本文详细介绍了如何使用AnonymousProcessingFilter实现匿名用户的认证过程。该方法通过检查请求来决定是否创建一个匿名认证令牌并将其添加到SecurityContextHolder中。此外,还讨论了如何配置匿名用户的身份和权限。
This is the core code from Anonymousprocessingfilter's method "doFilter":
[code] if (applyAnonymousForThisRequest(request)) {
if (SecurityContextHolder.getContext().getAuthentication() == null) {
SecurityContextHolder.getContext().setAuthentication(createAuthentication(request));
addedToken = true;
if (logger.isDebugEnabled()) {
logger.debug("Populated SecurityContextHolder with anonymous token: '"
+ SecurityContextHolder.getContext().getAuthentication() + "'");
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("SecurityContextHolder not populated with anonymous token, as it already contained: '"
+ SecurityContextHolder.getContext().getAuthentication() + "'");
}
}
}[/code]
the applyAnonymousForThisRequest(request) always return true,so if u difined this filter in the fiter chain,the following code will do.it first check weather the SecurityContext is null,if so,it will create an anonymous userdetails(u all konw what it is).see the code
[code]AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(key, userAttribute.getPassword(),
userAttribute.getAuthorities());
auth.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
[/code]
the key is for create the keyhash for something, the username and roles(Authorities) is defined in the userAttribute.
[code] <bean id="anonymousProcessingFilter"
class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="changeThis"/>
<property name="userAttribute"
value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>[/code]
This AnonymousAuthenticationToken will then be used in the FilterSecurityInterceptor to filter the url or function.
also notice that:
[code]try {
chain.doFilter(request, response);
} finally {
if (addedToken && removeAfterRequest
&& createAuthentication(request).equals(SecurityContextHolder.getContext().getAuthentication())) {
SecurityContextHolder.getContext().setAuthentication(null);
}
}[/code]
the AnonymousAuthenticationToken all be cleared at end.
[code] if (applyAnonymousForThisRequest(request)) {
if (SecurityContextHolder.getContext().getAuthentication() == null) {
SecurityContextHolder.getContext().setAuthentication(createAuthentication(request));
addedToken = true;
if (logger.isDebugEnabled()) {
logger.debug("Populated SecurityContextHolder with anonymous token: '"
+ SecurityContextHolder.getContext().getAuthentication() + "'");
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("SecurityContextHolder not populated with anonymous token, as it already contained: '"
+ SecurityContextHolder.getContext().getAuthentication() + "'");
}
}
}[/code]
the applyAnonymousForThisRequest(request) always return true,so if u difined this filter in the fiter chain,the following code will do.it first check weather the SecurityContext is null,if so,it will create an anonymous userdetails(u all konw what it is).see the code
[code]AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(key, userAttribute.getPassword(),
userAttribute.getAuthorities());
auth.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
[/code]
the key is for create the keyhash for something, the username and roles(Authorities) is defined in the userAttribute.
[code] <bean id="anonymousProcessingFilter"
class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="changeThis"/>
<property name="userAttribute"
value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>[/code]
This AnonymousAuthenticationToken will then be used in the FilterSecurityInterceptor to filter the url or function.
also notice that:
[code]try {
chain.doFilter(request, response);
} finally {
if (addedToken && removeAfterRequest
&& createAuthentication(request).equals(SecurityContextHolder.getContext().getAuthentication())) {
SecurityContextHolder.getContext().setAuthentication(null);
}
}[/code]
the AnonymousAuthenticationToken all be cleared at end.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
