Spring Security Web 5.1.2 源码解析 -- FilterSecurityInterceptor

最新推荐文章于 2021-12-26 15:37:44 发布
原创 最新推荐文章于 2021-12-26 15:37:44 发布 · 1.4k 阅读 · 2 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

概述

此过滤器FilterSecurityInterceptor是一个请求处理过程中安全机制过滤器链中最后一个filter,它执行真正的HTTP资源安全控制。

具体代码实现上,FilterSecurityInterceptor主要是将请求上下文包装成一个FilterInvocation然后对它进行操作。FilterSecurityInterceptor仅仅包含调用FilterInvocation的主要流程。具体的安全控制细节,在其基类AbstractSecurityInterceptor中实现。

源代码解析

package org.springframework.security.web.access.intercept;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.security.web.FilterInvocation;

public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements
		Filter {
	// ~ Static fields/initializers
	// =================================================================

	private static final String FILTER_APPLIED = "__spring_security_filterSecurityInterceptor_filterApplied";

	// ~ Instance fields
	// =================================================================

	private FilterInvocationSecurityMetadataSource securityMetadataSource;
	private boolean observeOncePerRequest = true;

	// ~ Methods
	// =================================================================

	
	public void init(FilterConfig arg0) throws ServletException {
	}

	
	public void destroy() {
	}


	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
       // 封装请求上下文为一个FilterInvocation,然后调用该FilterInvocation执行安全认证     
		FilterInvocation fi = new FilterInvocation(request, response, chain);
		invoke(fi);
	}

	public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
		return this.securityMetadataSource;
	}

	public SecurityMetadataSource obtainSecurityMetadataSource() {
		return this.securityMetadataSource;
	}

	public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) {
		this.securityMetadataSource = newSource;
	}

	public Class<?> getSecureObjectClass() {
		return FilterInvocation.class;
	}

	public void invoke(FilterInvocation fi) throws IOException, ServletException {
		if ((fi.getRequest() != null)
				&& (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
				&& observeOncePerRequest) {
			// filter already applied to this request and user wants us to observe
			// once-per-request handling, so don't re-do security checking
          // 如果被指定为在整个请求处理过程中只能执行最多一次 ,并且监测到已经执行过,
          // 则直接放行,继续 filter chain 的执行
			fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
		}
		else {
			// first time this request being called, so perform security checking
			if (fi.getRequest() != null && observeOncePerRequest) {
            // 如果被指定为在整个请求处理过程中只能执行最多一次 ,并且监测到尚未执行,
            // 则设置已经执行标志,随后执行职责逻辑
				fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
			}

          // 这里是该过滤器进行安全检查的职责逻辑,具体实现在基类AbstractSecurityInterceptor
          // 主要是进行必要的认证和授权检查,如果遇到相关异常则抛出异常,之后的过滤器链
          // 调用不会继续进行
			InterceptorStatusToken token = super.beforeInvocation(fi);

			try {
              // 如果上面通过安全检查,这里继续过滤器的执行  
				fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
			}
			finally {
				super.finallyInvocation(token);
			}

			super.afterInvocation(token, null);
		}
	}

	// 指定是否在整个请求处理过程中该过滤器只被执行一次,缺省是 true。
    // 也存在在整个请求处理过程中该过滤器需要执行多次的情况,比如JSP foward/include
    // 等情况。
	public boolean isObserveOncePerRequest() {
		return observeOncePerRequest;
	}

	public void setObserveOncePerRequest(boolean observeOncePerRequest) {
		this.observeOncePerRequest = observeOncePerRequest;
	}
}


    // AbstractSecurityInterceptor 类源代码
	protected InterceptorStatusToken beforeInvocation(Object object) {
		Assert.notNull(object, "Object was null");
		final boolean debug = logger.isDebugEnabled();

		if (!getSecureObjectClass().isAssignableFrom(object.getClass())) {
			throw new IllegalArgumentException(
					"Security invocation attempted for object "
						+ object.getClass().getName()
						+ " but AbstractSecurityInterceptor only configured to support secure objects of type: "
						+ getSecureObjectClass());
		}

