1. org.springframework.web.filter.DelegatingFilterProxy（在web.xml中属于占位作用）初始化 org.springframework.security.util.FilterChainProxy并获取DI容器 里的实例调用他的dofilter方法 FilterChainProxy包含 private ApplicationContext applicationContext; /** Map of the original pattern Strings to filter chains */ private Map uncompiledFilterChainMap; /** Compiled pattern version of the filter chain map */ private Map filterChainMap; private UrlMatcher matcher = new AntUrlPathMatcher(); private boolean stripQueryStringFromUrls = true; private DefaultFilterInvocationDefinitionSource fids; public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { //FilterInvocation 是 对应配置文件中url 和对应是否经过过滤器的对象 FilterInvocation fi = new FilterInvocation(request, response, chain); List filters = getFilters(fi.getRequestUrl()); //如果查出该url不需要经过过滤器就直接进入web.xml里的真实过滤器 从而next if (filters == null || filters.size() == 0) { if (logger.isDebugEnabled()) { logger.debug(fi.getRequestUrl() + filters == null ? ” has no matching filters” : ” has an empty filter list”); } chain.doFilter(request, response); return; } //创建一个虚拟的filter内部链 //否则根据fi得到该网页url需要经过那些过滤器来通过虚拟过滤连 VirtualFilterChain virtualFilterChain = new VirtualFilterChain(fi, filters); virtualFilterChain.doFilter(fi.getRequest(), fi.getResponse()); } VirtualFilterChain的dofilter方法 public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { if (currentPosition == additionalFilters.size()) { if (logger.isDebugEnabled()) { logger.debug(fi.getRequestUrl() + ” reached end of additional filter chain; proceeding with original chain”); } fi.getChain().doFilter(request, response); } else { currentPosition++; Filter nextFilter = (Filter) additionalFilters.get(currentPosition – 1); if (logger.isDebugEnabled()) { logger.debug(fi.getRequestUrl() + ” at position ” + currentPosition + ” of ” + additionalFilters.size() + ” in additional filter chain; firing Filter: ‘” + nextFilter + “‘”); } nextFilter.doFilter(request, response, this); } } 其中通过查看我自己的虚拟过滤链中的元素如下： [org.springframework.security.concurrent.ConcurrentSessionFilter[ order=100; ], org.springframework.security.context.HttpSessionContextIntegrationFilter[ order=200; ], org.springframework.security.ui.logout.LogoutFilter[ order=300; ], com.avi.springsecurityExtends.MyAuthenticationProcessingFilter[ order=700; ], org.springframework.security.ui.webapp.AuthenticationProcessingFilter[ order=700; ], org.springframework.security.ui.basicauth.BasicProcessingFilter[ order=1000; ], org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter[ order=1100; ], org.springframework.security.ui.rememberme.RememberMeProcessingFilter[ order=1200; ], org.springframework.security.providers.anonymous.AnonymousProcessingFilter[ order=1300; ], org.springframework.security.ui.ExceptionTranslationFilter[ order=1400; ], org.springframework.security.intercept.web.FilterSecurityInterceptor@1a29452]