부팅시 beanFactory에 의해 수집된 bean 들을 tomcat start시 등록함. 여기에는 filter class들도 포함됨.
<init>:62, FilterRegistrationBean (org.springframework.boot.web.servlet)
createRegistrationBean:294, ServletContextInitializerBeans$FilterRegistrationBeanAdapter (org.springframework.boot.web.servlet)
createRegistrationBean:290, ServletContextInitializerBeans$FilterRegistrationBeanAdapter (org.springframework.boot.web.servlet)
addAsRegistrationBean:181, ServletContextInitializerBeans (org.springframework.boot.web.servlet)
addAsRegistrationBean:170, ServletContextInitializerBeans (org.springframework.boot.web.servlet)
addAdaptableBeans:155, ServletContextInitializerBeans (org.springframework.boot.web.servlet)
<init>:87, ServletContextInitializerBeans (org.springframework.boot.web.servlet)
getServletContextInitializerBeans:260, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
selfInitialize:234, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
onStartup:-1, 426168907 (org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext$$Lambda$679)
onStartup:53, TomcatStarter (org.springframework.boot.web.embedded.tomcat)
startInternal:5219, StandardContext (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
call:1396, ContainerBase$StartChild (org.apache.catalina.core)
call:1386, ContainerBase$StartChild (org.apache.catalina.core)
run$$$capture:264, FutureTask (java.util.concurrent)
run:-1, FutureTask (java.util.concurrent)
- Async stack trace
<init>:132, FutureTask (java.util.concurrent)
newTaskFor:108, AbstractExecutorService (java.util.concurrent)
submit:139, AbstractExecutorService (java.util.concurrent)
startInternal:919, ContainerBase (org.apache.catalina.core)
startInternal:835, StandardHost (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
call:1396, ContainerBase$StartChild (org.apache.catalina.core)
call:1386, ContainerBase$StartChild (org.apache.catalina.core)
run$$$capture:264, FutureTask (java.util.concurrent)
run:-1, FutureTask (java.util.concurrent)
- Async stack trace
<init>:132, FutureTask (java.util.concurrent)
newTaskFor:108, AbstractExecutorService (java.util.concurrent)
submit:139, AbstractExecutorService (java.util.concurrent)
startInternal:919, ContainerBase (org.apache.catalina.core)
startInternal:263, StandardEngine (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
startInternal:432, StandardService (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
startInternal:927, StandardServer (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
start:486, Tomcat (org.apache.catalina.startup)
initialize:123, TomcatWebServer (org.springframework.boot.web.embedded.tomcat)
<init>:104, TomcatWebServer (org.springframework.boot.web.embedded.tomcat)
getTomcatWebServer:450, TomcatServletWebServerFactory (org.springframework.boot.web.embedded.tomcat)
getWebServer:199, TomcatServletWebServerFactory (org.springframework.boot.web.embedded.tomcat)
createWebServer:182, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
onRefresh:160, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
refresh:577, AbstractApplicationContext (org.springframework.context.support)
refresh:145, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
refresh:754, SpringApplication (org.springframework.boot)
refreshContext:434, SpringApplication (org.springframework.boot)
run:338, SpringApplication (org.springframework.boot)
run:1343, SpringApplication (org.springframework.boot)
run:1332, SpringApplication (org.springframework.boot)
main:30, SdpApplication (com.sdp)
invoke0:-2, NativeMethodAccessorImpl (jdk.internal.reflect)
invoke:62, NativeMethodAccessorImpl (jdk.internal.reflect)
invoke:43, DelegatingMethodAccessorImpl (jdk.internal.reflect)
invoke:566, Method (java.lang.reflect)
run:49, RestartLauncher (org.springframework.boot.devtools.restart)
1. 부팅 시 springSecurityFilterChain 생성
public static final String DEFAULT_FILTER_NAME = "springSecurityFilterChain"; (org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java:75)org/springframework/boot/autoconfigure/security/servlet/SecurityFilterAutoConfiguration.java:58
@Bean
@ConditionalOnBean(name = DEFAULT_FILTER_NAME)
public DelegatingFilterProxyRegistrationBean securityFilterChainRegistration(
