Java Reference
In-Depth Information
The filterInvocationDefinitionSource is the key property for the FilterChainProxy . It
defines a ruleset for invoking the filters. As shown in Listing 6-3, it will convert an incom-
ing request URL to lowercase before any comparison. It will use Apache Ant-based
pattern matching to map an incoming request to the Spring Security filters. In this exam-
ple, all the incoming requests will pass through five filters. (I will get into the core of
Spring Security in a while and explain the functions of each of these filters.) There are
several other concrete filter implementations provided by Spring. You can refer to the
Spring Security documentation at
site/index.html for more details about them. For our purposes in this section, these five
will be sufficient.
The httpSessionContextIntegrationFilter filter will be the first filter to be executed
when the request reaches FilterChainProxy . The ordering is important because one filter
may depend on the value set by the preceding or succeeding ones. In other words, setting
the filters in a different order may lead to unpredictable results. Figure 6-3 shows the
filter chaining.
Figure 6-3. Filter chaining in Spring Security
Session Context Integration Filter (SCIF)
This is the first of the five filters in the chain that is executed in Spring Security. SCIF
checks whether an HttpSession has been started, and it contains a security context object.
If the SecurityContext object is not found, it creates a new instance of this object. SCIF
puts the security context object in a temporary placeholder called a security context
holder for the other filters in the chain to access and update important information such
Search WWH ::

Custom Search