1. FormLoginConfigurer说明

SpringSecurity采用了一系列的Configurer配置来统一配置过滤器链及其中的 Bean对象配置等,通过全局共享Bean对象实现不同地方注入同一个对象
FormLoginConfigurer 主要用于配置UsernamePasswordAuthenticationFilter这个过滤器,也就是默认的表单登录的过滤器

2. FormLoginConfigurer解析

先说结论,
FormLoginConfigurer 有一个泛型<H extendsHttpSecurityBuilder>,但是它父类AbstractAuthenticationFilterConfigurer有三个泛型,

FormLoginConfigurer 对父类的填充
填充第一泛型为自己定义的泛型H(实际上是HttpSecurity),
填充第二个泛型为自身FormLoginConfigurer,表明Configurer配置返回的是自己
填充第三个泛型为UsernamePasswordAuthenticationFilter,表明生成的过滤器为UsernamePasswordAuthenticationFilter

FormLoginConfigurer 类

1
2
3
public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
		AbstractAuthenticationFilterConfigurer<H, FormLoginConfigurer<H>, UsernamePasswordAuthenticationFilter> {
}

3. FormLoginConfigurer 继承关系

继承关系

根据以上的图片,我们从顶至下分析

3.1. SecurityConfigurer

1
2
3
public interface SecurityConfigurer<O, B extends SecurityBuilder<O>> {

}

泛型O代表配置完成的Object对象,在泛型B(SecurityBuilder)中配置完成
泛型B代表Builder,实际上应用中是HttpSecurity

3.2. SecurityConfigurerAdapter 类

1
2
3
4
public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
		implements SecurityConfigurer<O, B> {

}

和父类SecurityConfigurer一致
泛型O代表配置完成的对象
泛型B代表Builder,

3.3. AbstractHttpConfigurer

1
2
3
4
5
6
7
8
9
10
11
12
public abstract class AbstractHttpConfigurer<T extends AbstractHttpConfigurer<T, B>, B extends HttpSecurityBuilder<B>>
		extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, B> {
	public B disable() {
		getBuilder().removeConfigurer(getClass());
		return getBuilder();
	}
    //返回配置对象自己
	public T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
		addObjectPostProcessor(objectPostProcessor);
		return (T) this;
	}
}

泛型T代表AbstractHttpConfigurer的实例自己
B代表Builder
父类的O已经定义成DefaultSecurityFilterChain,表示配置返回了DefaultSecurityFilterChain过滤器链,也就是security的主要过滤器链存储地

3.4. AbstractAuthenticationFilterConfigurer

1
2
3
4
5
6
7
public abstract class AbstractAuthenticationFilterConfigurer<
    B extends HttpSecurityBuilder<B>, 
    T extends AbstractAuthenticationFilterConfigurer<B, T, F>,
    F extends AbstractAuthenticationProcessingFilter
> extends AbstractHttpConfigurer<T, B> {
        
}

泛型B代表Builder,
泛型T代表配置对象自己
泛型F代表认证过滤器,这里AbstractAuthenticationProcessingFilter已经具体到认证的过滤器了

3.5. FormLoginConfigurer

public final class FormLoginConfigurer<H extends HttpSecurityBuilder>
extends AbstractAuthenticationFilterConfigurer<H, FormLoginConfigurer, UsernamePasswordAuthenticationFilter> {
}

泛型H代表Builder,和父类B的泛型是一致的
其余已经都具体化了,父类的T具体了是自己,父类的F过滤器具体了是UsernamePasswordAuthenticationFilter这个过滤器