SecurityProperties securityProperties) {
DelegatingFilterProxyRegistrationBean registration = new DelegatingFilterProxyRegistrationBean(
DEFAULT_FILTER_NAME);
registration.setOrder(securityProperties.getFilter().getOrder());
registration.setDispatcherTypes(getDispatcherTypes(securityProperties));
return registration;
}securityFilterChainRegistration:63, SecurityFilterAutoConfiguration (org.springframework.boot.autoconfigure.security.servlet)
invoke0:-1, NativeMethodAccessorImpl (jdk.internal.reflect)
invoke:62, NativeMethodAccessorImpl (jdk.internal.reflect)
invoke:43, DelegatingMethodAccessorImpl (jdk.internal.reflect)
invoke:566, Method (java.lang.reflect)
instantiate:154, SimpleInstantiationStrategy (org.springframework.beans.factory.support)
instantiate:653, ConstructorResolver (org.springframework.beans.factory.support)
instantiateUsingFactoryMethod:638, ConstructorResolver (org.springframework.beans.factory.support)
instantiateUsingFactoryMethod:1352, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
createBeanInstance:1195, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
doCreateBean:582, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
createBean:542, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
lambda$doGetBean$0:335, AbstractBeanFactory (org.springframework.beans.factory.support)
getObject:-1, 1017792343 (org.springframework.beans.factory.support.AbstractBeanFactory$$Lambda$299)
getSingleton:234, DefaultSingletonBeanRegistry (org.springframework.beans.factory.support)
doGetBean:333, AbstractBeanFactory (org.springframework.beans.factory.support)
getBean:213, AbstractBeanFactory (org.springframework.beans.factory.support)
getOrderedBeansOfType:212, ServletContextInitializerBeans (org.springframework.boot.web.servlet)
getOrderedBeansOfType:203, ServletContextInitializerBeans (org.springframework.boot.web.servlet)
addServletContextInitializerBeans:97, ServletContextInitializerBeans (org.springframework.boot.web.servlet)
<init>:86, ServletContextInitializerBeans (org.springframework.boot.web.servlet)
getServletContextInitializerBeans:260, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
selfInitialize:234, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
onStartup:-1, 1409848452 (org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext$$Lambda$689)
onStartup:53, TomcatStarter (org.springframework.boot.web.embedded.tomcat)
startInternal:5219, StandardContext (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
call:1396, ContainerBase$StartChild (org.apache.catalina.core)
call:1386, ContainerBase$StartChild (org.apache.catalina.core)
run$$$capture:264, FutureTask (java.util.concurrent)
run:-1, FutureTask (java.util.concurrent)
- Async stack trace
<init>:132, FutureTask (java.util.concurrent)
newTaskFor:108, AbstractExecutorService (java.util.concurrent)
submit:139, AbstractExecutorService (java.util.concurrent)
startInternal:919, ContainerBase (org.apache.catalina.core)
startInternal:835, StandardHost (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
call:1396, ContainerBase$StartChild (org.apache.catalina.core)
call:1386, ContainerBase$StartChild (org.apache.catalina.core)
run$$$capture:264, FutureTask (java.util.concurrent)
run:-1, FutureTask (java.util.concurrent)
- Async stack trace
<init>:132, FutureTask (java.util.concurrent)
newTaskFor:108, AbstractExecutorService (java.util.concurrent)
submit:139, AbstractExecutorService (java.util.concurrent)
startInternal:919, ContainerBase (org.apache.catalina.core)
startInternal:263, StandardEngine (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
startInternal:432, StandardService (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
startInternal:927, StandardServer (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
start:486, Tomcat (org.apache.catalina.startup)
initialize:123, TomcatWebServer (org.springframework.boot.web.embedded.tomcat)
<init>:104, TomcatWebServer (org.springframework.boot.web.embedded.tomcat)
getTomcatWebServer:450, TomcatServletWebServerFactory (org.springframework.boot.web.embedded.tomcat)
getWebServer:199, TomcatServletWebServerFactory (org.springframework.boot.web.embedded.tomcat)
