`

spring security debug 小结

SecuritySpringBeanUIAOP 
阅读更多


有时需要在默认的filter之前定义自己的filter来改变原来的实现  但假如知道原来的filter的bean的默认名字之后 往往可以直接配置原来的filter

<beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
    <custom-filter before="LOGOUT_FILTER" />
    <beans:constructor-arg index="0" value="/"/>
    <beans:constructor-arg index="1">
        <beans:list>
            <beans:bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
            <beans:ref bean="_rememberMeServices"/>
            <beans:bean class="com.lich0079.CustomLogoutHandler"/>
        </beans:list>
    </beans:constructor-arg>
</beans:bean>


现在只要
<beans:bean id="_logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
  <beans:constructor-arg index="0" value="/" />
  <beans:constructor-arg index="1">
   <beans:list>
    <beans:bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
    <beans:ref bean="_rememberMeServices" />
    <beans:bean class="lich0079.CustomLogoutFilter" />
   </beans:list>
  </beans:constructor-arg>
  <beans:property name="filterProcessesUrl" value="/logout"/>
 </beans:bean>

去掉了  <custom-filter before="LOGOUT_FILTER" /> 

ID变为 _logoutFilter 这是默认名字

 

 

改变rememberMe的一些默认配置  这些都是命名空间配置不了的

<beans:bean id="_rememberMeServices" class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
        <beans:property name="userDetailsService" ref="userDetailsServiceWrapper" />
        <beans:property name="parameter" value="rememberMe" /><!-- form input name -->
        <beans:property name="key" value="keyss" />
        <beans:property name="tokenValiditySeconds" value="2147483647" /><!-- the left valid time, about 68 year, max int-->
        <beans:property name="cookieName" value="cookieCode" />
    </beans:bean>

 

 

但首先你要知道这些bean的默认名字,试了半天 在applicationContext的beanFactory里找出来了

[_sessionFixationProtectionFilter, _rememberMeServices, _accessManager, org.springframework.aop.config.internalAutoProxyCreator, _basicAuthenticationFilter, _formLoginEntryPoint, 
_filterSecurityInterceptor, _filterChainProxy, 
_anonymousAuthenticationProvider, _filterChainProxyPostProcessor, 
_rememberMeAuthenticationProvider, 
_basicAuthenticationEntryPoint, _methodDefinitionSourceAdvisor, 
org.springframework.security.config.AuthenticationProviderBeanDefinitionParser$AuthenticationProviderCacheResolver#0, 
_exceptionTranslationFilter, _httpSessionContextIntegrationFilter, 
_methodSecurityInterceptorPostProcessor, 
_entryPointInjectionBeanPostProcessor, _logoutFilter, _portMapper, 
_securityContextHolderAwareRequestFilter, _rememberMeFilter, 
org.springframework.security.providers.dao.DaoAuthenticationProvider#0, _rememberMeServicesInjectionBeanPostProcessor, 
_anonymousProcessingFilter, _filterChainList, 
org.springframework.security.userdetails.memory.InMemoryDaoImpl#0, _delegatingMethodDefinitionSource, _authenticationManager, 
_userServiceInjectionPostProcessor, _formLoginFilter, 
_methodSecurityInterceptor]

 

有时候你配置了自己的filter不知道到底work了没有,可以去FilterChainProxy这个类里面设个断点,在里面可以看到整个filter链的对象,看你自己加的在不在里面,配置的属性是不是你想要的

 

 

分享到:
| spring security 修改 RememberMeService ...
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics