- The impact of Spring Security on our application is achieved through a series of servletrequest filters.
- Spring Security uses the O.s.web.filter.delegatingfilterproxy servlet filter to wrap all application requests to ensure they are secure.
- Delegatingfilterproxy is actually provided by the Spring framework, not security-specific. This filter is typically used in spring-built Web application engineering and combines the spring Bean that relies on the servlet filter with the life cycle of the Servle filter.
You can configure such a filter by adding the following code to the Web. XML deployment description file. This code is after the <servlet-mapping> of Spring MVC:
1 <Filter>2 <Filter-name>Springsecurityfilterchain</Filter-name>3 <Filterclass>4 Org.springframework.web.filter.DelegatingFilterProxy5 </Filter-class>6 </Filter>7 <filter-mapping>8 <Filter-name>Springsecurityfilterchain</Filter-name>9 <Url-pattern>/*</Url-pattern>Ten </filter-mapping>
All we do is use a servletrequest filter and configure it to handle requests that match the given URL pattern (/*). Because this wildcard pattern we configured matches all URLs, this filter will be applied to each request.
"Spring-security" "2" delegatingfilterproxy