在使用xml配置spring security时经常会看到下面类似的配置:
代码语言:javascript复制<security:http entry-point-ref="multipleAuthenticationLoginEntry" servlet-api-provision="true">
<!--
<security:session-management invalid-session-url="/loginRedirect.jtl">
<security:concurrency-control error-if-maximum-exceeded="false" max-sessions="1" expired-url="/loginRedirect.jtl"/>
</security:session-management>
-->
<!--使用表单登录-->
<security:remember-me key="xx"/>
<security:logout logout-url="/logout" logout-success-url="/loginRedirect.jtl"/>
<security:custom-filter ref="xxFilter" after="FORM_LOGIN_FILTER" />
<security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="xx1Filter" />
<security:access-denied-handler ref="xxHandler"/>
<security:custom-filter position="SWITCH_USER_FILTER" ref="xx2Filter"/>
</security:http>
那么上面标红部分配置在哪里呢,笔者将相关部门摘抄下来,分享至此:
Alias | Filter Class | Namespace Element or Attribute |
|---|---|---|
CHANNEL_FILTER | ChannelProcessingFilter | http/intercept-url@requires-channel |
SECURITY_CONTEXT_FILTER | SecurityContextPersistenceFilter | http |
CONCURRENT_SESSION_FILTER | ConcurrentSessionFilter | session-management/concurrency-control |
HEADERS_FILTER | HeaderWriterFilter | http/headers |
CSRF_FILTER | CsrfFilter | http/csrf |
LOGOUT_FILTER | LogoutFilter | http/logout |
X509_FILTER | X509AuthenticationFilter | http/x509 |
PRE_AUTH_FILTER | AbstractPreAuthenticatedProcessingFilter Subclasses | N/A |
CAS_FILTER | CasAuthenticationFilter | N/A |
FORM_LOGIN_FILTER | UsernamePasswordAuthenticationFilter | http/form-login |
BASIC_AUTH_FILTER | BasicAuthenticationFilter | http/http-basic |
SERVLET_API_SUPPORT_FILTER | SecurityContextHolderAwareRequestFilter | http/@servlet-api-provision |
JAAS_API_SUPPORT_FILTER | JaasApiIntegrationFilter | http/@jaas-api-provision |
REMEMBER_ME_FILTER | RememberMeAuthenticationFilter | http/remember-me |
ANONYMOUS_FILTER | AnonymousAuthenticationFilter | http/anonymous |
SESSION_MANAGEMENT_FILTER | SessionManagementFilter | session-management |
EXCEPTION_TRANSLATION_FILTER | ExceptionTranslationFilter | http |
FILTER_SECURITY_INTERCEPTOR | FilterSecurityInterceptor | http |
SWITCH_USER_FILTER | SwitchUserFilter | N/A |
根据上面这个对照表,可以进一步分析以及作为使用参考。
