如果能有一份为 Web Servlet 堆栈和 Web Reactive 堆栈定义的 Spring Security 过滤器链的报告,那就太好了。
生成的 JSON 示例(仅包括 Servlet 堆栈)
得到/actuator/filterchains
:
{
"filterChains": {
"servlets": [
{
"requestMatcher": "Ant [pattern='/web1/**']",
"filterDetails": [
{
"className": "org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter"
},
{
"className": "org.springframework.security.web.context.SecurityContextPersistenceFilter"
},
{
"className": "org.springframework.security.web.header.HeaderWriterFilter"
},
{
"className": "org.springframework.security.web.authentication.logout.LogoutFilter"
},
{
"className": "org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"
},
{
"className": "org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter"
},
{
"className": "org.springframework.security.web.savedrequest.RequestCacheAwareFilter"
},
{
"className": "org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"
},
{
"className": "org.springframework.security.web.authentication.AnonymousAuthenticationFilter"
},
{
"className": "org.springframework.security.web.session.SessionManagementFilter"
},
{
"className": "org.springframework.security.web.access.ExceptionTranslationFilter"
}
]
},
{
"requestMatcher": "OrRequestMatcher [requestMatchers=[Ant [pattern='/web2/**'], Ant [pattern='/web3/**']]]",
"filterDetails": [
{
"className": "org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter"
},
{
"className": "org.springframework.security.web.context.SecurityContextPersistenceFilter"
},
{
"className": "org.springframework.security.web.header.HeaderWriterFilter"
},
{
"className": "org.springframework.security.web.authentication.logout.LogoutFilter"
},
{
"className": "org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"
},
{
"className": "org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter"
},
{
"className": "org.springframework.security.web.savedrequest.RequestCacheAwareFilter"
},
{
"className": "org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"
},
{
"className": "org.springframework.security.web.authentication.AnonymousAuthenticationFilter"
},
{
"className": "org.springframework.security.web.session.SessionManagementFilter"
},
{
"className": "org.springframework.security.web.access.ExceptionTranslationFilter"
}
]
}
],
"reactive": []
}
}