The flow of request throgh the various Spring Security filters is depited in the Figure 15-5 below.
Figure 15-5. Flow of request through Spring Security filters
It is very important to note that the filters in the Spring Security should be configured according to a set order as specified by the framework. However, if you would like to customer any of the filters or introduce a custom filter, Spring Security does allow this by ding appropriate configuration in the configuration file. If you are using any filter based frameworks like SiteMesh for decorating pages or Apache Wicket for handling requests, you need to make sure that Spring Security related filter comes first in the execution. Figure 15-6 below shows the Spring Security filters arranged in order of execution.
Figure 15-6. Spring Security Filter Chain order
In Figure 15-6 above the third filter in the Spring Security execution namely “SecurityContextPersistenceFilter” is very important and works as shown in Figure 15-7 below.
Figure 15-7. Working of Third Filter in Spring Security Filter Chain
SiteMesh is a Java web application framework by OpenSymphony which can be mainly used for web page layout and decoration.
Apache Wicket is a typical component based Java web application MVC-based framework very much similar to JSF and ApacheTapestry.
Page Visitors: 8934