|
@@ -48,12 +48,10 @@ image::{figures}/authorizationfilter.png[]
|
|
|
|
|
|
|
|
* image:{icondir}/number_1.png[] First, the `AuthorizationFilter` obtains an xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[Authentication] from the xref:servlet/authentication/architecture.adoc#servlet-authentication-securitycontextholder[SecurityContextHolder].
|
|
* image:{icondir}/number_1.png[] First, the `AuthorizationFilter` obtains an xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[Authentication] from the xref:servlet/authentication/architecture.adoc#servlet-authentication-securitycontextholder[SecurityContextHolder].
|
|
|
It wraps this in an `Supplier` in order to delay lookup.
|
|
It wraps this in an `Supplier` in order to delay lookup.
|
|
|
-* image:{icondir}/number_2.png[] Second, `AuthorizationFilter` creates a {security-api-url}org/springframework/security/web/FilterInvocation.html[`FilterInvocation`] from the `HttpServletRequest`, `HttpServletResponse`, and `FilterChain`.
|
|
|
|
|
-// FIXME: link to FilterInvocation
|
|
|
|
|
-* image:{icondir}/number_3.png[] Next, it passes the `Supplier<Authentication>` and `FilterInvocation` to the xref:servlet/architecture.adoc#authz-authorization-manager[`AuthorizationManager`].
|
|
|
|
|
-** image:{icondir}/number_4.png[] If authorization is denied, an `AccessDeniedException` is thrown.
|
|
|
|
|
|
|
+* image:{icondir}/number_2.png[] Second, it passes the `Supplier<Authentication>` and the `HttpServletRequest` to the xref:servlet/architecture.adoc#authz-authorization-manager[`AuthorizationManager`].
|
|
|
|
|
+** image:{icondir}/number_3.png[] If authorization is denied, an `AccessDeniedException` is thrown.
|
|
|
In this case the xref:servlet/architecture.adoc#servlet-exceptiontranslationfilter[`ExceptionTranslationFilter`] handles the `AccessDeniedException`.
|
|
In this case the xref:servlet/architecture.adoc#servlet-exceptiontranslationfilter[`ExceptionTranslationFilter`] handles the `AccessDeniedException`.
|
|
|
-** image:{icondir}/number_5.png[] If access is granted, `AuthorizationFilter` continues with the xref:servlet/architecture.adoc#servlet-filters-review[FilterChain] which allows the application to process normally.
|
|
|
|
|
|
|
+** image:{icondir}/number_4.png[] If access is granted, `AuthorizationFilter` continues with the xref:servlet/architecture.adoc#servlet-filters-review[FilterChain] which allows the application to process normally.
|
|
|
|
|
|
|
|
We can configure Spring Security to have different rules by adding more rules in order of precedence.
|
|
We can configure Spring Security to have different rules by adding more rules in order of precedence.
|
|
|
|
|
|
Marcus Da Coregio
