SpringSecurity用户绑定到线程
2023-02-18 15:41:31 时间
是由过滤器SecurityContextPersistenceFilter 完成的,核心代码如下
public class SecurityContextPersistenceFilter extends GenericFilterBean {
static final String FILTER_APPLIED = "__spring_security_scpf_applied";
private SecurityContextRepository repo;
private boolean forceEagerSessionCreation = false;
public SecurityContextPersistenceFilter() {
this(new HttpSessionSecurityContextRepository());
}
public SecurityContextPersistenceFilter(SecurityContextRepository repo) {
this.repo = repo;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
}
private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
// ensure that filter is only applied once per request
if (request.getAttribute(FILTER_APPLIED) != null) {
chain.doFilter(request, response);
return;
}
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
if (this.forceEagerSessionCreation) {
HttpSession session = request.getSession();
if (this.logger.isDebugEnabled() && session.isNew()) {
this.logger.debug(LogMessage.format("Created session %s eagerly", session.getId()));
}
}
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
// 获取用户信息
SecurityContext contextBeforeChainExecution = this.repo.loadContext(holder);
try {
//用户信息绑定到线程
SecurityContextHolder.setContext(contextBeforeChainExecution);
if (contextBeforeChainExecution.getAuthentication() == null) {
logger.debug("Set SecurityContextHolder to empty SecurityContext");
}
else {
if (this.logger.isDebugEnabled()) {
this.logger
.debug(LogMessage.format("Set SecurityContextHolder to %s", contextBeforeChainExecution));
}
}
chain.doFilter(holder.getRequest(), holder.getResponse());
}
finally {
SecurityContext contextAfterChainExecution = SecurityContextHolder.getContext();
// Crucial removal of SecurityContextHolder contents before anything else.
SecurityContextHolder.clearContext();
this.repo.saveContext(contextAfterChainExecution, holder.getRequest(), holder.getResponse());
request.removeAttribute(FILTER_APPLIED);
this.logger.debug("Cleared SecurityContextHolder to complete request");
}
}
public void setForceEagerSessionCreation(boolean forceEagerSessionCreation) {
this.forceEagerSessionCreation = forceEagerSessionCreation;
}
}
相关文章
- ECCV2022 &CVPR2022论文速递2022.7.29!
- CLIP中文模型开源!中文版 DiscoDiffusion 文图生成算法即将到来?
- ECCV2022 &CVPR2022论文速递2022.8.1!
- ECCV2022 &CVPR2022论文速递2022.8.2!
- ECCV2022 &CVPR2022论文速递2022.8.3!
- ECCV2022 &CVPR2022论文速递2022.8.4!
- ECCV2022 &CVPR2022论文速递2022.8.5!
- ECCV2022 &CVPR2022论文速递2022.8.8!
- ECCV2022 &CVPR2022论文速递2022.8.9!
- AI艺术创作新范式:生成+拼接+补全! 论文速递2022.8.10!
- 论文速递2022.8.11!
- ECCV2022 | GAN逆映射域外编辑,支持眼镜,年龄,表情等编辑! 论文速递2022.8.12!
- 论文速递2022.8.15!
- 2022年目前为止,一些2D图片三维重建研究工作汇总!论文速递2022.8.16!
- [javaSE] 注解-自定义注解
- [javaSE] 注解-JDK中的注解
- [javaEE] 反射-通过反射了解集合泛型本质
- [javaSE] 反射-方法的反射
- [javaSE] 反射-获取类的成员属性和构造方法
- [javaSE] 反射-Class类的基本操作