基本原理
<font style="color:rgb(25, 27, 31);">Spring Security</font>
java
public class SimpleSecurityFilter extends HttpFilter {
@Override
protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
UsernamePasswordToken token = extractUsernameAndPasswordFrom(request); // (1)
if (notAuthenticated(token)) { // (2)
// 用户名密码错误
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); // HTTP 401.
return;
}
if (notAuthorized(token, request)) { // (3)
// 当前登录用户的权限不足
response.setStatus(HttpServletResponse.SC_FORBIDDEN); // HTTP 403
return;
}
// 通过了身份验证和权限校验,继续执行其它Filter,最终到达Servlet
chain.doFilter(request, response); // (4)
}
}FilterChain
````