首页 诗词 字典 板报 句子 名言 友答 励志 学校 网站地图
当前位置: 首页 > 教程频道 > 网站开发 > Web前端 >

springSecurity源码分析——DelegatingFilterProxy种的作用

2013-10-24 
springSecurity源码分析——DelegatingFilterProxy类的作用使用过springSecurity的朋友都知道,首先需要在web

springSecurity源码分析——DelegatingFilterProxy类的作用

使用过springSecurity的朋友都知道,首先需要在web.xml进行以下配置,

<filter>
??<filter-name>springSecurityFilterChain</filter-name>
??<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
?</filter>

<filter-mapping>
??<filter-name>springSecurityFilterChain</filter-name>
??<url-pattern>/*</url-pattern>

?</filter-mapping>

从这个配置中,可能会给我们造成一个错觉,以为 DelegatingFilterProxy类就是springSecurity的入口,但其实这个类位于spring-web- 3.0.5.RELEASE.jar这个jar下面,说明这个类本身是和springSecurity无关。DelegatingFilterProxy类继承于抽象类GenericFilterBean,间接地implement 了javax.servlet.Filter接口,Servlet容器在启动时,首先会调用Filter的init方法,GenericFilterBean的作用主要是可以把Filter的初始化参数自动地set到继承于GenericFilterBean类的Filter中去。在其init方法的如下代码就是做了这个事:

PropertyValues pvs = new FilterConfigPropertyValues(filterConfig, this.requiredProperties);BeanWrapper bw = PropertyAccessorFactory.forBeanPropertyAccess(this);ResourceLoader resourceLoader = new ServletContextResourceLoader(filterConfig.getServletContext());bw.registerCustomEditor(Resource.class, new ResourceEditor(resourceLoader));initBeanWrapper(bw);bw.setPropertyValues(pvs, true);

??另外在init方法中调用了initFilterBean()方法,该方法是GenericFilterBean类是特地留给子类扩展用的,

protected void initFilterBean() throws ServletException {        // If no target bean name specified, use filter name.        if (this.targetBeanName == null) {            this.targetBeanName = getFilterName();        }         // Fetch Spring root application context and initialize the delegate early,        // if possible. If the root application context will be started after this        // filter proxy, we'll have to resort to lazy initialization.        synchronized (this.delegateMonitor) {            WebApplicationContext wac = findWebApplicationContext();            if (wac != null) {                this.delegate = initDelegate(wac);            }        }    }

? 可以看出上述代码首先看Filter是否提供了targetBeanName初始化参数,如果没有提供则直接使用filter的name做为beanName,产生了beanName后,由于我们在web.xml的filter的name是springSecurityFilterChain,从spring的IOC容器中取出bean的代码是initDelegate方法,下面是该方法代码:

protected Filter initDelegate(WebApplicationContext wac) throws ServletException {        Filter delegate = wac.getBean(getTargetBeanName(), Filter.class);        if (isTargetFilterLifecycle()) {            delegate.init(getFilterConfig());        }        return delegate;}

?

?通过跟踪代码,发现取出的bean是org.springframework.security.FilterChainProxy,该类也是继承于GenericFilterBean,取出bean后,判断targetFilterLifecycle属性是false还是true,决定是否调用该类的init方法。这个FilterChainProxy bean实例最终被保存在DelegatingFilterProxy类的delegate属性里,

下面看一下DelegatingFilterProxy类的doFilter方法

public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)            throws ServletException, IOException {         // Lazily initialize the delegate if necessary.        Filter delegateToUse = null;        synchronized (this.delegateMonitor) {            if (this.delegate == null) {                WebApplicationContext wac = findWebApplicationContext();                if (wac == null) {                    throw new IllegalStateException("No WebApplicationContext found: no ContextLoaderListener registered?");                }                this.delegate = initDelegate(wac);            }            delegateToUse = this.delegate;        }         // Let the delegate perform the actual doFilter operation.        invokeDelegate(delegateToUse, request, response, filterChain);    }

??真正要关注invokeDelegate(delegateToUse, request, response, filterChain);这句代码,在下面可以看出DelegatingFilterProxy类实际是用其delegate属性即org.springframework.security.FilterChainProxy实例的doFilter方法来响应请求。

protected void invokeDelegate(            Filter delegate, ServletRequest request, ServletResponse response, FilterChain filterChain)            throws ServletException, IOException {         delegate.doFilter(request, response, filterChain);    }

?

以上就是DelegatingFilterProxy类的一些内部运行机制,其实主要作用就是一个代理模式的应用,可以把servlet 容器中的filter同spring容器中的bean关联起来。

热点排行