通过FilterChainProxy的初始化、自定义标签的分析后，Spring Security需要的运行环境已经准备好了。

这样当用户访问应用时，过滤器就开始工作了。web.xml配置的Filter：org.springframework.web.filter.DelegatingFilterProxy就不介绍了，该类仅仅是初始化一个FilterChainProxy，然后把所有拦截的请求交给FilterChainProxy处理。

FilterChainProxy的doFilter方法如下

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
         //FilterInvocation类封装了request、response、chain
        //在方法中传递        
         FilterInvocation fi = new FilterInvocation(request, response, chain);
        //获取http标签中创建的所有Filter
        List<Filter> filters = getFilters(fi.getRequestUrl());
        if (filters == null || filters.size() == 0) {
            if (logger.isDebugEnabled()) {
                logger.debug(fi.getRequestUrl() +
                        filters == null ? " has no matching filters" : " has an empty filter list");
            }

            chain.doFilter(request, response);

            return;
        }
        //把实际doFilter任务交给VirtualFilterChain处理
        VirtualFilterChain virtualFilterChain = new VirtualFilterChain(fi, filters);
        virtualFilterChain.doFilter(fi.getRequest(), fi.getResponse());
    }

现在来分析VirtualFilterChain的doFilter方法：

    private static class VirtualFilterChain implements FilterChain {
        private FilterInvocation fi;
        private List<Filter> additionalFilters;
        private int currentPosition = 0;

        private VirtualFilterChain(FilterInvocation filterInvocation, List<Filter> additionalFilters) {
            this.fi = filterInvocation;
            this.additionalFilters = additionalFilters;
        }

        public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
            //判断过滤器的个数是否与当前位置相等
            if (currentPosition == additionalFilters.size()) {
                if (logger.isDebugEnabled()) {
                    logger.debug(fi.getRequestUrl()
                        + " reached end of additional filter chain; proceeding with original chain");
                }
                fi.getChain().doFilter(request, response);
            } else {
                //当前位置加一
                currentPosition++;
                //根据当前位置从过滤器列表中取出一个Filter
                Filter nextFilter = additionalFilters.get(currentPosition - 1);
                if (logger.isDebugEnabled()) {
                    logger.debug(fi.getRequestUrl() + " at position " + currentPosition + " of "
                        + additionalFilters.size() + " in additional filter chain; firing Filter: '"
                        + nextFilter + "'");
                }
               //执行取出Filter的doFilter方法
               nextFilter.doFilter(request, response, this);
            }
        }
    }

注意这里

nextFilter.doFilter(request, response, this);

[color=red]VirtualFilterChain把自身作为参数传递给doFilter方法，这样doFilter方法最后会调用VirtualFilterChain的doFilter方法，这样控制就又回到了VirtualFilterChain，于是VirtualFilterChain又将当前位置currentPosition前移，调用下一个Filter的doFilter方法。当additionalFilters中所有元素的doFilter都执行完毕，VirtualFilterChain执行fi.getChain().doFilter，而fi.getChain()的值就是FilterChainProxy的doFilter方法中的参数chain的值。[/color]

这样我们就理解了FilterChainProxy是如何处理整个Filter链的了。

接下来，就要一一分析每个Filter的功能与作用了。