RequestCacheAwareFilter过滤器对应的类路径为
org.springframework.security.web.savedrequest.RequestCacheAwareFilter
这个filter的用途官方解释是
用于用户登录成功后,重新恢复因为登录被打断的请求
这个解释也有几点需要说明
被打算的请求:简单点说就是出现了AuthenticationException、AccessDeniedException两类异常
重新恢复:既然能够恢复,那肯定请求信息被保存到cache中了
首先看被打断请求是如何保存到cache中的
实际上,上一篇的ExceptionTranslationFilter分析已经提到了
requestCache.saveRequest(request, response)
是的,如果出现AuthenticationException或者是匿名登录的抛出了AccessDeniedException,都会把当前request保存到cache中。这里的cache是HttpSessionRequestCache,接着看HttpSessionRequestCache的saveRequest方法
public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
//由于构造HttpSessionRequestCache的bean时,没有设置justUseSavedRequestOnGet属性,所以该属性为默认值false。
if (!justUseSavedRequestOnGet || "GET".equals(request.getMethod())) {
//构造DefaultSavedRequest,并且设置到session中
DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, portResolver);
if (createSessionAllowed || request.getSession(false) != null) {
request.getSession().setAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY, savedRequest);
}
}
}
这里应该知道,实际上被打断的请求被封装成DefaultSavedRequest对象保存到session中了
分析完保存被打断的请求,接着就分析如何恢复被打断的请求了。RequestCacheAwareFilter过滤器就是完成恢复的工作。看doFilter方法
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
//根据当前session取出DefaultSavedRequest,如果有被打断的请求,就把当前请求与被打断请求做匹配。如果匹配成功,对当前请求封装,再传递到下一个过滤器
HttpServletRequest wrappedSavedRequest =
requestCache.getMatchingRequest((HttpServletRequest)request, (HttpServletResponse)response);
chain.doFilter(wrappedSavedRequest == null ? request : wrappedSavedRequest, response);
}
继续看HttpSessionRequestCache处理过程
//从当前session中提取DefaultSavedRequest对象
public SavedRequest getRequest(HttpServletRequest currentRequest, HttpServletResponse response) {
HttpSession session = currentRequest.getSession(false);
if (session != null) {
return (DefaultSavedRequest) session.getAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY);
}
return null;
}
//清除被打断请求
public void removeRequest(HttpServletRequest currentRequest, HttpServletResponse response) {
HttpSession session = currentRequest.getSession(false);
if (session != null) {
logger.debug("Removing DefaultSavedRequest from session if present");
session.removeAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY);
}
}
//请求匹配
public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
DefaultSavedRequest saved = (DefaultSavedRequest) getRequest(request, response);
//如果没有被打断请求,直接返回null,不做处理
if (saved == null) {
return null;
}
//如果当前请求与被打断请求不匹配,直接返回null,不做处理
if (!saved.doesRequestMatch(request, portResolver)) {
logger.debug("saved request doesn't match");
return null;
}
//清除被打断请求
removeRequest(request, response);
//重新包装当前请求为被打断请求的各项信息
return new SavedRequestAwareWrapper(saved, request);
}
接着分析doesRequestMatch方法,看请求是如何匹配的
//就是比较request与cache中被打断请求的各项信息是否相同
//这里有个疑惑(由于被打断请求包括POST、GET提交方式的,而这里要求必须为GET方式的请求才会匹配成功)
public boolean doesRequestMatch(HttpServletRequest request, PortResolver portResolver) {
if (!propertyEquals("pathInfo", this.pathInfo, request.getPathInfo())) {
return false;
}
if (!propertyEquals("queryString", this.queryString, request.getQueryString())) {
return false;
}
if (!propertyEquals("requestURI", this.requestURI, request.getRequestURI())) {
return false;
}
if (!"GET".equals(request.getMethod()) && "GET".equals(method)) {
// A save GET should not match an incoming non-GET method
return false;
}
if (!propertyEquals("serverPort", new Integer(this.serverPort), new Integer(portResolver.getServerPort(request))))
{
return false;
}
if (!propertyEquals("requestURL", this.requestURL, request.getRequestURL().toString())) {
return false;
}
if (!propertyEquals("scheme", this.scheme, request.getScheme())) {
return false;
}
if (!propertyEquals("serverName", this.serverName, request.getServerName())) {
return false;
}
if (!propertyEquals("contextPath", this.contextPath, request.getContextPath())) {
return false;
}
if (!propertyEquals("servletPath", this.servletPath, request.getServletPath())) {
return false;
}
return true;
}
这里为何对POST请求匹配不成功,目前还不知道具体设计思路。知道后会进行补充
分享到:
相关推荐
赠送jar包:spring-security-crypto-5.5.2.jar; 赠送原API文档:spring-security-crypto-5.5.2-javadoc.jar; 赠送源代码:spring-security-crypto-5.5.2-sources.jar; 赠送Maven依赖信息文件:spring-security-...
