Spring Security를 커스터마이징하기 위해서는 그리고 이해하기 위해서는 아래 필터 체인을 이해하는 것이 좋다.
아래 그림은 인터넷에 돌아다니는 Spring Security 호출 그림을 내가 다시 깔끔하게 그려본 것이다.
Table 3.1. Standard Filter Aliases and Ordering
(https://docs.spring.io/spring-security/site/docs/3.1.x/reference/ns-config.html)
Alias | Filter Class | Namespace Element or Attribute |
---|---|---|
CHANNEL_FILTER | ChannelProcessingFilter | http/ |
SECURITY_CONTEXT_FILTER | SecurityContextPersistenceFilter | http |
CONCURRENT_SESSION_FILTER | ConcurrentSessionFilter | session-management/ |
LOGOUT_FILTER | LogoutFilter | http/logout |
X509_FILTER | X509AuthenticationFilter | http/x509 |
PRE_AUTH_FILTER | AstractPreAuthenticatedProcessingFilter Subclasses | N/A |
CAS_FILTER | CasAuthenticationFilter | N/A |
FORM_LOGIN_FILTER | UsernamePasswordAuthenticationFilter | http/form-login |
BASIC_AUTH_FILTER | BasicAuthenticationFilter | http/http-basic |
SERVLET_API_SUPPORT_FILTER | SecurityContextHolderAwareRequestFilter | http/ |
JAAS_API_SUPPORT_FILTER | JaasApiIntegrationFilter | http/ |
REMEMBER_ME_FILTER | RememberMeAuthenticationFilter | http/remember-me |
ANONYMOUS_FILTER | AnonymousAuthenticationFilter | http/anonymous |
SESSION_MANAGEMENT_FILTER | SessionManagementFilter | session-management |
EXCEPTION_TRANSLATION_FILTER | ExceptionTranslationFilter | http |
FILTER_SECURITY_INTERCEPTOR | FilterSecurityInterceptor | http |
SWITCH_USER_FILTER | SwitchUserFilter | N/A |
API Document
- Spring Security 3.1.7 API Docs
- Spring Security Filter Chain
Filter Class
- SecurityContextPersistenceFilter
- LogoutFilter
UsernamePasswordAuthenticationFilter
DefaultLoginPageGeneratingFilter
BasicAuthenticationFilter
- RememberMeAuthenticationFilter
- SecurityContextHolderAwareRequestFilter
- AnonymousAuthenticationFilter
- SessionManagementFilter
- ExceptionTranslationFilter
- FilterSecurityInterceptor
Authentication class
- SecurityContextHolder
Authentication interface
- SecurityContextRepository
- SecurityContext
- LogoutSuccessHandler
- Authentication
- AuthenticationManager
- AuthenticationProvider
- UserDetails
- AuthenticationSuccessHandler
- UserDetailService
- GrantedAuthority
- AuthenticationFailureHandler
- SessionAuthenticationStrategy
- SessionRegistry
- RequestCache
Authorization interface
- AuthenticationEntryPoint
- AccessDeniedHandler
- AccessDecisionManager
- AccessDecisionVoter
- SecurityMetadataSource
Authorization class
- AffirmativeBased
implemented : AccessDecisionManager
- RoleVoter
implemented : AccessDecisionVoter
- DefaultMethodSecurityExpressionHandler
implemented : MethodSecurityExpressionHandler, SecurityExpressionHandler
- AbstractAuthenticationToken
implemented : Authentication
- AnonymousAuthenticationToken
implemented : Authentication
- UsernamePasswordAuthenticationToken
implemented : Authentication
'Devlopment > Spring' 카테고리의 다른 글
SPRING FRAMEWORK 5의 변화 (1) | 2017.10.04 |
---|---|
Spring File 읽어오기 (0) | 2017.07.01 |
RestController의 기본 컨텐츠 타입 변경 (0) | 2017.03.07 |
Spring message 설정하기 (0) | 2017.02.20 |
Spring에서 Webjars 사용하기 (0) | 2017.02.20 |
[SpringSecurity] Method 레벨에서 AccessDeniedException 처리하기 (0) | 2017.02.07 |
Spring Security custom expression (0) | 2017.02.01 |
Spring Security 관련 레퍼런스 정리 (0) | 2017.02.01 |
Jackson에서 null string 안 보이게 설정 (1) | 2016.08.12 |
JPA Hibernate 사용 중 ORA-00001: 무결성 제약 조건( ORA-00001 에러 (0) | 2016.06.07 |