createWebServer:182, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
onRefresh:160, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
refresh:577, AbstractApplicationContext (org.springframework.context.support)
refresh:145, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
refresh:754, SpringApplication (org.springframework.boot)
refreshContext:434, SpringApplication (org.springframework.boot)
run:338, SpringApplication (org.springframework.boot)
run:1343, SpringApplication (org.springframework.boot)
run:1332, SpringApplication (org.springframework.boot)
main:13, SpringSocialApplication (com.example.springsocial)
2. DelegatingFilterProxyRegistrationBean 생성
org/springframework/boot/web/servlet/DelegatingFilterProxyRegistrationBean.java:84
@Override
public DelegatingFilterProxy getFilter() {
return new DelegatingFilterProxy(this.targetBeanName, getWebApplicationContext()) {
@Override
protected void initFilterBean() throws ServletException {
// Don't initialize filter bean on init()
}
};
}
this = {DelegatingFilterProxyRegistrationBean@9588} "springSecurityFilterChain urls=[/*] order=-100"
applicationContext = {AnnotationConfigServletWebServerApplicationContext@9710}
"org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@51df223b, started on Thu Mar 03 15:37:21 KST 2022"
targetBeanName = "springSecurityFilterChain"
servletRegistrationBeans = {LinkedHashSet@9712} size = 0
servletNames = {LinkedHashSet@9713} size = 0
urlPatterns = {LinkedHashSet@9714} size = 0
dispatcherTypes = {RegularEnumSet@9715} size = 3
matchAfter = false
name = "springSecurityFilterChain"
asyncSupported = true
initParameters = {LinkedHashMap@9716} size = 0
order = -100
enabled = true
getDescription (AbstractFilterRegistrationBean.java:199)
getFilter:87, DelegatingFilterProxyRegistrationBean (org.springframework.boot.web.servlet)
getFilter:54, DelegatingFilterProxyRegistrationBean (org.springframework.boot.web.servlet)
getDescription:202, AbstractFilterRegistrationBean (org.springframework.boot.web.servlet) (org/springframework/boot/web/servlet/AbstractFilterRegistrationBean.java:199)
onStartup:48, RegistrationBean (org.springframework.boot.web.servlet)
selfInitialize:235, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
onStartup:-1, 379056819 (org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext$$Lambda$689)
onStartup:53, TomcatStarter (org.springframework.boot.web.embedded.tomcat)
startInternal:5219, StandardContext (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
call:1396, ContainerBase$StartChild (org.apache.catalina.core)
call:1386, ContainerBase$StartChild (org.apache.catalina.core)
run$$$capture:264, FutureTask (java.util.concurrent)
run:-1, FutureTask (java.util.concurrent)
- Async stack trace
<init>:132, FutureTask (java.util.concurrent)
newTaskFor:108, AbstractExecutorService (java.util.concurrent)
submit:139, AbstractExecutorService (java.util.concurrent)
startInternal:919, ContainerBase (org.apache.catalina.core)
startInternal:835, StandardHost (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
call:1396, ContainerBase$StartChild (org.apache.catalina.core)
call:1386, ContainerBase$StartChild (org.apache.catalina.core)
run$$$capture:264, FutureTask (java.util.concurrent)
run:-1, FutureTask (java.util.concurrent)
- Async stack trace
<init>:132, FutureTask (java.util.concurrent)
newTaskFor:108, AbstractExecutorService (java.util.concurrent)
submit:139, AbstractExecutorService (java.util.concurrent)
startInternal:919, ContainerBase (org.apache.catalina.core)
startInternal:263, StandardEngine (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
startInternal:432, StandardService (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
startInternal:927, StandardServer (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
start:486, Tomcat (org.apache.catalina.startup)
initialize:123, TomcatWebServer (org.springframework.boot.web.embedded.tomcat)
<init>:104, TomcatWebServer (org.springframework.boot.web.embedded.tomcat)
getTomcatWebServer:450, TomcatServletWebServerFactory (org.springframework.boot.web.embedded.tomcat)
