4 Haziran 2021 Cuma

SpringSecurity FilterChainProxy Sınıfı

Giriş
Şu satırı dahil ederiz
import org.springframework.security.web.FilterChainProxy;
Açıklaması şöyle 
FilterChainProxy — This is another layer of indirection provided by Spring security. This is also a servlet filter whose job is to invoke the relevant filters that would work on the incoming request. Like the DelegatingFilterProxy, it also does not perform any logic. This filter is however provided by the Spring security package. 

SecurityFilter(s) — This is the most interesting bit in the above chain. This class basically contains a list of actual filters that need to be invoked before the controller can handle the request. It contains filters for example — SecurityContextPersistenceFilter, HeaderWriterFilter, CsrfFilter, LogoutFilter, UsernamePasswordAuthenticationFilter etc. when one uses the default security config. FilterChainProxy queries this class to invoke each filter in a loop. 

 There can be multiple SecurityFilterChain, each having its own stack of filters which could be the same or different from the other SecurityFilterChain.
Filtreler Nasıl Yaratılırlar?
Şeklen şöyle. Yani istek servlet'e gelmeden önce bir dizi Filter'dan geçer. Her bir Filter ise kendi içinde bir başka zincire sahiptir.

Bu filter'lardan bir tanesi DelegatingFilterProxy. DelegatingFilterProxy ise bu yazıda anlatılan FilterChainProxy sınıfını çağırıyor.
Şeklen şöyle


Açıklaması şöyle
The text in bold — SecurityFilterAutoConfiguration, WebSecurityConfiguration and WebSecurityConfigurerAdapter are the java class names that are responsible for the creation of DelegatingFilterProxy, FilterChainProxy and SecurityFilterChain respectively.

The boxes colored yellow/red are the components that are used in the security filtering part of the request.

The box in green — DispatcherServlet is called once the request is validated by the filter chain.
SecurityFilterChain içindeki akış şeklen şöyle







Hiç yorum yok:

Yorum Gönder