SpringSecurity-优快云博客

本文链接：https://blog.youkuaiyun.com/qq_36777191/article/details/123610917

1、SpringSecurity

SpringSecurity本质上是一个基于ServletFilter实现的过滤器链框架，当容器创建时相关的过滤器都跟着被创建，其中常用的过滤器有下面几个

org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
org.springframework.security.web.header.HeaderWriterFilter
org.springframework.security.web.csrf.CsrfFilter
org.springframework.security.web.authentication.logout.LogoutFilter
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
org.springframework.security.web.savedrequest.RequestCacheAwareFilter
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
org.springframework.security.web.authentication.AnonymousAuthenticationFilter
org.springframework.security.web.session.SessionManagementFilter
org.springframework.security.web.access.ExceptionTranslationFilter
org.springframework.security.web.access.intercept.FilterSecurityInterceptor

具体功能讲解可参考文章

2、过滤器的加载过程

DelegatingFilterProxy被SpringBoot加载，相当于web.xml的内容被执行
Delegating.initFilterBean()：初始化方法，该方法获取了FilterChainProxy
Delegating.doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)：对FilterChainProxy进行操作
FilterChainProxy.doFilter(request,response,filterChain)：创建新chain对象并由其执行SpringSecurity的过滤器集合

3、相关接口

1、UserDetailsService

当什么也没有配置的时候，账号和密码是由SpringSecurity定义的。而在实际开发中，该定义会被业务逻辑和数据库重写。基于此有了UserDetailsService接口，如下

package org.springframework.security.core.userdetails;

public interface UserDetailsService {
    UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
}

2、PasswordEncoder

在实际开发中需要在配置中开启密码加密，而PasswordEncoder就是一个加密类的实现接口，在配置类中定义即可，如下

package org.springframework.security.crypto.password;

public interface PasswordEncoder {
    String encode(CharSequence rawPassword);

    boolean matches(CharSequence rawPassword, String encodedPassword);

    default boolean upgradeEncoding(String encodedPassword) {
        return false;
    }
}

3、基于上述两个接口实现一个自定义类

第一步创建配置类，设置使用哪个UserDetailsService类

第二步编写实现类，返回User对象，Use对象有用户名和操作权限