@startdot spring-security-servlet-flow
digraph servlet {
    rankdir=TB
    edge [color="#A60738"]
    node [color="#A60738"]

    client [shape=box, label="客户端"]
    servlet [shape=box, label="Servlet"]
    tokenStorage [shape=box, label="令牌缓存"]

    { rank=same; tokenStorage; RememberMeServices }

    client -> FilterChain [label="原始请求"]
    FilterChain -> SecurityFilterChain [label="经过中转的请求"]
    SecurityFilterChain -> UsernamePasswordAuthenticationProviderFilter [label="携带有用户名和密码的请求"]
    UsernamePasswordAuthenticationProviderFilter -> AuthenticationManager [label="UsernamePasswordAuthenticationToken"]
    AuthenticationManager -> SecurityContext [label="认证后的Authentication"]
    SecurityFilterChain -> BearerTokenAuthenticationFilter [label="携带有Authorization头的请求"]
    BearerTokenAuthenticationFilter -> AuthenticationManager [label="BearerTokenAuthenticationToken"]
    AuthenticationManager -> DaoAuthenticationProvider [label="UsernamePasswordAuthenticationToken"]
    DaoAuthenticationProvider -> UserDetailsService [label="UserDetails"]
    UserDetailsService -> DaoAuthenticationProvider [label="认证后的UserDetails"]
    DaoAuthenticationProvider -> PasswordEncoder [label="用户认证密码"]
    PasswordEncoder -> DaoAuthenticationProvider [label="经过加密的密码"]
    DaoAuthenticationProvider -> SecurityContext [label="认证后的Authentication"]
    SecurityFilterChain -> RememberMeAuthenticationFilter [label="携带RememberMe认证的请求"]
    RememberMeAuthenticationFilter -> RememberMeServices [label="RememberMeAuthenticationToken"]
    RememberMeServices -> tokenStorage [label="认证令牌信息"]
    RememberMeServices -> SecurityContext [label="认证后的Authentication"]
    SecurityFilterChain -> AnonymousAuthenticationFilter [label="不携带任何认证信息请求"]
    AnonymousAuthenticationFilter -> SecurityContext [label="匿名Authentication"]
    SecurityContext -> servlet [label="已经加入认证信息的请求"]
}
@enddot