Spring Security3 Filter链顺序

来自ling
跳转至: 导航搜索
<custom-filter ref="ling2.rememberMeLoginFilter" position="REMEMBER_ME_FILTER"/>
<custom-filter ref="ling2.controllerFilter" after="SESSION_MANAGEMENT_FILTER"/>
<custom-filter ref="ling2.filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR"/>
参考 http://www.cnblogs.com/yjmyzz/p/how-to-custom-filter-provider-and-token-in-spring-security3.html

- FIRST

- CHANNEL_FILTER

- SECURITY_CONTEXT_FILTER SecurityContextPersistenceFilter

- CONCURRENT_SESSION_FILTER

- WEB_ASYNC_MANAGER_FILTER

- HEADERS_FILTER

- CSRF_FILTER

- LOGOUT_FILTER

- X509_FILTER

- PRE_AUTH_FILTER

- CAS_FILTER

- FORM_LOGIN_FILTER

- OPENID_FILTER 参考 http://sishuok.com/forum/blogPost/list/3972.html

- LOGIN_PAGE_FILTER

- DIGEST_AUTH_FILTER

- BASIC_AUTH_FILTER

- REQUEST_CACHE_FILTER

- SERVLET_API_SUPPORT_FILTER

- JAAS_API_SUPPORT_FILTER

- COOKIE_LOGIN_FILTER,匿名登录前,否则SecurityContextHolder.getContext().getAuthentication()不为空,必须在REMEMBER_ME_FILTER之前,因为换用户登录后,访问到没有被访问过的负载,如果这个负载以前访问过,会导致还是用REMEMBER_me信息

- REMEMBER_ME_FILTER

- ANONYMOUS_FILTER

- SESSION_MANAGEMENT_FILTER

- EXCEPTION_TRANSLATION_FILTER

- FILTER_SECURITY_INTERCEPTOR

- SWITCH_USER_FILTER

- LAST

附上默认的过滤器顺序列表 order 过滤器名称

100 ChannelProcessingFilter

200 ConcurrentSessionFilter

300 SecurityContextPersistenceFilter

400 LogoutFilter

500 X509AuthenticationFilter

600 RequestHeaderAuthenticationFilter

700 CasAuthenticationFilter

800 UsernamePasswordAuthenticationFilter

900 OpenIDAuthenticationFilter

1000 DefaultLoginPageGeneratingFilter

1100 DigestAuthenticationFilter

1200 BasicAuthenticationFilter

1300 RequestCacheAwareFilter

1400 SecurityContextHolderAwareRequestFilter

1500 RememberMeAuthenticationFilter

1600 AnonymousAuthenticationFilter

1700 SessionManagementFilter

1800 ExceptionTranslationFilter

1900 FilterSecurityInterceptor

2000 SwitchUserFilter