filter别名、常用的filter类及命名空间:
Alias |
Filter Class |
Namespace Element or Attribute |
CHANNEL_FILTER |
ChannelProcessingFilter |
http/ intercept-url@ requires-channel |
SECURITY_CONTEXT_FILTER |
SecurityContextPersistenceFilter |
http |
CONCURRENT_SESSION_FILTER |
ConcurrentSessionFilter |
session-management/ concurrency-control |
LOGOUT_FILTER |
LogoutFilter |
http/logout |
X509_FILTER |
X509AuthenticationFilter |
http/x509 |
PRE_AUTH_FILTER |
AstractPreAuthenticated ProcessingFilter Subclasses |
N/A |
CAS_FILTER |
CasAuthenticationFilter |
N/A |
FORM_LOGIN_FILTER |
UsernamePasswordAuthenticationFilter |
http/form-login |
BASIC_AUTH_FILTER |
BasicAuthenticationFilter |
http/http-basic |
SERVLET_API_SUPPORT_FILTER |
SecurityContextHolderAwareRequestFilter |
http/ @servlet-api-provision |
JAAS_API_SUPPORT_FILTER |
JaasApiIntegrationFilter |
http/ @jaas-api-provision |
REMEMBER_ME_FILTER |
RememberMeAuthenticationFilter |
http/remember-me |
ANONYMOUS_FILTER |
AnonymousAuthenticationFilter |
http/anonymous |
SESSION_MANAGEMENT_FILTER |
SessionManagementFilter |
session-management |
EXCEPTION_TRANSLATION_FILTER |
ExceptionTranslationFilter |
http |
FILTER_SECURITY_INTERCEPTOR |
FilterSecurityInterceptor |
http |
SWITCH_USER_FILTER |
SwitchUserFilter |
N/A |
- 登陆验证的配置:
<httpauto-config='true'>
<form-loginlogin-page='/login.jsp'/>
</http>
登陆的默认响应类是:UsernamePasswordAuthenticationFilter,访问路径是/j_spring_security_check。用户名、密码是j_username和j_password
- 自定义filter:
<custom-filter position="FORM_LOGIN_FILTER" ref="myFilter" />
</http>
<beans:bean id="myFilter" class="com.mycompany.MySpecialAuthenticationFilter"/>
添加http命名空间下的Filter,如SecurityContextPersistenceFilter。并覆盖FORM_LOGIN_FILTER所对应的UsernamePasswordAuthenticationFilter。