getWebServer:199, TomcatServletWebServerFactory (org.springframework.boot.web.embedded.tomcat)
createWebServer:182, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
onRefresh:160, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
refresh:577, AbstractApplicationContext (org.springframework.context.support)
refresh:145, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
refresh:754, SpringApplication (org.springframework.boot)
refreshContext:434, SpringApplication (org.springframework.boot)
run:338, SpringApplication (org.springframework.boot)
run:1343, SpringApplication (org.springframework.boot)
run:1332, SpringApplication (org.springframework.boot)
main:13, SpringSocialApplication (com.example.springsocial)
addRegistration (AbstractFilterRegistrationBean.java:199)
getFilter:87, DelegatingFilterProxyRegistrationBean (org.springframework.boot.web.servlet)
getFilter:54, DelegatingFilterProxyRegistrationBean (org.springframework.boot.web.servlet)
addRegistration:209, AbstractFilterRegistrationBean (org.springframework.boot.web.servlet) (org/springframework/boot/web/servlet/AbstractFilterRegistrationBean.java:199)
addRegistration:46, AbstractFilterRegistrationBean (org.springframework.boot.web.servlet)
register:108, DynamicRegistrationBean (org.springframework.boot.web.servlet)
onStartup:53, RegistrationBean (org.springframework.boot.web.servlet)
selfInitialize:235, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
onStartup:-1, 379056819 (org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext$$Lambda$689)
onStartup:53, TomcatStarter (org.springframework.boot.web.embedded.tomcat)
startInternal:5219, StandardContext (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
call:1396, ContainerBase$StartChild (org.apache.catalina.core)
call:1386, ContainerBase$StartChild (org.apache.catalina.core)
run$$$capture:264, FutureTask (java.util.concurrent)
run:-1, FutureTask (java.util.concurrent)
- Async stack trace
<init>:132, FutureTask (java.util.concurrent)
newTaskFor:108, AbstractExecutorService (java.util.concurrent)
submit:139, AbstractExecutorService (java.util.concurrent)
startInternal:919, ContainerBase (org.apache.catalina.core)
startInternal:835, StandardHost (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
call:1396, ContainerBase$StartChild (org.apache.catalina.core)
call:1386, ContainerBase$StartChild (org.apache.catalina.core)
run$$$capture:264, FutureTask (java.util.concurrent)
run:-1, FutureTask (java.util.concurrent)
- Async stack trace
<init>:132, FutureTask (java.util.concurrent)
newTaskFor:108, AbstractExecutorService (java.util.concurrent)
submit:139, AbstractExecutorService (java.util.concurrent)
startInternal:919, ContainerBase (org.apache.catalina.core)
startInternal:263, StandardEngine (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
startInternal:432, StandardService (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
startInternal:927, StandardServer (org.apache.catalina.core)
start:183, LifecycleBase (org.apache.catalina.util)
start:486, Tomcat (org.apache.catalina.startup)
initialize:123, TomcatWebServer (org.springframework.boot.web.embedded.tomcat)
<init>:104, TomcatWebServer (org.springframework.boot.web.embedded.tomcat)
getTomcatWebServer:450, TomcatServletWebServerFactory (org.springframework.boot.web.embedded.tomcat)
getWebServer:199, TomcatServletWebServerFactory (org.springframework.boot.web.embedded.tomcat)
createWebServer:182, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
onRefresh:160, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
refresh:577, AbstractApplicationContext (org.springframework.context.support)
refresh:145, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
refresh:754, SpringApplication (org.springframework.boot)
refreshContext:434, SpringApplication (org.springframework.boot)
run:338, SpringApplication (org.springframework.boot)
run:1343, SpringApplication (org.springframework.boot)
run:1332, SpringApplication (org.springframework.boot)
main:13, SpringSocialApplication (com.example.springsocial)
우리가 보통 설정하는 SecurityConfig는 WebSecurityConfigurerAdapter를 상속 받고 (public class SecurityConfig extends WebSecurityConfigurerAdapter) 부팅시에 아래와 같이 init이 불린다.
