通过FilterChainProxy的初始化、自定义标签的分析后,Spring Security需要的运行环境已经准备好了。
这样当用户访问应用时,过滤器就开始工作了。web.xml配置的Filter:org.springframework.web.filter.DelegatingFilterProxy就不介绍了,该类仅仅是初始化一个FilterChainProxy,然后把所有拦截的请求交给FilterChainProxy处理。
FilterChainProxy的doFilter方法如下
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
- throws IOException, ServletException {
- //FilterInvocation类封装了request、response、chain
- //在方法中传递
- FilterInvocation fi = new FilterInvocation(request, response, chain);
- //获取http标签中创建的所有Filter
- List<Filter> filters = getFilters(fi.getRequestUrl());
- if (filters == null || filters.size() == 0) {
- if (logger.isDebugEnabled()) {
- logger.debug(fi.getRequestUrl() +
- filters == null ? ” has no matching filters” : ” has an empty filter list”);
- }
- chain.doFilter(request, response);
- return;
- }
- //把实际doFilter任务交给VirtualFilterChain处理
- VirtualFilterChain virtualFilterChain = new VirtualFilterChain(fi, filters);
- virtualFilterChain.doFilter(fi.getRequest(), fi.getResponse());
- }
现在来分析VirtualFilterChain的doFilter方法:
- private static class VirtualFilterChain implements FilterChain {
- private FilterInvocation fi;
- private List<Filter> additionalFilters;
- private int currentPosition = 0;
- private VirtualFilterChain(FilterInvocation filterInvocation, List<Filter> additionalFilters) {
- this.fi = filterInvocation;
- this.additionalFilters = additionalFilters;
- }
- public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
- //判断过滤器的个数是否与当前位置相等
- if (currentPosition == additionalFilters.size()) {
- if (logger.isDebugEnabled()) {
- logger.debug(fi.getRequestUrl()
- + ” reached end of additional filter chain; proceeding with original chain”);
- }
- fi.getChain().doFilter(request, response);
- } else {
- //当前位置加一
- currentPosition++;
- //根据当前位置从过滤器列表中取出一个Filter
- Filter nextFilter = additionalFilters.get(currentPosition – 1);
- if (logger.isDebugEnabled()) {
- logger.debug(fi.getRequestUrl() + ” at position “ + currentPosition + ” of “
- + additionalFilters.size() + ” in additional filter chain; firing Filter: ‘”
- + nextFilter + “‘”);
- }
- //执行取出Filter的doFilter方法
- nextFilter.doFilter(request, response, this);
- }
- }
- }
注意这里
- nextFilter.doFilter(request, response, this);
VirtualFilterChain把自身作为参数传递给doFilter方法,这样doFilter方法最后会调用VirtualFilterChain的doFilter方法,这样控制就又回到了VirtualFilterChain,于是VirtualFilterChain又将当前位置currentPosition前移,调用下一个Filter的doFilter方法。当additionalFilters中所有元素的doFilter都执行完毕,VirtualFilterChain执行fi.getChain().doFilter,而fi.getChain()的值就是FilterChainProxy的doFilter方法中的参数chain的值。
这样我们就理解了FilterChainProxy是如何处理整个Filter链的了。
接下来,就要一一分析每个Filter的功能与作用了。