DefaultLoginPageGeneratingFilter 生成默认的登录页

只有当 登录请求、登录错误、退出登录成功时，才返回登录页面

DefaultLogoutPageGeneratingFilter 退出登录页

只有 logout时返回

spring security 开箱即用，主要是做一些配置，下面是基本的配置，指定登录需要的配置

用户信息：

1. 用户

2. 密码

3. 权限

public interface Authentication extends Principal, Serializable {Collection<? extends GrantedAuthority> getAuthorities();Object getCredentials();Object getDetails();Object getPrincipal();boolean isAuthenticated();void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException;
}

SecurityContextPersistenceFilter 持久化登录信息

Servlet3SecurityContextHolderAwareRequestWrapper

SecurityContextHolderAwareRequestFilter

认证管理器，管理认证流程

AuthenticationManager接口，对应实现类ProviderManager

针对不同的身份类型 执行   具体的身份认证：

AuthenticationProvider

用户名,密码的方式登录：

AbstractUserDetailsAuthenticationProvider，子类 DaoAuthenticationProvider

系统认证方式 可以存在多个。

多个providerManager 共享同一个 providerManager

AbstractAuthenticationProcessingFilter

过滤器链：

ObjectPostProcessor

SecurityFilterChain，只有一个实现类DefaultSecurityFilterChain

SecurityBuilder  

AbstractSecurityBuilder 

AbstractConfiguredSecurityBuilder 

ProviderManagerBuilder AuthenticationManagerBuilder 

HttpSecurity

HttpSecurityBuilder

WebSecurity

FilterChainProxy

SecurityConfigurer

SecurityConfigurerAdapter

UserDetailsAwareConfigurer

AbstractHttpConfigurer

GlobalAuthenticationConfigurerAdapter

WebSecurityConfigurer

WebSecurityConfigurerAdapter

@Configuration(proxyBeanMethods = false)
@ConditionalOnClass(DefaultAuthenticationEventPublisher.class)
@EnableConfigurationProperties(SecurityProperties.class)
@Import({ SpringBootWebSecurityConfiguration.class, WebSecurityEnablerConfiguration.class,SecurityDataConfiguration.class })
public class SecurityAutoConfiguration {@Bean@ConditionalOnMissingBean(AuthenticationEventPublisher.class)public DefaultAuthenticationEventPublisher authenticationEventPublisher(ApplicationEventPublisher publisher) {return new DefaultAuthenticationEventPublisher(publisher);}}

WebSecurityConfiguration

AuthenticationConfiguration