org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java:312
@Override
public void init(WebSecurity web) throws Exception {
HttpSecurity http = getHttp();
web.addSecurityFilterChainBuilder(http).postBuildAction(() -> {
FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class);
web.securityInterceptor(securityInterceptor);
});
}
Call Stack
init:315, WebSecurityConfigurerAdapter (org.springframework.security.config.annotation.web.configuration)
init:93, WebSecurityConfigurerAdapter (org.springframework.security.config.annotation.web.configuration)
..
init:338, AbstractConfiguredSecurityBuilder (org.springframework.security.config.annotation)
doBuild:300, AbstractConfiguredSecurityBuilder (org.springframework.security.config.annotation)
build:38, AbstractSecurityBuilder (org.springframework.security.config.annotation)
springSecurityFilterChain:127, WebSecurityConfiguration (org.springframework.security.config.annotation.web.configuration)
invoke0:-1, NativeMethodAccessorImpl (jdk.internal.reflect)
invoke:62, NativeMethodAccessorImpl (jdk.internal.reflect)
invoke:43, DelegatingMethodAccessorImpl (jdk.internal.reflect)
invoke:566, Method (java.lang.reflect)
instantiate:154, SimpleInstantiationStrategy (org.springframework.beans.factory.support)
instantiate:653, ConstructorResolver (org.springframework.beans.factory.support)
instantiateUsingFactoryMethod:486, ConstructorResolver (org.springframework.beans.factory.support)
instantiateUsingFactoryMethod:1352, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
createBeanInstance:1195, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
doCreateBean:582, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
createBean:542, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
lambda$doGetBean$0:335, AbstractBeanFactory (org.springframework.beans.factory.support)
getObject:-1, 755328698 (org.springframework.beans.factory.support.AbstractBeanFactory$$Lambda$299)
getSingleton:234, DefaultSingletonBeanRegistry (org.springframework.beans.factory.support)
doGetBean:333, AbstractBeanFactory (org.springframework.beans.factory.support)
getBean:208, AbstractBeanFactory (org.springframework.beans.factory.support)
doGetBean:322, AbstractBeanFactory (org.springframework.beans.factory.support)
getBean:208, AbstractBeanFactory (org.springframework.beans.factory.support)
preInstantiateSingletons:944, DefaultListableBeanFactory (org.springframework.beans.factory.support)
finishBeanFactoryInitialization:918, AbstractApplicationContext (org.springframework.context.support)
refresh:583, AbstractApplicationContext (org.springframework.context.support)
refresh:145, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
refresh:754, SpringApplication (org.springframework.boot)
refreshContext:434, SpringApplication (org.springframework.boot)
run:338, SpringApplication (org.springframework.boot)
run:1343, SpringApplication (org.springframework.boot)
run:1332, SpringApplication (org.springframework.boot)
main:13, SpringSocialApplication (com.example.springsocial)
springSecurityFilterChain 실행
org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java:97
@Bean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)
public Filter springSecurityFilterChain() throws Exception {
boolean hasConfigurers = this.webSecurityConfigurers != null && !this.webSecurityConfigurers.isEmpty();
boolean hasFilterChain = !this.securityFilterChains.isEmpty();
Assert.state(!(hasConfigurers && hasFilterChain),
"Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");
if (!hasConfigurers && !hasFilterChain) {
WebSecurityConfigurerAdapter adapter = this.objectObjectPostProcessor
.postProcess(new WebSecurityConfigurerAdapter() {
});
this.webSecurity.apply(adapter);
}
for (SecurityFilterChain securityFilterChain : this.securityFilterChains) {
this.webSecurity.addSecurityFilterChainBuilder(() -> securityFilterChain);
for (Filter filter : securityFilterChain.getFilters()) {
if (filter instanceof FilterSecurityInterceptor) {