        // 从安全配置中获取安全元数据,记录在 attributes
		Collection<ConfigAttribute> attributes = this.obtainSecurityMetadataSource()
				.getAttributes(object);

		if (attributes == null || attributes.isEmpty()) {
            // 说明该安全对象没有配置安全控制,可以被公开访问
			if (rejectPublicInvocations) {
            // 如果系统配置了拒绝公开调用,则抛出异常拒绝当前请求
				throw new IllegalArgumentException(
						"Secure object invocation "
								+ object
								+ " was denied as public invocations are not allowed via this interceptor. "
								+ "This indicates a configuration error because the "
								+ "rejectPublicInvocations property is set to 'true'");
			}

			if (debug) {
				logger.debug("Public object - authentication not attempted");
			}

			publishEvent(new PublicInvocationEvent(object));

           // 该资源没有设置安全,可以公开访问,不做相应的安全检查,返回 null,
           // 表示不需要做后续处理
			return null; // no further work post-invocation
		}

		if (debug) {
			logger.debug("Secure object: " + object + "; Attributes: " + attributes);
		}

		if (SecurityContextHolder.getContext().getAuthentication() == null) {
        // 如果安全认证token不存在,则抛出异常 AuthenticationCredentialsNotFoundException
			credentialsNotFound(messages.getMessage(
					"AbstractSecurityInterceptor.authenticationNotFound",
					"An Authentication object was not found in the SecurityContext"),
					object, attributes);
		}

        // 如果安全认证token存在,则检查是否需要认证,如果需要,则执行认证并更行
        // 安全上下文中的安全认证token,如果认证失败,抛出异常 AuthenticationException
		Authentication authenticated = authenticateIfRequired();

		// Attempt authorization
		try {
            // 现在已经确保用户通过了认证,现在基于登录的当前用户信息,和目标资源的安全配置属性
            // 进行相应的权限检查,如果检查失败,则抛出相应的异常 AccessDeniedException
			this.accessDecisionManager.decide(authenticated, object, attributes);
		}
		catch (AccessDeniedException accessDeniedException) {
			publishEvent(new AuthorizationFailureEvent(object, attributes, authenticated,
					accessDeniedException));

			throw accessDeniedException;
		}

		if (debug) {
			logger.debug("Authorization successful");
		}

		if (publishAuthorizationSuccess) {
			publishEvent(new AuthorizedEvent(object, attributes, authenticated));
		}

		// Attempt to run as a different user
       // 如果设置了 RunAsManager, 尝试将当前安全认证token修改为另外一个run-as用户,
       // 缺省是 NullRunAsManager, 其实相当于没有启用 run-as, 下面的 runAs 缺省会是
       // null
		Authentication runAs = this.runAsManager.buildRunAs(authenticated, object,
				attributes);

		if (runAs == null) {
			if (debug) {
				logger.debug("RunAsManager did not change Authentication object");
			}

			// no further work post-invocation
          // 注意这里第二个参数为 false, 表示请求处理完之后再次回到该filter时不需要在刷新安全认证token  
			return new InterceptorStatusToken(SecurityContextHolder.getContext(), false,
					attributes, object);
		}
		else {
			if (debug) {
				logger.debug("Switching to RunAs Authentication: " + runAs);
			}

			SecurityContext origCtx = SecurityContextHolder.getContext();
			SecurityContextHolder.setContext(SecurityContextHolder.createEmptyContext());
			SecurityContextHolder.getContext().setAuthentication(runAs);

			// need to revert to token.Authenticated post-invocation
          // 注意这里第二个参数为 true, 表示请求处理完之后再次回到该filter时需要在刷新安全认证token :
          // 恢复到 run-as 之前的安全认证token
			return new InterceptorStatusToken(origCtx, true, attributes, object);
		}
	}

