RequestCacheAwareFilter过滤器对应的类路径为 org.springframework.security.web.savedrequest.RequestCacheAwareFilter
这个filter的用途官方解释是 用于用户登录成功后,重新恢复因为登录被打断的请求 这个解释也有几点需要说明 被打算的请求:简单点说就是出现了AuthenticationException、AccessDeniedException两类异常 重新恢复:既然能够恢复,那肯定请求信息被保存到cache中了
首先看被打断请求是如何保存到cache中的 实际上,上一篇的ExceptionTranslationFilter分析已经提到了 requestCache.saveRequest(request, response) 是的,如果出现AuthenticationException或者是匿名登录的抛出了AccessDeniedException,都会把当前request保存到cache中。这里的cache是HttpSessionRequestCache,接着看HttpSessionRequestCache的saveRequest方法
- public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
-
- if (!justUseSavedRequestOnGet || "GET".equals(request.getMethod())) {
-
- DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, portResolver);
-
- if (createSessionAllowed || request.getSession(false) != null) {
- request.getSession().setAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY, savedRequest);
- }
- }
-
- }
这里应该知道,实际上被打断的请求被封装成DefaultSavedRequest对象保存到session中了
分析完保存被打断的请求,接着就分析如何恢复被打断的请求了。RequestCacheAwareFilter过滤器就是完成恢复的工作。看doFilter方法
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
- throws IOException, ServletException {
-
- HttpServletRequest wrappedSavedRequest =
- requestCache.getMatchingRequest((HttpServletRequest)request, (HttpServletResponse)response);
- chain.doFilter(wrappedSavedRequest == null ? request : wrappedSavedRequest, response);
- }
继续看HttpSessionRequestCache处理过程
-
- public SavedRequest getRequest(HttpServletRequest currentRequest, HttpServletResponse response) {
- HttpSession session = currentRequest.getSession(false);
-
- if (session != null) {
- return (DefaultSavedRequest) session.getAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY);
- }
-
- return null;
- }
-
- public void removeRequest(HttpServletRequest currentRequest, HttpServletResponse response) {
- HttpSession session = currentRequest.getSession(false);
-
- if (session != null) {
- logger.debug("Removing DefaultSavedRequest from session if present");
- session.removeAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY);
- }
- }
-
- public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
- DefaultSavedRequest saved = (DefaultSavedRequest) getRequest(request, response);
-
- if (saved == null) {
- return null;
- }
-
- if (!saved.doesRequestMatch(request, portResolver)) {
- logger.debug("saved request doesn't match");
- return null;
- }
-
- removeRequest(request, response);
-
- return new SavedRequestAwareWrapper(saved, request);
- }
接着分析doesRequestMatch方法,看请求是如何匹配的
-
-
- public boolean doesRequestMatch(HttpServletRequest request, PortResolver portResolver) {
-
- if (!propertyEquals("pathInfo", this.pathInfo, request.getPathInfo())) {
- return false;
- }
-
- if (!propertyEquals("queryString", this.queryString, request.getQueryString())) {
- return false;
- }
-
- if (!propertyEquals("requestURI", this.requestURI, request.getRequestURI())) {
- return false;
- }
-
- if (!"GET".equals(request.getMethod()) && "GET".equals(method)) {
-
- return false;
- }
-
- if (!propertyEquals("serverPort", new Integer(this.serverPort), new Integer(portResolver.getServerPort(request))))
- {
- return false;
- }
-
- if (!propertyEquals("requestURL", this.requestURL, request.getRequestURL().toString())) {
- return false;
- }
-
- if (!propertyEquals("scheme", this.scheme, request.getScheme())) {
- return false;
- }
-
- if (!propertyEquals("serverName", this.serverName, request.getServerName())) {
- return false;
- }
-
- if (!propertyEquals("contextPath", this.contextPath, request.getContextPath())) {
- return false;
- }
-
- if (!propertyEquals("servletPath", this.servletPath, request.getServletPath())) {
- return false;
- }
-
- return true;
- }
这里为何对POST请求匹配不成功,目前还不知道具体设计思路。知道后会进行补充
|