Spring Security(Third Edition)
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

The FilterChainProxy class

When working in conjunction with Spring Security, o.s.web.filter.DelegatingFilterProxy will delegate to the o.s.s.web.FilterChainProxy interface of Spring Security, which was created in our minimal security.xml file. The FilterChainProxy class allows Spring Security to conditionally apply any number of Servlet Filters to the servlet request. We will learn more about each of the Spring Security filters, and their roles in ensuring that our application is properly secured, throughout the rest of the book. The pseudocode for how FilterChainProxy works are as follows:

    public class FilterChainProxy implements Filter {
  void doFilter(request, response, filterChain) {
    // lookup all the Filters for this request
    List<Filter> delegates = 
      lookupDelegates(request,response)
    // invoke each filter unless the delegate decided to stop
    for delegate in delegates {
      if continue processing
        delegate.doFilter(request,response,filterChain)
    }
    // if all the filters decide it is ok allow the 
    // rest of the application to run
    if continue processing
      filterChain.doFilter(request,response)
  }
    }

Due to the fact that both DelegatingFilterProxy and FilterChainProxy are the front door to Spring Security, when used in a web application, you would add a debug point when trying to figure out what is happening.

本周热推:
城市数字化转型下的网络与数据安全零信任安全:技术详解与应用实践精通Metasploit渗透测试(第3版)密码技术与物联网安全:mbedtls开发实战隐私保护计算
上一章目录下一章