认证流程源码杂记
认证流程源码
认证处理流程说明
认证结果如何在多个请求之间共享
获取认证用户信息
首选是UsernamePasswordAuthenticationFilter获取到请求中携带的用户名和密码,然后构建一个UsernamePasswordAuthenticationToken 对象public class UsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {if (this.postOnly && !request.getMethod().equals("POST")) {throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());} else {String username = this.obtainUsername(request);String password = this.obtainPassword(request);if (username == null) {username = "";}if (password == null) {password = "";}username = username.trim();UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);this.setDetails(request, authRequest);return this.getAuthenticationManager().authenticate(authRequest);}}}public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationTokenpublic interface AuthenticationManager {Authentication authenticate(Authentication var1) throws AuthenticationException;}public class ProviderManager implements AuthenticationManager, MessageSourceAware, InitializingBean
DaoAuthenticationProvider
AbstractAuthenticationProcessingFilter
SecurityContextImpl
拿到用户登录信息
@RequestMapping("user")//每个方法的路径前面都有一个user 可以抽取出来放到类上 ,spring 会将类上的路径+方法上的路径 作为访问路径@RestControllerpublic class UserController implements Serializable {@GetMapping("/me")public Object getCurrentUser(){Authentication authentication = SecurityContextHolder.getContext().getAuthentication();return authentication;}@GetMapping("/me1")public Object getCurrentUser1(Authentication authentication ){//spring 会自动找到Authentication类型的数据注入return authentication;}@GetMapping("/me2")public Object getCurrentUser2(@AuthenticationPrincipal UserDetails user){return user;}
小灰灰
矫情吗;*
你的名字
红太狼
今天药忘吃喽~
还没有评论,来说两句吧...