FilterChain源码阅读

源码阅读

FilterChain 是一个接口，定义有doFilter方法。

void doFilter(ServletRequest var1, ServletResponse var2) throws IOException, ServletException;

ApplicationFilterChain implement FilterChain

ApplicationFilterChain 里的doFilter 方法主要调用了this.internalDoFilter(request, response)

public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {if (Globals.IS_SECURITY_ENABLED) {ServletRequest req = request;ServletResponse res = response;try {AccessController.doPrivileged(() -> {this.internalDoFilter(req, res);return null;});} catch (PrivilegedActionException var7) {Exception e = var7.getException();if (e instanceof ServletException) {throw (ServletException)e;}if (e instanceof IOException) {throw (IOException)e;}if (e instanceof RuntimeException) {throw (RuntimeException)e;}throw new ServletException(e.getMessage(), e);}} else {this.internalDoFilter(request, response);}}

internalDoFilter方法里主要也是filter.doFilter(request, response, this);

private void internalDoFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {。。。。filter.doFilter(request, response, this);。。。。}

abstract class GenericFilterBean implements Filter, BeanNameAware, EnvironmentAware, EnvironmentCapable, ServletContextAware, InitializingBean, DisposableBean 是一个通用过滤器抽象类。
abstract class OncePerRequestFilter extends GenericFilterBean 也是一个抽象类，每个请求过滤器一次。

主要doFilter

 public final void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws ServletException, IOException {if (request instanceof HttpServletRequest && response instanceof HttpServletResponse) {HttpServletRequest httpRequest = (HttpServletRequest)request;HttpServletResponse httpResponse = (HttpServletResponse)response;String alreadyFilteredAttributeName = this.getAlreadyFilteredAttributeName();boolean hasAlreadyFilteredAttribute = request.getAttribute(alreadyFilteredAttributeName) != null;if (!this.skipDispatch(httpRequest) && !this.shouldNotFilter(httpRequest)) {if (hasAlreadyFilteredAttribute) {if (DispatcherType.ERROR.equals(request.getDispatcherType())) {this.doFilterNestedErrorDispatch(httpRequest, httpResponse, filterChain);return;}filterChain.doFilter(request, response);} else {request.setAttribute(alreadyFilteredAttributeName, Boolean.TRUE);try {this.doFilterInternal(httpRequest, httpResponse, filterChain);} finally {request.removeAttribute(alreadyFilteredAttributeName);}}} else {filterChain.doFilter(request, response);}} else {throw new ServletException("OncePerRequestFilter just supports HTTP requests");}}

class CharacterEncodingFilter extends OncePerRequestFilter，字符编码过滤器。
class WebMvcMetricsFilter extends OncePerRequestFilter，Web Mvc 指标过滤器。
class FormContentFilter extends OncePerRequestFilter，表单内容过滤器。
class RequestContextFilter extends OncePerRequestFilter，请求上下文过滤器。
class DelegatingFilterProxy extends GenericFilterBean，委派过滤器代理。

public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws ServletException, IOException {Filter delegateToUse = this.delegate;if (delegateToUse == null) {synchronized(this.delegateMonitor) {delegateToUse = this.delegate;if (delegateToUse == null) {WebApplicationContext wac = this.findWebApplicationContext();if (wac == null) {throw new IllegalStateException("No WebApplicationContext found: no ContextLoaderListener or DispatcherServlet registered?");}delegateToUse = this.initDelegate(wac);}this.delegate = delegateToUse;}}this.invokeDelegate(delegateToUse, request, response, filterChain);}

 protected void invokeDelegate(Filter delegate, ServletRequest request, ServletResponse response, FilterChain filterChain) throws ServletException, IOException {delegate.doFilter(request, response, filterChain);}

class FilterChainProxy extends GenericFilterBean，过滤链代理。

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {boolean clearContext = request.getAttribute(FILTER_APPLIED) == null;if (!clearContext) {this.doFilterInternal(request, response, chain);} else {try {request.setAttribute(FILTER_APPLIED, Boolean.TRUE);this.doFilterInternal(request, response, chain);} catch (Exception var11) {Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(var11);Throwable requestRejectedException = this.throwableAnalyzer.getFirstThrowableOfType(RequestRejectedException.class, causeChain);if (!(requestRejectedException instanceof RequestRejectedException)) {throw var11;}this.requestRejectedHandler.handle((HttpServletRequest)request, (HttpServletResponse)response, (RequestRejectedException)requestRejectedException);} finally {SecurityContextHolder.clearContext();request.removeAttribute(FILTER_APPLIED);}}}

