我有自定义身份验证过滤器,它创建了PreAuthenticatedAuthenticationToken,并将其存储在安全上下文中.这一切都很好.这是配置:
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private SsoAuthenticationProvider authenticationProvider;
@Autowired
private SsoAuthenticationFilter ssoAuthenticationFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterAfter(ssoAuthenticationFilter,SecurityContextPersistenceFilter.class);
}
}
现在我的ssoAuthenticationFilter是FilterChainProxy的一部分,位于正确的位置.光滑.@H_403_5@
但是,由于ssoAuthenticationFilter是“过滤器”,所以它被引导并被包含为过滤器.所以我的过滤器链真的像:@H_403_5@
> ssoAuthenticationFilter(包括因为是过滤器)
> filterChainProxy(spring autoconfiguration)@H_403_5@
> …
> SecurityContextPersistenceFilter
> ssoAuthenticationFilter(由http.addFilterAfter(…)包含)
> …@H_403_5@
>其他一些过滤器@H_403_5@