this.webSecurity.securityInterceptor((FilterSecurityInterceptor) filter);
break;
}
}
}
for (WebSecurityCustomizer customizer : this.webSecurityCustomizers) {
customizer.customize(this.webSecurity);
}
return this.webSecurity.build();
}
spring-security-web/5.5.2/spring-security-web-5.5.2-sources.jar!/org/springframework/security/web/DefaultSecurityFilterChain.java:43
public final class DefaultSecurityFilterChain implements SecurityFilterChain {
private static final Log logger = LogFactory.getLog(DefaultSecurityFilterChain.class);
private final RequestMatcher requestMatcher;
private final List<Filter> filters;
public DefaultSecurityFilterChain(RequestMatcher requestMatcher, Filter... filters) {
this(requestMatcher, Arrays.asList(filters));
}
public DefaultSecurityFilterChain(RequestMatcher requestMatcher, List<Filter> filters) {
logger.info(LogMessage.format("Will secure %s with %s", requestMatcher, filters));
this.requestMatcher = requestMatcher;
this.filters = new ArrayList<>(filters);
}
0 = {WebAsyncManagerIntegrationFilter@11016}
1 = {SecurityContextPersistenceFilter@11017}
2 = {HeaderWriterFilter@11018}
3 = {CorsFilter@11019}
4 = {LogoutFilter@11020}
5 = {OAuth2AuthorizationRequestRedirectFilter@11021}
6 = {OAuth2LoginAuthenticationFilter@11022}
7 = {TokenAuthenticationFilter@11023}
8 = {RequestCacheAwareFilter@11024}
9 = {SecurityContextHolderAwareRequestFilter@11025}
10 = {AnonymousAuthenticationFilter@11026}
11 = {SessionManagementFilter@11027}
12 = {ExceptionTranslationFilter@11028}
13 = {FilterSecurityInterceptor@11029}
Call Stack
getFilters:62, DefaultSecurityFilterChain (org.springframework.security.web)
getFilters:227, FilterChainProxy (org.springframework.security.web)
doFilterInternal:198, FilterChainProxy (org.springframework.security.web)
doFilter:183, FilterChainProxy (org.springframework.security.web)
invokeDelegate:358, DelegatingFilterProxy (org.springframework.web.filter)
doFilter:271, DelegatingFilterProxy (org.springframework.web.filter)
internalDoFilter:189, ApplicationFilterChain (org.apache.catalina.core)
doFilter:162, ApplicationFilterChain (org.apache.catalina.core)
doFilterInternal:100, RequestContextFilter (org.springframework.web.filter)
doFilter:119, OncePerRequestFilter (org.springframework.web.filter)
internalDoFilter:189, ApplicationFilterChain (org.apache.catalina.core)
doFilter:162, ApplicationFilterChain (org.apache.catalina.core)
doFilterInternal:93, FormContentFilter (org.springframework.web.filter)
doFilter:119, OncePerRequestFilter (org.springframework.web.filter)
internalDoFilter:189, ApplicationFilterChain (org.apache.catalina.core)
doFilter:162, ApplicationFilterChain (org.apache.catalina.core)
doFilterInternal:201, CharacterEncodingFilter (org.springframework.web.filter)
doFilter:119, OncePerRequestFilter (org.springframework.web.filter)
internalDoFilter:189, ApplicationFilterChain (org.apache.catalina.core)
doFilter:162, ApplicationFilterChain (org.apache.catalina.core)
invoke:197, StandardWrapperValve (org.apache.catalina.core)
invoke:97, StandardContextValve (org.apache.catalina.core)
invoke:540, AuthenticatorBase (org.apache.catalina.authenticator)
invoke:135, StandardHostValve (org.apache.catalina.core)
invoke:92, ErrorReportValve (org.apache.catalina.valves)
invoke:78, StandardEngineValve (org.apache.catalina.core)
service:357, CoyoteAdapter (org.apache.catalina.connector)
service:382, Http11Processor (org.apache.coyote.http11)
process:65, AbstractProcessorLight (org.apache.coyote)
process:893, AbstractProtocol$ConnectionHandler (org.apache.coyote)
doRun:1726, NioEndpoint$SocketProcessor (org.apache.tomcat.util.net)
run:49, SocketProcessorBase (org.apache.tomcat.util.net)
runWorker:1191, ThreadPoolExecutor (org.apache.tomcat.util.threads)
run:659, ThreadPoolExecutor$Worker (org.apache.tomcat.util.threads)
run:61, TaskThread$WrappingRunnable (org.apache.tomcat.util.threads)
run:834, Thread (java.lang)
부팅시 등록된 필터들과 필터 순서들은 아래 코드에서 미리 지정되어 있다.