private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {FirewalledRequest firewallRequest = this.firewall.getFirewalledRequest((HttpServletRequest)request);HttpServletResponse firewallResponse = this.firewall.getFirewalledResponse((HttpServletResponse)response);List<Filter> filters = this.getFilters((HttpServletRequest)firewallRequest);if (filters != null && filters.size() != 0) {if (logger.isDebugEnabled()) {logger.debug(LogMessage.of(() -> {return "Securing " + requestLine(firewallRequest);}));}FilterChainProxy.VirtualFilterChain virtualFilterChain = new FilterChainProxy.VirtualFilterChain(firewallRequest, chain, filters);virtualFilterChain.doFilter(firewallRequest, firewallResponse);} else {if (logger.isTraceEnabled()) {logger.trace(LogMessage.of(() -> {return "No security for " + requestLine(firewallRequest);}));}firewallRequest.reset();chain.doFilter(firewallRequest, firewallResponse);}}

final class VirtualFilterChain implements FilterChain（FilterChainProxy内）

private static final class VirtualFilterChain implements FilterChain {private final FilterChain originalChain;private final List<Filter> additionalFilters;private final FirewalledRequest firewalledRequest;private final int size;private int currentPosition;private VirtualFilterChain(FirewalledRequest firewalledRequest, FilterChain chain, List<Filter> additionalFilters) {this.currentPosition = 0;this.originalChain = chain;this.additionalFilters = additionalFilters;this.size = additionalFilters.size();this.firewalledRequest = firewalledRequest;}public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {if (this.currentPosition == this.size) {if (FilterChainProxy.logger.isDebugEnabled()) {FilterChainProxy.logger.debug(LogMessage.of(() -> {return "Secured " + FilterChainProxy.requestLine(this.firewalledRequest);}));}this.firewalledRequest.reset();this.originalChain.doFilter(request, response);} else {++this.currentPosition;Filter nextFilter = (Filter)this.additionalFilters.get(this.currentPosition - 1);if (FilterChainProxy.logger.isTraceEnabled()) {FilterChainProxy.logger.trace(LogMessage.format("Invoking %s (%d/%d)", nextFilter.getClass().getSimpleName(), this.currentPosition, this.size));}nextFilter.doFilter(request, response, this);}}}

class WebAsyncManagerIntegrationFilter extends OncePerRequestFilter，Web 异步管理器集成过滤器。

public final class WebAsyncManagerIntegrationFilter extends OncePerRequestFilter {private static final Object CALLABLE_INTERCEPTOR_KEY = new Object();public WebAsyncManagerIntegrationFilter() {}protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {WebAsyncManager asyncManager = WebAsyncUtils.getAsyncManager(request);SecurityContextCallableProcessingInterceptor securityProcessingInterceptor = (SecurityContextCallableProcessingInterceptor)asyncManager.getCallableInterceptor(CALLABLE_INTERCEPTOR_KEY);if (securityProcessingInterceptor == null) {asyncManager.registerCallableInterceptor(CALLABLE_INTERCEPTOR_KEY, new SecurityContextCallableProcessingInterceptor());}filterChain.doFilter(request, response);}
}

class SecurityContextPersistenceFilter extends GenericFilterBean，安全上下文持久性过滤器。

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {this.doFilter((HttpServletRequest)request, (HttpServletResponse)response, chain);}private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {if (request.getAttribute("__spring_security_scpf_applied") != null) {chain.doFilter(request, response);} else {request.setAttribute("__spring_security_scpf_applied", Boolean.TRUE);if (this.forceEagerSessionCreation) {HttpSession session = request.getSession();if (this.logger.isDebugEnabled() && session.isNew()) {this.logger.debug(LogMessage.format("Created session %s eagerly", session.getId()));}}HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);SecurityContext contextBeforeChainExecution = this.repo.loadContext(holder);boolean var10 = false;try {var10 = true;SecurityContextHolder.setContext(contextBeforeChainExecution);if (contextBeforeChainExecution.getAuthentication() == null) {this.logger.debug("Set SecurityContextHolder to empty SecurityContext");} else if (this.logger.isDebugEnabled()) {this.logger.debug(LogMessage.format("Set SecurityContextHolder to %s", contextBeforeChainExecution));}chain.doFilter(holder.getRequest(), holder.getResponse());var10 = false;} finally {if (var10) {SecurityContext contextAfterChainExecution = SecurityContextHolder.getContext();SecurityContextHolder.clearContext();this.repo.saveContext(contextAfterChainExecution, holder.getRequest(), holder.getResponse());request.removeAttribute("__spring_security_scpf_applied");this.logger.debug("Cleared SecurityContextHolder to complete request");}}SecurityContext contextAfterChainExecution = SecurityContextHolder.getContext();SecurityContextHolder.clearContext();this.repo.saveContext(contextAfterChainExecution, holder.getRequest(), holder.getResponse());request.removeAttribute("__spring_security_scpf_applied");this.logger.debug("Cleared SecurityContextHolder to complete request");}}

