; 2.handleSpringSecurityException方法首先判断是否是AuthenticationException...
史上最简单的Spring Security教程(三十八):ExceptionTranslationFilter详解
银河架构师的博客
10-24 1652
这是Spring Security框架FilterChain中倒数第二个 Filter,承载着承上启下的作用。还记得 FilterSecurityInterceptor 吗?史上最简单的Spring Security教程(十六):FilterSecurityInterceptor详解。 如当用户未登录时抛出的 AccessDeniedException 异常、或者其它 AuthenticationException 异常。此时,系统会跳转到固定的页面,如 403 页面、或者执行其它操作。 ...
SpringSecuritySpringSecurity保存登录前的请求页面和跳转回登录前页面的源码分析
HHoao的博客
05-03 1600
SpringSecurity保存登录前的请求页面和跳转回登录前页面的源码分析 保存 ExceptionTranslationFilter在处理未认证信息异常时会使用RequestCache保存登录前请求页面信息。 所以我们就从创建ExceptionTranslationFilterRequestCache开始分析。 ExceptionTranslationFilterRequestCache都是由ExceptionHandlingConfigurer创建的,如下: ExceptionHandlingC
Spring Security体系结构
qq_27890899的博客
05-31 661
Spring Security的过滤器链加载与执行原理。
详解cookie、session和HTTP缓存
weixin_72689548的博客
11-22 1161
来自维基百科的解释:在计算机科学领域来说,尤其是在网络领域,会话(session)是一种持久网络协议,在用户(或用户代理)端和服务器端之间创建关联,从而起到交换数据包的作用机制,session在网络协议(例如telnet或FTP)中是非常重要的部分。个人理解: session 是一种在服务器端保存数据的机制。服务器通过读取浏览器发送的 cookie 和 服务器端的 session 来交换数据。java,保存于服务器内存中,重启服务器,session 消失。
HTTP基础
dqd66的博客
10-17 608
Etag 实体标签 根据实体内容生成的一段hash 字符 可以标识资源状态 通过http请求 if-None-Match。OPRIONS:要求服务器返回对某一资源有效的HTTP请求方法 服务器返回Allow消息头的响应 包含支持的请求方法。1Web应用程序进行测试需要使用相关的编码方式对数据进行编码 确保应用程序按照相应的范式进行处理。http请求通过 if-Modified-Since 传递缓存保存的最后修改时间。根据缓存中保存的资源最后修改时间与服务器资源文件的最后修改时间对比 如果一致使用缓存。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值