其他文章

Spring Security Web 5.1.2 源码解析 – 安全相关Filter清单

FilterSecurityInterceptor源码解读
weixin_47071411的博客
04-08 570
FilterSecurityInterceptor源码解读 FilterSecurityInterceptor概念: 获取所配置资源访问的授权信息,根据SecurityContextHolder中存储的用户信息来决定其是否有权限。 要实现FilterSecurityInterceptor得有三个条件 (1)决策管理器:决定这个用户能不能访问这个资源 三种类型的决策器 AffirmativeBased:只要有一个voter投同意票,就授权成功,一般用这个 ConsensusBased:只要投同意票的大于投
spring security FilterSecurityInterceptor过滤器访问控制流程分析
a807719447的专栏
11-18 1063
FilterSecurityInterceptor.doFilter中调用了当前类的invoke(fi)方法参数fi为FilterInvocation(调用的对象内部封装了当前请求的一些列信息),该方法主要流程如下 public void invoke(FilterInvocation fi) throws IOException, ServletException { //判断当前请求的request不为null,FILTER_APPLIED这个属性限制 //了当前类型的过滤器仅执行一个,它结合obser
Spring security用户URL权限FilterSecurityInterceptor使用解析
08-25
主要介绍了Spring security用户URL权限FilterSecurityInterceptor使用解析,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
spring-security FilterSecurityInterceptor 源码分析
qq_30321211的博客
12-25 683
FilterSecurityInterceptor 这个过滤器决定了访问特定路径应该具备的权限,访问的用户的角色,权限是什么?访问的路径需要什么样的角色和权限?这些判断和处理都是由该类进行的 FilterSecurityInterceptor public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter { //默认实现类:ExpressionBasedFilterInvocati
聊聊FilterSecurityInterceptor
weixin_34204057的博客
12-18 257
为什么80%的码农都做不了架构师?>>> ...
spring security——学习笔记(day04)身份认证源码解析SecurityContextPersistenceFilter+UsernamePasswordAuthenticationF
键上艺术家
12-26 1416
5.认证与授权
springsecurity初体验(5.3.5官方文档)-1
tianyadaoke2020的博客
08-27 1911
5.1.2 密码存储 PasswordEncoder,5.0之前默认的NoOpPasswordEncoder ,框架用了DelegatingPasswordEncoder模式,方便将来更新存储方式的时候不用变动框架。 创建委托: PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); 创建自定义的委托: String idForEncode = "bcrypt"; M
spring security 参考手册中文版
02-01
Web - spring-security-web.jar 25 配置 - spring-security-config.jar 26 LDAP - spring-security-ldap.jar 26 ACL - spring-security-acl.jar 26 CAS - spring-security-cas.jar 26 OpenID - spring-security-...
C:\Users\dell\.jdks\openjdk-23.0.1\bin\java.exe -XX:TieredStopAtLevel=1 -Dspring.output.ansi.enabled=always -Dcom.sun.management.jmxremote -Dspring.jmx.enabled=true -Dspring.liveBeansView.mbeanDomain -Dspring.application.admin.enabled=true "-Dmanagement.endpoints.jmx.exposure.include=*" "-javaagent:D:\腾讯电脑管家软件搬家\软件搬家\IntelliJ IDEA 2024.3.1.1\lib\idea_rt.jar=49785:D:\腾讯电脑管家软件搬家\软件搬家\IntelliJ IDEA 2024.3.1.1\bin" -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8 -Dsun.stderr.encoding=UTF-8 -classpath D:\BaiduNetdiskDownload\demo\target\classes;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter-aop\2.7.6\spring-boot-starter-aop-2.7.6.jar;C:\Users\dell\.m2\repository\org\aspectj\aspectjweaver\1.9.7\aspectjweaver-1.9.7.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter-jdbc\2.7.6\spring-boot-starter-jdbc-2.7.6.jar;C:\Users\dell\.m2\repository\com\zaxxer\HikariCP\4.0.3\HikariCP-4.0.3.jar;C:\Users\dell\.m2\repository\org\springframework\spring-jdbc\5.3.24\spring-jdbc-5.3.24.jar;C:\Users\dell\.m2\repository\jakarta\transaction\jakarta.transaction-api\1.3.3\jakarta.transaction-api-1.3.3.jar;C:\Users\dell\.m2\repository\jakarta\persistence\jakarta.persistence-api\2.2.3\jakarta.persistence-api-2.2.3.jar;C:\Users\dell\.m2\repository\org\hibernate\hibernate-core\5.6.14.Final\hibernate-core-5.6.14.Final.jar;C:\Users\dell\.m2\repository\org\jboss\logging\jboss-logging\3.4.3.Final\jboss-logging-3.4.3.Final.jar;C:\Users\dell\.m2\repository\net\bytebuddy\byte-buddy\1.12.19\byte-buddy-1.12.19.jar;C:\Users\dell\.m2\repository\antlr\antlr\2.7.7\antlr-2.7.7.jar;C:\Users\dell\.m2\repository\org\jboss\jandex\2.4.2.Final\jandex-2.4.2.Final.jar;C:\Users\dell\.m2\repository\com\fasterxml\classmate\1.5.1\classmate-1.5.1.jar;C:\Users\dell\.m2\repository\org\hibernate\common\hibernate-commons-annotations\5.1.2.Final\hibernate-commons-annotations-5.1.2.Final.jar;C:\Users\dell\.m2\repository\org\glassfish\jaxb\jaxb-runtime\2.3.7\jaxb-runtime-2.3.7.jar;C:\Users\dell\.m2\repository\org\glassfish\jaxb\txw2\2.3.7\txw2-2.3.7.jar;C:\Users\dell\.m2\repository\com\sun\istack\istack-commons-runtime\3.0.12\istack-commons-runtime-3.0.12.jar;C:\Users\dell\.m2\repository\com\sun\activation\jakarta.activation\1.2.2\jakarta.activation-1.2.2.jar;C:\Users\dell\.m2\repository\org\springframework\data\spring-data-jpa\2.7.6\spring-data-jpa-2.7.6.jar;C:\Users\dell\.m2\repository\org\springframework\data\spring-data-commons\2.7.6\spring-data-commons-2.7.6.jar;C:\Users\dell\.m2\repository\org\springframework\spring-orm\5.3.24\spring-orm-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\spring-context\5.3.24\spring-context-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\spring-tx\5.3.24\spring-tx-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\spring-beans\5.3.24\spring-beans-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\spring-aspects\5.3.24\spring-aspects-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter\2.7.6\spring-boot-starter-2.7.6.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter-logging\2.7.6\spring-boot-starter-logging-2.7.6.jar;C:\Users\dell\.m2\repository\ch\qos\logback\logback-classic\1.2.11\logback-classic-1.2.11.jar;C:\Users\dell\.m2\repository\ch\qos\logback\logback-core\1.2.11\logback-core-1.2.11.jar;C:\Users\dell\.m2\repository\org\apache\logging\log4j\log4j-to-slf4j\2.17.2\log4j-to-slf4j-2.17.2.jar;C:\Users\dell\.m2\repository\org\apache\logging\log4j\log4j-api\2.17.2\log4j-api-2.17.2.jar;C:\Users\dell\.m2\repository\org\slf4j\jul-to-slf4j\1.7.36\jul-to-slf4j-1.7.36.jar;C:\Users\dell\.m2\repository\jakarta\annotation\jakarta.annotation-api\1.3.5\jakarta.annotation-api-1.3.5.jar;C:\Users\dell\.m2\repository\org\yaml\snakeyaml\1.30\snakeyaml-1.30.jar;C:\Users\dell\.m2\repository\org\springframework\spring-aop\5.3.24\spring-aop-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\security\spring-security-config\5.7.5\spring-security-config-5.7.5.jar;C:\Users\dell\.m2\repository\org\springframework\security\spring-security-web\5.7.5\spring-security-web-5.7.5.jar;C:\Users\dell\.m2\repository\org\springframework\spring-expression\5.3.24\spring-expression-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter-thymeleaf\2.7.6\spring-boot-starter-thymeleaf-2.7.6.jar;C:\Users\dell\.m2\repository\org\thymeleaf\thymeleaf-spring5\3.0.15.RELEASE\thymeleaf-spring5-3.0.15.RELEASE.jar;C:\Users\dell\.m2\repository\org\thymeleaf\thymeleaf\3.0.15.RELEASE\thymeleaf-3.0.15.RELEASE.jar;C:\Users\dell\.m2\repository\org\attoparser\attoparser\2.0.5.RELEASE\attoparser-2.0.5.RELEASE.jar;C:\Users\dell\.m2\repository\org\unbescape\unbescape\1.1.6.RELEASE\unbescape-1.1.6.RELEASE.jar;C:\Users\dell\.m2\repository\org\thymeleaf\extras\thymeleaf-extras-java8time\3.0.4.RELEASE\thymeleaf-extras-java8time-3.0.4.RELEASE.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter-web\2.7.6\spring-boot-starter-web-2.7.6.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter-json\2.7.6\spring-boot-starter-json-2.7.6.jar;C:\Users\dell\.m2\repository\com\fasterxml\jackson\core\jackson-databind\2.13.4.2\jackson-databind-2.13.4.2.jar;C:\Users\dell\.m2\repository\com\fasterxml\jackson\core\jackson-annotations\2.13.4\jackson-annotations-2.13.4.jar;C:\Users\dell\.m2\repository\com\fasterxml\jackson\core\jackson-core\2.13.4\jackson-core-2.13.4.jar;C:\Users\dell\.m2\repository\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.13.4\jackson-datatype-jdk8-2.13.4.jar;C:\Users\dell\.m2\repository\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.13.4\jackson-datatype-jsr310-2.13.4.jar;C:\Users\dell\.m2\repository\com\fasterxml\jackson\module\jackson-module-parameter-names\2.13.4\jackson-module-parameter-names-2.13.4.