class HeaderWriterFilter extends OncePerRequestFilter，标头编写器过滤器。

 protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {if (this.shouldWriteHeadersEagerly) {this.doHeadersBefore(request, response, filterChain);} else {this.doHeadersAfter(request, response, filterChain);}}private void doHeadersAfter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {HeaderWriterFilter.HeaderWriterResponse headerWriterResponse = new HeaderWriterFilter.HeaderWriterResponse(request, response);HeaderWriterFilter.HeaderWriterRequest headerWriterRequest = new HeaderWriterFilter.HeaderWriterRequest(request, headerWriterResponse);try {filterChain.doFilter(headerWriterRequest, headerWriterResponse);} finally {headerWriterResponse.writeHeaders();}}

class LogoutFilter extends GenericFilterBean，注销过滤器。

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {this.doFilter((HttpServletRequest)request, (HttpServletResponse)response, chain);}private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {if (this.requiresLogout(request, response)) {Authentication auth = SecurityContextHolder.getContext().getAuthentication();if (this.logger.isDebugEnabled()) {this.logger.debug(LogMessage.format("Logging out [%s]", auth));}this.handler.logout(request, response, auth);this.logoutSuccessHandler.onLogoutSuccess(request, response, auth);} else {chain.doFilter(request, response);}}

abstract class AbstractAuthenticationProcessingFilter extends GenericFilterBeanimplements ApplicationEventPublisherAware, MessageSourceAware ，抽象认证处理过滤器。

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {this.doFilter((HttpServletRequest)request, (HttpServletResponse)response, chain);}private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {if (!this.requiresAuthentication(request, response)) {chain.doFilter(request, response);} else {try {Authentication authenticationResult = this.attemptAuthentication(request, response);if (authenticationResult == null) {return;}this.sessionStrategy.onAuthentication(authenticationResult, request, response);if (this.continueChainBeforeSuccessfulAuthentication) {chain.doFilter(request, response);}this.successfulAuthentication(request, response, chain, authenticationResult);} catch (InternalAuthenticationServiceException var5) {this.logger.error("An internal error occurred while trying to authenticate the user.", var5);this.unsuccessfulAuthentication(request, response, var5);} catch (AuthenticationException var6) {this.unsuccessfulAuthentication(request, response, var6);}}}

class DefaultLoginPageGeneratingFilter extends GenericFilterBean，默认登录页面生成过滤器。

 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {this.doFilter((HttpServletRequest)request, (HttpServletResponse)response, chain);}private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {boolean loginError = this.isErrorPage(request);boolean logoutSuccess = this.isLogoutSuccess(request);if (!this.isLoginUrlRequest(request) && !loginError && !logoutSuccess) {chain.doFilter(request, response);} else {String loginPageHtml = this.generateLoginPageHtml(request, loginError, logoutSuccess);response.setContentType("text/html;charset=UTF-8");response.setContentLength(loginPageHtml.getBytes(StandardCharsets.UTF_8).length);response.getWriter().write(loginPageHtml);}}

class DefaultLogoutPageGeneratingFilter extends OncePerRequestFilter，默认注销页面生成过滤器。
class RequestCacheAwareFilter extends GenericFilterBean，请求缓存感知过滤器。
class SecurityContextHolderAwareRequestFilter extends GenericFilterBean，安全上下文持有者感知请求过滤器。
class AnonymousAuthenticationFilter extends GenericFilterBean implements InitializingBean，匿名身份验证过滤器。
class SessionManagementFilter extends GenericFilterBean，会话管理过滤器。

