Answer:
Security concern pertains to lots of layers of an application and therefore is considered to be a cross-cutting.
Depending on what is secured, Spring Security framework internals differ:
- Method invocation is declarative and is implemented using AOP proxies (proxy object wraps secured one and applies implemented advices at particular join-points).
- Web-layer security is implemented using a hierarchy of ð ðĒðĨðððŦ instances.
Web-layer filter security hierarchy is the following:
A single instance of ðððĨðð ðððĒð§ð ð ðĒðĨðððŦððŦðĻðąðē is installed into the servlet container's filter chain.
This filter is ð§ðĻð a Spring bean, its lifecycle is managed by the servlet container.
Usually, this filter is created by the Spring Security framework itself.
ðððĨðð ðððĒð§ð ð ðĒðĨðððŦððŦðĻðąðē delegates filtering functionality to a single instance of ð ðĒðĨðððŦððĄððĒð§ððŦðĻðąðē which ðĒðŽ a Spring bean,
thus lifecycle of it is managed by ððĐðĐðĨðĒððððĒðĻð§ððĻð§ðððąð.
ð ðĒðĨðððŦððĄððĒð§ððŦðĻðąðē holds a list of ððððŪðŦðĒððēð ðĒðĨðððŦððĄððĒð§ which contain all security logic.
Only ðĻð§ð security filter chain can process a single web request.
#spring #certificationquestion #vcp
The Security Filter Chain ð https://lnkd.in/epdCeihttps://docs.spring.io/spring-security/site/docs/3.1.4.RELEASE/reference/security-filter-chain.html