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-starter-tomcat\2.7.6\spring-boot-starter-tomcat-2.7.6.jar;C:\Users\dell\.m2\repository\org\apache\tomcat\embed\tomcat-embed-core\9.0.69\tomcat-embed-core-9.0.69.jar;C:\Users\dell\.m2\repository\org\apache\tomcat\embed\tomcat-embed-websocket\9.0.69\tomcat-embed-websocket-9.0.69.jar;C:\Users\dell\.m2\repository\org\springframework\spring-web\5.3.24\spring-web-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\spring-webmvc\5.3.24\spring-webmvc-5.3.24.jar;C:\Users\dell\.m2\repository\org\apache\tomcat\embed\tomcat-embed-el\9.0.69\tomcat-embed-el-9.0.69.jar;C:\Users\dell\.m2\repository\org\hibernate\validator\hibernate-validator\6.2.5.Final\hibernate-validator-6.2.5.Final.jar;C:\Users\dell\.m2\repository\jakarta\validation\jakarta.validation-api\2.0.2\jakarta.validation-api-2.0.2.jar;C:\Users\dell\.m2\repository\org\thymeleaf\extras\thymeleaf-extras-springsecurity6\3.1.2.RELEASE\thymeleaf-extras-springsecurity6-3.1.2.RELEASE.jar;C:\Users\dell\.m2\repository\org\thymeleaf\thymeleaf-spring6\3.1.2.RELEASE\thymeleaf-spring6-3.1.2.RELEASE.jar;C:\Users\dell\.m2\repository\org\slf4j\slf4j-api\1.7.36\slf4j-api-1.7.36.jar;C:\Users\dell\.m2\repository\com\mysql\mysql-connector-j\8.0.31\mysql-connector-j-8.0.31.jar;C:\Users\dell\.m2\repository\org\projectlombok\lombok\1.18.30\lombok-1.18.30.jar;C:\Users\dell\.m2\repository\commons-fileupload\commons-fileupload\1.5\commons-fileupload-1.5.jar;C:\Users\dell\.m2\repository\commons-io\commons-io\2.11.0\commons-io-2.11.0.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot\2.7.6\spring-boot-2.7.6.jar;C:\Users\dell\.m2\repository\org\springframework\boot\spring-boot-autoconfigure\2.7.6\spring-boot-autoconfigure-2.7.6.jar;C:\Users\dell\.m2\repository\jakarta\xml\bind\jakarta.xml.bind-api\2.3.3\jakarta.xml.bind-api-2.3.3.jar;C:\Users\dell\.m2\repository\jakarta\activation\jakarta.activation-api\1.2.2\jakarta.activation-api-1.2.2.jar;C:\Users\dell\.m2\repository\org\springframework\spring-core\5.3.24\spring-core-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\spring-jcl\5.3.24\spring-jcl-5.3.24.jar;C:\Users\dell\.m2\repository\org\springframework\security\spring-security-core\5.7.5\spring-security-core-5.7.5.jar;C:\Users\dell\.m2\repository\org\springframework\security\spring-security-crypto\5.7.5\spring-security-crypto-5.7.5.jar com.example.club.ClubApplication . ____ _ __ _ _ /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ \\/ ___)| |_)| | | | | || (_| | ) ) ) ) ' |____| .__|_| |_|_| |_\__, | / / / / =========|_|==============|___/=/_/_/_/ :: Spring Boot :: (v2.7.6) 2025-06-23 20:25:46.155 INFO 10184 --- [ main] com.example.club.ClubApplication : Starting ClubApplication using Java 23.0.1 on DESKTOP-TBMIJJH with PID 10184 (D:\BaiduNetdiskDownload\demo\target\classes started by dell in D:\BaiduNetdiskDownload\demo) 2025-06-23 20:25:46.156 DEBUG 10184 --- [ main] com.example.club.ClubApplication : Running with Spring Boot v2.7.6, Spring v5.3.24 2025-06-23 20:25:46.156 INFO 10184 --- [ main] com.example.club.ClubApplication : No active profile set, falling back to 1 default profile: "default" 2025-06-23 20:25:46.620 INFO 10184 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode. 2025-06-23 20:25:46.662 INFO 10184 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 37 ms. Found 4 JPA repository interfaces. 