I was going through the source code of the org.springframework.security.web.FilterChainProxy class. I want to undersatnd how its doFilter method work. The following is the code.
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException
{
FilterInvocation fi = new FilterInvocation(request, response, chain);
List<Filter> filters = getFilters(fi.getRequestUrl());
if (filters == null || filters.size() == 0) {
if (logger.isDebugEnabled()) {
logger.debug(fi.getRequestUrl() +
filters == null ? " has no matching filters" : " has an empty filter list");
}
chain.doFilter(request, response);
return;
}
VirtualFilterChain virtualFilterChain = new VirtualFilterChain(fi, filters);
virtualFilterChain.doFilter(fi.getRequest(), fi.getResponse());
}
My understanding is If I define custom filter not related to Spring in the web.xml , they will be included in the FilterChain object passed to the FilterChainProxy (I understand this happens via the DelegatingFilterProxy). Is that correct?
I think the IF block gets executed when there are non-spring Filters defined in the web.xml and when there are no Filters defined in the application context.
VirtualFilterChain here caters for Filters defined in the application text.
There is a return statement in the If block which prevents VirtualFilterChain section getting executed.
But how does this handle both Filters defined in the web.xml and the ones defined in the application context?
Aucun commentaire:
Enregistrer un commentaire