 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {this.doFilter((HttpServletRequest)request, (HttpServletResponse)response, chain);}private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {if (request.getAttribute("__spring_security_session_mgmt_filter_applied") != null) {chain.doFilter(request, response);} else {request.setAttribute("__spring_security_session_mgmt_filter_applied", Boolean.TRUE);if (!this.securityContextRepository.containsContext(request)) {Authentication authentication = SecurityContextHolder.getContext().getAuthentication();if (authentication != null && !this.trustResolver.isAnonymous(authentication)) {try {this.sessionAuthenticationStrategy.onAuthentication(authentication, request, response);} catch (SessionAuthenticationException var6) {this.logger.debug("SessionAuthenticationStrategy rejected the authentication object", var6);SecurityContextHolder.clearContext();this.failureHandler.onAuthenticationFailure(request, response, var6);return;}this.securityContextRepository.saveContext(SecurityContextHolder.getContext(), request, response);} else if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) {if (this.logger.isDebugEnabled()) {this.logger.debug(LogMessage.format("Request requested invalid session id %s", request.getRequestedSessionId()));}if (this.invalidSessionStrategy != null) {this.invalidSessionStrategy.onInvalidSessionDetected(request, response);return;}}}chain.doFilter(request, response);}}

class ExceptionTranslationFilter extends GenericFilterBean implements MessageSourceAware，异常翻译过滤器。

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {this.doFilter((HttpServletRequest)request, (HttpServletResponse)response, chain);}private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {try {chain.doFilter(request, response);} catch (IOException var7) {throw var7;} catch (Exception var8) {Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(var8);RuntimeException securityException = (AuthenticationException)this.throwableAnalyzer.getFirstThrowableOfType(AuthenticationException.class, causeChain);if (securityException == null) {securityException = (AccessDeniedException)this.throwableAnalyzer.getFirstThrowableOfType(AccessDeniedException.class, causeChain);}if (securityException == null) {this.rethrow(var8);}if (response.isCommitted()) {throw new ServletException("Unable to handle the Spring Security Exception because the response is already committed.", var8);}this.handleSpringSecurityException(request, response, chain, (RuntimeException)securityException);}}

class WsFilter extends GenericFilter ，ws过滤器。
class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter，过滤器安全拦截器。

FilterChain源码阅读相关推荐

SpringMVC源码阅读：过滤器
SpringMVC源码阅读:过滤器目录 1.前言 2.源码分析 3.自定义过滤器 3.1 自定义过滤器继承OncePerRequestFilter 3.2 自定义过滤器实现Filter接口 4.过滤 ...
Alibaba Druid 源码阅读（五）数据库连接池连接关闭探索
Alibaba Druid 源码阅读(五)数据库连接池连接关闭探索简介在上文中探索了数据库连接池的获取,下面接着初步来探索下数据库连接的关闭,看看其中具体执行了那些操作连接关闭下面的具体的代 ...
Alibaba Druid 源码阅读（四）数据库连接池中连接获取探索
Alibaba Druid 源码阅读(四) 数据库连接池中连接获取探索简介上文中分析了数据库连接池的初始化部分,接下来我们来看看获取连接部分的代码数据库连接池中连接获取下面的相关的代码,在代码 ...
Alibaba Druid 源码阅读（二）数据库连接池实现初步探索
Alibaba Druid 源码阅读(二) 数据库连接池实现初步探索简介在上篇文章中,了解了连接池的应用场景和本地运行了示例,本篇文章中,我们尝试来探索下Alibaba Druid数据库连接池的整 ...
应用监控CAT之cat-client源码阅读（一）
CAT 由大众点评开发的,基于 Java 的实时应用监控平台,包括实时应用监控,业务监控.对于及时发现线上问题非常有用.(不知道大家有没有在用) 应用自然是最初级的,用完之后,还想了解下其背后的原理, ...
centos下将vim配置为强大的源码阅读器
每日杂事缠身,让自己在不断得烦扰之后终于有了自己的清静时光来熟悉一下我的工具,每次熟悉源码都需要先在windows端改好,拖到linux端,再编译.出现问题,还得重新回到windows端,这个过程太耗 ...
源码阅读：AFNetworking（十六）——UIWebView+AFNetworking
该文章阅读的AFNetworking的版本为3.2.0. 这个分类提供了对请求周期进行控制的方法,包括进度监控.成功和失败的回调. 1.接口文件 1.1.属性 /**网络会话管理者对象*/ @prop ...
源码阅读：SDWebImage（六）——SDWebImageCoderHelper
该文章阅读的SDWebImage的版本为4.3.3. 这个类提供了四个方法,这四个方法可分为两类,一类是动图处理,一类是图像方向处理. 1.私有函数先来看一下这个类里的两个函数 /**这个函数是计算 ...
mybatis源码阅读
说下mybatis执行一个sql语句的流程执行语句,事务等SqlSession都交给了excutor,excutor又委托给statementHandler SimpleExecutor:每执行一次 ...

FilterChain源码阅读

源码阅读

FilterChain源码阅读相关推荐

最新文章

热门文章