本文介绍Spring Security中的UsernamePasswordAuthenticationToken如何进行用户认证的过程。通过UserDetailsService加载用户信息,并验证密码是否正确,最后返回包含权限信息的Authentication。
UsernamePasswordAuthenticationToken继承AbstractAuthenticationToken实现Authentication
所以当在页面中输入用户名和密码之后首先会进入到UsernamePasswordAuthenticationToken验证(Authentication),
然后生成的Authentication会被交由AuthenticationManager来进行管理
而AuthenticationManager管理一系列的AuthenticationProvider,
而每一个Provider都会通UserDetailsService和UserDetail来返回一个
以UsernamePasswordAuthenticationToken实现的带用户名和密码以及权限的Authentication
public class SecurityProvider implements AuthenticationProvider {
@Autowired
private MyUserDetailService userDetailsService;
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
//
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
UserDetails userDetails = userDetailsService.loadUserByUsername(token.getName());
if (userDetails == null) {
throw new UsernameNotFoundException("找不到该用户");
}
if(!userDetails.getPassword().equals(token.getCredentials().toString()))
{
throw new BadCredentialsException("密码错误");
}
return new UsernamePasswordAuthenticationToken(userDetails,userDetails.getPassword(),userDetails.getAuthorities());
}
@Override
public boolean supports(Class<?> authentication) {
// TODO Auto-generated method stub
return UsernamePasswordAuthenticationToken.class.equals(authentication);
}
}
https://github.com/Somersames/MySecurity
http://www.jdon.com/dl/best/securing-rest-services-with-spring.html.html
http://stackoverflow.com/questions/8764545/how-to-get-active-users-userdetails/8769670#8769670
扫一扫
420
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