赠送jar包:spring-security-crypto-5.6.1.jar; 赠送原API文档:spring-security-crypto-5.6.1-javadoc.jar; 赠送源代码:spring-security-crypto-5.6.1-sources.jar; 赠送Maven依赖信息文件:spring-security-...
赠送jar包:spring-security-core-5.5.2.jar; 赠送原API文档:spring-security-core-5.5.2-javadoc.jar; 赠送源代码:spring-security-core-5.5.2-sources.jar; 赠送Maven依赖信息文件:spring-security-core-...
赠送jar包:spring-security-core-5.2.0.RELEASE.jar; 赠送原API文档:spring-security-core-5.2.0.RELEASE-javadoc.jar; 赠送源代码:spring-security-core-5.2.0.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-core-5.3.9.RELEASE.jar; 赠送原API文档:spring-security-core-5.3.9.RELEASE-javadoc.jar; 赠送源代码:spring-security-core-5.3.9.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-rsa-1.0.10.RELEASE.jar; 赠送原API文档:spring-security-rsa-1.0.10.RELEASE-javadoc.jar; 赠送源代码:spring-security-rsa-1.0.10.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-oauth2-2.3.5.RELEASE.jar; 赠送原API文档:spring-security-oauth2-2.3.5.RELEASE-javadoc.jar; 赠送源代码:spring-security-oauth2-2.3.5.RELEASE-sources.jar; 赠送Maven依赖信息...
赠送jar包:spring-security-jwt-1.0.10.RELEASE.jar; 赠送原API文档:spring-security-jwt-1.0.10.RELEASE-javadoc.jar; 赠送源代码:spring-security-jwt-1.0.10.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-web-5.6.1.jar; 赠送原API文档:spring-security-web-5.6.1-javadoc.jar; 赠送源代码:spring-security-web-5.6.1-sources.jar; 赠送Maven依赖信息文件:spring-security-web-5.6.1....
赠送jar包:spring-security-core-5.0.7.RELEASE.jar; 赠送原API文档:spring-security-core-5.0.7.RELEASE-javadoc.jar; 赠送源代码:spring-security-core-5.0.7.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-oauth2-2.3.5.RELEASE.jar; 赠送原API文档:spring-security-oauth2-2.3.5.RELEASE-javadoc.jar; 赠送源代码:spring-security-oauth2-2.3.5.RELEASE-sources.jar; 赠送Maven依赖信息...
spring-boot-security-saml, Spring Security saml与 Spring Boot的集成 spring-boot-security-saml这个项目在处理 spring-security-saml 和 Spring Boot 之间的平滑集成的同时,在处理内部的配置的gritty和锅炉板的...
赠送jar包:spring-security-oauth2-autoconfigure-2.1.8.RELEASE.jar; 赠送原API文档:spring-security-oauth2-autoconfigure-2.1.8.RELEASE-javadoc.jar; 赠送源代码:spring-security-oauth2-autoconfigure-...
赠送jar包:spring-security-core-5.6.1.jar; 赠送原API文档:spring-security-core-5.6.1-javadoc.jar; 赠送源代码:spring-security-core-5.6.1-sources.jar; 赠送Maven依赖信息文件:spring-security-core-...
赠送jar包:spring-security-core-5.6.1.jar; 赠送原API文档:spring-security-core-5.6.1-javadoc.jar; 赠送源代码:spring-security-core-5.6.1-sources.jar; 赠送Maven依赖信息文件:spring-security-core-...
赠送jar包:spring-security-crypto-5.6.1.jar; 赠送原API文档:spring-security-crypto-5.6.1-javadoc.jar; 赠送源代码:spring-security-crypto-5.6.1-sources.jar; 赠送Maven依赖信息文件:spring-security-...
赠送jar包:spring-security-web-5.2.0.RELEASE.jar; 赠送原API文档:spring-security-web-5.2.0.RELEASE-javadoc.jar; 赠送源代码:spring-security-web-5.2.0.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-config-5.6.1.jar; 赠送原API文档:spring-security-config-5.6.1-javadoc.jar; 赠送源代码:spring-security-config-5.6.1-sources.jar; 赠送Maven依赖信息文件:spring-security-...
赠送jar包:spring-security-jwt-1.0.10.RELEASE.jar; 赠送原API文档:spring-security-jwt-1.0.10.RELEASE-javadoc.jar; 赠送源代码:spring-security-jwt-1.0.10.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
3. **spring-security-oauth2-2.0.3.RELEASE-sources.jar**:这是源码JAR文件,包含Spring Security OAuth2的原始源代码。对于开发者来说,这是一个宝贵的资源,因为他们可以直接查看和学习库的内部工作原理,调试...