DelegatingFilterProxy分析

  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  1.springSecurityFilterChain这个名字是固定的,从容器中获得这个对象就是根据这个id
  DelegatingFilterProxy extends GenericFilterBean
  org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.registerFilterChainProxyIfNecessary()把springSecurityFilterChain注册上了
  工程初始化时执行 GenericFilterBean.init(FilterConfig filterConfig) 
  里面调用this.initFilterBean()
  执行this.delegate = this.initDelegate(wac)时要用到springSecurityFilterChain
  访问时进入DelegatingFilterProxy的  
  doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain){
      Filter delegateToUse = this.delegate;
      this.invokeDelegate(delegateToUse, request, response, filterChain);
  }
  invokeDelegate(Filter delegate, ServletRequest request, ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        delegate.doFilter(request, response, filterChain);
    }
    FilterChainProxy.doFilter(ServletRequest request, ServletResponse response, FilterChain chain)<!--delegateToUse实际就是指向FilterChainProxy-->
   {
      this.doFilterInternal(request, response, chain);
   }
  doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain){
       List<Filter> filters = this.getFilters((HttpServletRequest)fwRequest);
       <!--逐个执行springsecurity中内置的过滤器,这些过滤器就是security的核心-->
  }