The order that filters are defined in web.xml is very important. Irrespective of which filters you are actually using, the order of the <filter-mapping>s should be as follows:
1,ChannelProcessingFilter, because it might need to redirect to a different protocol
2,ConcurrentSessionFilter, because it doesn't use any SecurityContextHolder functionality but needs to update the SessionRegistry to reflect ongoing requests from the principal
3,HttpSessionContextIntegrationFilter, so a SecurityContext can be setup in the SecurityContextHolder at the beginning of a web request, and any changes to the SecurityContext can be copied to the HttpSession when the web request ends (ready for use with the next web request)
4,Authentication processing mechanisms - AuthenticationProcessingFilter, CasProcessingFilter, BasicProcessingFilter, HttpRequestIntegrationFilter, JbossIntegrationFilter etc - so that the SecurityContextHolder can be modified to contain a valid Authentication request token
5,The SecurityContextHolderAwareRequestFilter, if you are using it to install an Acegi Security aware HttpServletRequestWrapper into your servlet container
6,RememberMeProcessingFilter, so that if no earlier authentication processing mechanism updated the SecurityContextHolder, and the request presents a cookie that enables remember-me services to take place, a suitable remembered Authentication object will be put there
7,AnonymousProcessingFilter, so that if no earlier authentication processing mechanism updated the SecurityContextHolder, an anonymous Authentication object will be put there
8,ExceptionTranslationFilter, to catch any Acegi Security exceptions so that either a HTTP error response can be returned or an appropriate AuthenticationEntryPoint can be launched
9,FilterSecurityInterceptor, to protect web URIs
All of the above filters use FilterToBeanProxy or FilterChainProxy. It is recommended that a single FilterToBeanProxy proxy through to a single FilterChainProxy for each application, with that FilterChainProxy defining all of Acegi Security Filters.
分享到:
相关推荐
演示实例 博文链接:https://melin.iteye.com/blog/161950
acegi,acegi,acegi
不错的ACEGI 教程
Acegi文档 spring acegi 详细文档
acegi 框架 介绍 spring 安全
Acegi能做什么 Acegi的体系结构 Acegi核心组件 典型的web认证过程 Acegi的登陆认证 Acegi对安全对象的访问控制 Filter 组件 Acegi的不足之处
它使用了Spring的方式提供了安全和认证安全服务,包括使用Bean Context,拦截器和面向接口的编程方式。因此,Acegi安全系统能够轻松地适用于复杂的安全需求。 安全涉及到两个不同的概念,认证和授权。前者是关于...
acegi-security 1.0.2.jar
包含acegi-security-1.0.7.jar,acegi-security-1.0.7-sources.jar,acegi-security-cas-1.0.7.jar,acegi-security-cas-1.0.7-sources.jar,acegi-security-catalina-1.0.7.jar,acegi-security-catalina-1.0.7-...
acegi,spring的安全验证框架
关于Acegi的安全框架,里面有Acegi的实例,讲述得挺清楚的,
它使用了Spring的方式提供了安全和认证安全服务,包括使用Bean Context,拦截器和面向接口的编程方式。因此,Acegi安全系统能够轻松地适用于复杂的安全需求。 安全涉及到两个不同的概念,认证和授权。前者是关于...
1、一个Acegi的例子,可以运行 2、一个很好的学Acegi的网址,0基础学习Acegi,强烈推荐 3、有什么问题可以发邮件heroshen@126.com讨论
与所有Acegi的过滤器一样,安全强制过滤器是一个有FilterToBeanProxy作为前置的 *Bean。这意味着配置一个安全强制过滤器的第一步是在应用的web.xml文件中为 *FilterToBeanproxy增加和元素:
Acegi使用.pdf
spring acegi 使用工程demo
实战Acegi:使用Acegi作为基于Spring框架的WEB应
Acegi学习笔记--Acegi详解Acegi学习笔记--Acegi详解Acegi学习笔记--Acegi详解Acegi学习笔记--Acegi详解Acegi学习笔记--Acegi详解