springSecurity源码分析——DelegatingFilterProxy类的作用
http://www.cnblogs.com/hzhuxin/archive/2011/12/19/2293730.html
使用過springSecurity的朋友都知道,首先需要在web.xml進(jìn)行以下配置,
<filter>
??<filter-name>springSecurityFilterChain</filter-name>
??<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
?</filter>
<filter-mapping>
??<filter-name>springSecurityFilterChain</filter-name>
??<url-pattern>/*</url-pattern>
?</filter-mapping>
從這個配置中,可能會給我們造成一個錯覺,以為DelegatingFilterProxy類就是springSecurity的入口,但其實這個類位于spring-web-3.0.5.RELEASE.jar這個jar下面,說明這個類本身是和springSecurity無關(guān)。DelegatingFilterProxy類繼承于抽象類GenericFilterBean,間接地implement 了javax.servlet.Filter接口,Servlet容器在啟動時,首先會調(diào)用Filter的init方法,GenericFilterBean的作用主要是可以把Filter的初始化參數(shù)自動地set到繼承于GenericFilterBean類的Filter中去。在其init方法的如下代碼就是做了這個事:
?| 1 2 3 4 5 6 | PropertyValues pvs = new FilterConfigPropertyValues(filterConfig, this.requiredProperties); BeanWrapper bw = PropertyAccessorFactory.forBeanPropertyAccess(this); ResourceLoader resourceLoader = new ServletContextResourceLoader(filterConfig.getServletContext()); bw.registerCustomEditor(Resource.class, new ResourceEditor(resourceLoader)); initBeanWrapper(bw); bw.setPropertyValues(pvs, true); |
?另外在init方法中調(diào)用了initFilterBean()方法,該方法是GenericFilterBean類是特地留給子類擴(kuò)展用的,
?| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | protected void initFilterBean() throws ServletException { ????????// If no target bean name specified, use filter name. ????????if (this.targetBeanName == null) { ????????????this.targetBeanName = getFilterName(); ????????} ?? ????????// Fetch Spring root application context and initialize the delegate early, ????????// if possible. If the root application context will be started after this ????????// filter proxy, we'll have to resort to lazy initialization. ????????synchronized (this.delegateMonitor) { ????????????WebApplicationContext wac = findWebApplicationContext(); ????????????if (wac != null) { ????????????????this.delegate = initDelegate(wac); ????????????} ????????} ????} |
?可以看出上述代碼首先看Filter是否提供了targetBeanName初始化參數(shù),如果沒有提供則直接使用filter的name做為beanName,產(chǎn)生了beanName后,由于我們在web.xml的filter的name是springSecurityFilterChain,從spring的IOC容器中取出bean的代碼是initDelegate方法,下面是該方法代碼:
?| 1 2 3 4 5 6 7 | protected Filter initDelegate(WebApplicationContext wac) throws ServletException { ????????Filter delegate = wac.getBean(getTargetBeanName(), Filter.class); ????????if (isTargetFilterLifecycle()) { ????????????delegate.init(getFilterConfig()); ????????} ????????return delegate; } |
?通過跟蹤代碼,發(fā)現(xiàn)取出的bean是org.springframework.security.FilterChainProxy,該類也是繼承于GenericFilterBean,取出bean后,判斷targetFilterLifecycle屬性是false還是true,決定是否調(diào)用該類的init方法。這個FilterChainProxy bean實例最終被保存在DelegatingFilterProxy類的delegate屬性里,
下面看一下DelegatingFilterProxy類的doFilter方法
?| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) ????????????throws ServletException, IOException { ?? ????????// Lazily initialize the delegate if necessary. ????????Filter delegateToUse = null; ????????synchronized (this.delegateMonitor) { ????????????if (this.delegate == null) { ????????????????WebApplicationContext wac = findWebApplicationContext(); ????????????????if (wac == null) { ????????????????????throw new IllegalStateException("No WebApplicationContext found: no ContextLoaderListener registered?"); ????????????????} ????????????????this.delegate = initDelegate(wac); ????????????} ????????????delegateToUse = this.delegate; ????????} ?? ????????// Let the delegate perform the actual doFilter operation. ????????invokeDelegate(delegateToUse, request, response, filterChain); ????} |
?真正要關(guān)注invokeDelegate(delegateToUse, request, response, filterChain);這句代碼,在下面可以看出DelegatingFilterProxy類實際是用其delegate屬性即org.springframework.security.FilterChainProxy實例的doFilter方法來響應(yīng)請求。
?| 1 2 3 4 5 6 | protected void invokeDelegate( ????????????Filter delegate, ServletRequest request, ServletResponse response, FilterChain filterChain) ????????????throws ServletException, IOException { ?? ????????delegate.doFilter(request, response, filterChain); ????} |
?
以上就是DelegatingFilterProxy類的一些內(nèi)部運(yùn)行機(jī)制,其實主要作用就是一個代理模式的應(yīng)用,可以把servlet 容器中的filter同spring容器中的bean關(guān)聯(lián)起來。
?
總結(jié)
以上是生活随笔為你收集整理的springSecurity源码分析——DelegatingFilterProxy类的作用的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: OpenSessionInViewFil
- 下一篇: 兼容Tomcat和Weblogic的Sp