2025-06-23 20:25:47.019 INFO 10184 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http) 2025-06-23 20:25:47.026 INFO 10184 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat] 2025-06-23 20:25:47.026 INFO 10184 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.69] 2025-06-23 20:25:47.123 INFO 10184 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext 2025-06-23 20:25:47.123 INFO 10184 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 926 ms 2025-06-23 20:25:47.219 INFO 10184 --- [ main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default] 2025-06-23 20:25:47.259 INFO 10184 --- [ main] org.hibernate.Version : HHH000412: Hibernate ORM core version 5.6.14.Final 2025-06-23 20:25:47.365 INFO 10184 --- [ main] o.hibernate.annotations.common.Version : HCANN000001: Hibernate Commons Annotations {5.1.2.Final} 2025-06-23 20:25:47.428 INFO 10184 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting... 2025-06-23 20:25:47.531 INFO 10184 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed. 2025-06-23 20:25:47.542 INFO 10184 --- [ main] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.MySQL8Dialect Hibernate: create table activity ( id bigint not null auto_increment, content TEXT, cover_image varchar(255), publish_time datetime(6), title varchar(255), primary key (id) ) engine=InnoDB Hibernate: create table blog ( id bigint not null auto_increment, content TEXT, create_time datetime(6), title varchar(255), visibility varchar(255), user_id bigint, primary key (id) ) engine=InnoDB Hibernate: create table friendship ( id bigint not null auto_increment, status varchar(255), friend_id bigint, user_id bigint, primary key (id) ) engine=InnoDB Hibernate: create table user ( id bigint not null auto_increment, created_at datetime(6), email varchar(255) not null, failed_login_attempts integer not null, last_login datetime(6), password varchar(255) not null, profile_pic varchar(255), real_name varchar(255), role varchar(255), status varchar(255), username varchar(255) not null, primary key (id) ) engine=InnoDB Hibernate: alter table user drop index UK_sb8bbouer5wak8vyiiy4pf2bx Hibernate: alter table user add constraint UK_sb8bbouer5wak8vyiiy4pf2bx unique (username) Hibernate: alter table blog add constraint FKpxk2jtysqn41oop7lvxcp6dqq foreign key (user_id) references user (id) Hibernate: alter table friendship add constraint FK11spi5x122uxevijievf5g7iu foreign key (friend_id) references user (id) Hibernate: alter table friendship add constraint FKb9biiilqk4uo9g72qbaopolea foreign key (user_id) references user (id) 2025-06-23 20:25:48.148 INFO 10184 --- [ main] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform] 2025-06-23 20:25:48.153 INFO 10184 --- [ main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default' 2025-06-23 20:25:48.179 WARN 10184 --- [ main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning 2025-06-23 20:25:48.595 INFO 10184 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@57e6d56a, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5c1687d1, org.springframework.security.web.context.SecurityContextPersistenceFilter@478c84aa, org.springframework.security.web.header.HeaderWriterFilter@1ddc8fc, org.springframework.security.web.csrf.CsrfFilter@4745bcc6, org.springframework.security.web.authentication.logout.LogoutFilter@25d23478, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@299ddfff, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@18d1d137, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3cab07dd, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@1504b493, org.springframework.security.web.session.SessionManagementFilter@1e288c76, org.springframework.security.web.access.ExceptionTranslationFilter@221961af, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@7fce1069] 