org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java:58
final class FilterOrderRegistration {
private static final int INITIAL_ORDER = 100;
private static final int ORDER_STEP = 100;
private final Map<String, Integer> filterToOrder = new HashMap<>();
FilterOrderRegistration() {
Step order = new Step(INITIAL_ORDER, ORDER_STEP);
put(ChannelProcessingFilter.class, order.next());
order.next(); // gh-8105
put(WebAsyncManagerIntegrationFilter.class, order.next());
put(SecurityContextPersistenceFilter.class, order.next());
put(HeaderWriterFilter.class, order.next());
put(CorsFilter.class, order.next());
put(CsrfFilter.class, order.next());
put(LogoutFilter.class, order.next());
this.filterToOrder.put(
"org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter",
order.next());
this.filterToOrder.put(
"org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter",
order.next());
put(X509AuthenticationFilter.class, order.next());
put(AbstractPreAuthenticatedProcessingFilter.class, order.next());
this.filterToOrder.put("org.springframework.security.cas.web.CasAuthenticationFilter", order.next());
this.filterToOrder.put("org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter",
order.next());
this.filterToOrder.put(
"org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter",
order.next());
put(UsernamePasswordAuthenticationFilter.class, order.next());
order.next(); // gh-8105
this.filterToOrder.put("org.springframework.security.openid.OpenIDAuthenticationFilter", order.next());
put(DefaultLoginPageGeneratingFilter.class, order.next());
put(DefaultLogoutPageGeneratingFilter.class, order.next());
put(ConcurrentSessionFilter.class, order.next());
put(DigestAuthenticationFilter.class, order.next());
this.filterToOrder.put(
"org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter",
order.next());
put(BasicAuthenticationFilter.class, order.next());
put(RequestCacheAwareFilter.class, order.next());
put(SecurityContextHolderAwareRequestFilter.class, order.next());
put(JaasApiIntegrationFilter.class, order.next());
put(RememberMeAuthenticationFilter.class, order.next());
put(AnonymousAuthenticationFilter.class, order.next());
this.filterToOrder.put("org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter",
order.next());
put(SessionManagementFilter.class, order.next());
put(ExceptionTranslationFilter.class, order.next());
put(FilterSecurityInterceptor.class, order.next());
put(AuthorizationFilter.class, order.next());
put(SwitchUserFilter.class, order.next());
}
org/springframework/security/config/annotation/web/builders/HttpSecurity.java:97
public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<DefaultSecurityFilterChain, HttpSecurity>
implements SecurityBuilder<DefaultSecurityFilterChain>, HttpSecurityBuilder<HttpSecurity> {
private final RequestMatcherConfigurer requestMatcherConfigurer;
private List<OrderedFilter> filters = new ArrayList<>();
private RequestMatcher requestMatcher = AnyRequestMatcher.INSTANCE;
private FilterOrderRegistration filterOrders = new FilterOrderRegistration();'Backend Development > Spring boot' 카테고리의 다른 글
| [Spring boot] Spring Security 분석 - FilterSecurityInterceptor (Token 인증 기반) (0) | 2022.03.14 |
|---|---|
| [Spring boot] Spring Security 분석 - Authentication 에러 처리 (0) | 2022.03.14 |
| [Spring boot] Spring Security 분석 - 메소드 Security (0) | 2022.03.11 |
| [Spring boot] refresh token 갱신 시 DB 저장값과 Cookie 값 안맞을 경우 (0) | 2022.03.11 |
| [Spring boot] @ConfigurationProperties 사용하기 (0) | 2022.03.08 |
