Spring Security3 Filter链顺序
<custom-filter ref="ling2.rememberMeLoginFilter" position="REMEMBER_ME_FILTER"/> <custom-filter ref="ling2.controllerFilter" after="SESSION_MANAGEMENT_FILTER"/> <custom-filter ref="ling2.filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR"/>
参考 http://www.cnblogs.com/yjmyzz/p/how-to-custom-filter-provider-and-token-in-spring-security3.html
- FIRST
- CHANNEL_FILTER
- SECURITY_CONTEXT_FILTER SecurityContextPersistenceFilter
- CONCURRENT_SESSION_FILTER
- WEB_ASYNC_MANAGER_FILTER
- HEADERS_FILTER
- CSRF_FILTER
- LOGOUT_FILTER
- X509_FILTER
- PRE_AUTH_FILTER
- CAS_FILTER
- FORM_LOGIN_FILTER
- OPENID_FILTER 参考 http://sishuok.com/forum/blogPost/list/3972.html
- LOGIN_PAGE_FILTER
- DIGEST_AUTH_FILTER
- BASIC_AUTH_FILTER
- REQUEST_CACHE_FILTER
- SERVLET_API_SUPPORT_FILTER
- JAAS_API_SUPPORT_FILTER
- COOKIE_LOGIN_FILTER,匿名登录前,否则SecurityContextHolder.getContext().getAuthentication()不为空,必须在REMEMBER_ME_FILTER之前,因为换用户登录后,访问到没有被访问过的负载,如果这个负载以前访问过,会导致还是用REMEMBER_me信息
- REMEMBER_ME_FILTER
- ANONYMOUS_FILTER
- SESSION_MANAGEMENT_FILTER
- EXCEPTION_TRANSLATION_FILTER
- FILTER_SECURITY_INTERCEPTOR
- SWITCH_USER_FILTER
- LAST
附上默认的过滤器顺序列表 order 过滤器名称
100 ChannelProcessingFilter
200 ConcurrentSessionFilter
300 SecurityContextPersistenceFilter
400 LogoutFilter
500 X509AuthenticationFilter
600 RequestHeaderAuthenticationFilter
700 CasAuthenticationFilter
800 UsernamePasswordAuthenticationFilter
900 OpenIDAuthenticationFilter
1000 DefaultLoginPageGeneratingFilter
1100 DigestAuthenticationFilter
1200 BasicAuthenticationFilter
1300 RequestCacheAwareFilter
1400 SecurityContextHolderAwareRequestFilter
1500 RememberMeAuthenticationFilter
1600 AnonymousAuthenticationFilter
1700 SessionManagementFilter
1800 ExceptionTranslationFilter
1900 FilterSecurityInterceptor
2000 SwitchUserFilter