2025-06-23 20:25:48.693 INFO 10184 --- [ main] o.s.b.a.w.s.WelcomePageHandlerMapping : Adding welcome page template: index 2025-06-23 20:25:48.839 INFO 10184 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path '' 2025-06-23 20:25:48.845 INFO 10184 --- [ main] com.example.club.ClubApplication : Started ClubApplication in 2.943 seconds (JVM running for 3.493)
最新发布
06-24
on-migrate=true#如果数据库非空,需要基线化第四步:修改安全配置,使用数据库用户移除以下配置:spring.security.user.name=adminspring.security.user.password=adminpassspring.security.user.roles=ADMIN并实现...
spring security 4.0 教程 步步深入 5
blurooo的博客
11-03 1万+
5. Java Configuration在Spring 3.1中向Spring框架添加了对Java配置的常规支持。 自Spring Security 3.2以来,一直有Spring Security Java配置支持,使用户能够轻松地配置Spring Security而不使用任何XML。 如果你熟悉第6章,安全命名空间配置,那么你应该发现它和安全Java配置支持之间有几个相似之处。 Sprin
Spring Security3源码分析(10)-FilterSecurityInterceptor分析
Benjamin
09-11 2144
FilterSecurityInterceptor过滤器对应的类路径为  org.springframework.security.web.access.intercept.FilterSecurityInterceptor  这个filter是filterchain中比较复杂,也是比较核心的过滤器,主要负责授权的工作  在看这个filter源码之前,先来看看spring是如何构造filte
[13] FilterSecurityInterceptor
热门推荐
既无风雨也无晴
03-19 2万+
FilterSecurityInterceptor 简介 Spring Security对于权限的控制有2种方式,1.通过ExpressionInterceptUrlRegistry进行配置,2.通过注解和切面的方式。FilterSecurityInterceptor是针对于第一种方式权限配置的控制机制,在项目或服务启动时,Spring Security会把ExpressionIntercept...
spring boot security FilterSecurityInterceptor 使用要点记录
qushapos的博客
12-10 1万+
spring security FilterSecurityInterceptor 使用要点记录 FilterSecurityInterceptor是一个方法级的权限过滤器, 基本位于过滤链的最底部 该过滤器用于控制method级别的权限控制. 官方提供了2种默认的方法权限控制写法 一种是在方法上加注释实现, 另一种是在configure配置中通过 @Secured("ROLE_ADMIN")...
Spring Security3源码分析-FilterSecurityInterceptor分析
weixin_34384915的博客
01-20 131
2019独角兽企业重金招聘Python工程师标准>>> ...
FilterSecurityInterceptor详解
小汤圆
08-14 2480
我们已经有了认证,有了请求的封装,有了Session的关联…还缺一个:由什么控制哪些资源是受限的,这些受限的资源需要什么权限,需要什么角色…这一切和访问控制相关的操作,都是由FilterSecurityInterceptor完成的。 FilterSecurityInterceptor的工作流程用笔者的理解可以理解如下:FilterSecurityInterceptorSecurityContextHolder中获取Authentication对象,然后比对用户拥有的权限和资源所需的权限。前者可以通过Aut
Springboot security cas源码陶冶-FilterSecurityInterceptor
weixin_30915275的博客
06-22 174
前言:用户登录信息校验成功后,都会获得当前用户所拥有的全部权限,所以对访问的路径当前用户有无权限则需要拦截验证一发 Spring security过滤器的执行顺序 首先我们需要验证为啥FilterSecurityInterceptor会在UsernamePassowrdAuthenticationFilter/CasAuthenticationFilter之后,这里则可以去看下spring s...
spring-security(十八)核心Filter-FilterSecurityInterceptor
高枫的博客
02-25 2909
前言: 当用spring security时,我们会用到各种各样的filter,在接下来的章节中我们我们将着重讨论几个核心的Filter,本节将讨论FilterSecurityInterceptor这个filter。 和这个类相关的对象如下图所示 [img]http://dl2.iteye.com/upload/attachment/0128/9716/26917b9a-17ba-320...
Spring Security API: FilterSecurityInterceptor
dengdeying的博客
12-27 301
FilterSecurityInterceptor Declare package org.springframework.security.web.access.intercept; public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter Class Jdoc ...
FilterSecurityInterceptor的简单介绍
youtl
10-23 2393
          在web应用中,spring security是一个filter。而在filter内部,它又自建了一个filter chain(如果不用命名空间,也可以自定义)。spring security按顺序对每个filter进行处理。各filter之间有较大的差异性。与权限验证关系最密切的是FilterSecurityInterceptor。   FilterSecurityI...
掌握iText5.1.2与PDFBox-0.7.3操作PDF文件的方法
本篇将详细介绍在Java中操作PDF文件的两个常用库:iText和PDFBox,以及它们的特定版本iText5.1.2和PDFBox-0.7.3。 ### iText库 iText是一个功能强大的开源Java库,它允许开发者创建和操作PDF文档。iText库支持多种...
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值