获取token:
1.进入filter->ClientTokenEndpointFilter,根据trantType封装相应的AuthenticationToken
调用相应的认证Provider(UsersAuthenticationProvider/ThirdAuthenticationProvider,这些在applicationContext-security.xml中配置,具体调用哪个provider,根据provider实现类的supports方法判断)。provider调用authenticate()方法去从数据库查询用户是否存在,如果是密码登陆则继续检验密码。如果provider通过就是认证成功。
2.进入controller的方法,调用tokenGranter的grant方法,此方法也 根据grantType调用不同的tokenGranter(ResourceOwnerPasswordTokenGranter/ThirdTokenGranter),granter会去create accessToken,并存储。
验证token:
进入filter->ResourceAuthenticationProcessingFilter,token支持2中请求:放入header,或者放在url后面。调用ResourceAuthenticationManager的authenticate()进行token认证。token存在进行过期校验,为过期,重新查询user信息并封装到authentication中,并返回。
PlKo0ClUt3pWaTNm3KL6VGfNUKgcXCxRhmR4hwkbiMMzPYtcUDjNroGX6ppA6/+ONh/XUjSiJ2Go
x1bS79JoAgOQ/R2GnCYyCdHH+AG8tMjibEOjPqz4P/vAi/SRKoLAd3/i5P6RPokAprlKfcvqEYUu
V4EyezMVC4MtjCKCoEE=
MehwvUbM9pNWx4hXJwNuA5f99F64gJLvrKFinajXl7YSg7qyiyOwIhWiCZGOODh41VWMH4PTQBiK
N1yZ0fspes4/xsRTLsOtQTrbPKLd6HKnEy9DWuv5RpOqlgFLaBIo2m4XEwa/JzdiKjJrm2D8RQ4u
vv2yvNJDYRZEHTY3zvA=
PlKo0ClUt3pWaTNm3KL6VGfNUKgcXCxRhmR4hwkbiMMzPYtcUDjNroGX6ppA6/ ONh/XUjSiJ2Go
x1bS79JoAgOQ/R2GnCYyCdHH AG8tMjibEOjPqz4P/vAi/SRKoLAd3/i5P6RPokAprlKfcvqEYUu
V4EyezMVC4MtjCKCoEE=
MehwvUbM9pNWx4hXJwNuA5f99F64gJLvrKFinajXl7YSg7qyiyOwIhWiCZGOODh41VWMH4PTQBiK
N1yZ0fspes4/xsRTLsOtQTrbPKLd6HKnEy9DWuv5RpOqlgFLaBIo2m4XEwa/JzdiKjJrm2D8RQ4u
vv2yvNJDYRZEHTY3zvA=
1.进入filter->ClientTokenEndpointFilter,根据trantType封装相应的AuthenticationToken
调用相应的认证Provider(UsersAuthenticationProvider/ThirdAuthenticationProvider,这些在applicationContext-security.xml中配置,具体调用哪个provider,根据provider实现类的supports方法判断)。provider调用authenticate()方法去从数据库查询用户是否存在,如果是密码登陆则继续检验密码。如果provider通过就是认证成功。
2.进入controller的方法,调用tokenGranter的grant方法,此方法也 根据grantType调用不同的tokenGranter(ResourceOwnerPasswordTokenGranter/ThirdTokenGranter),granter会去create accessToken,并存储。
验证token:
进入filter->ResourceAuthenticationProcessingFilter,token支持2中请求:放入header,或者放在url后面。调用ResourceAuthenticationManager的authenticate()进行token认证。token存在进行过期校验,为过期,重新查询user信息并封装到authentication中,并返回。
PlKo0ClUt3pWaTNm3KL6VGfNUKgcXCxRhmR4hwkbiMMzPYtcUDjNroGX6ppA6/+ONh/XUjSiJ2Go
x1bS79JoAgOQ/R2GnCYyCdHH+AG8tMjibEOjPqz4P/vAi/SRKoLAd3/i5P6RPokAprlKfcvqEYUu
V4EyezMVC4MtjCKCoEE=
MehwvUbM9pNWx4hXJwNuA5f99F64gJLvrKFinajXl7YSg7qyiyOwIhWiCZGOODh41VWMH4PTQBiK
N1yZ0fspes4/xsRTLsOtQTrbPKLd6HKnEy9DWuv5RpOqlgFLaBIo2m4XEwa/JzdiKjJrm2D8RQ4u
vv2yvNJDYRZEHTY3zvA=
PlKo0ClUt3pWaTNm3KL6VGfNUKgcXCxRhmR4hwkbiMMzPYtcUDjNroGX6ppA6/ ONh/XUjSiJ2Go
x1bS79JoAgOQ/R2GnCYyCdHH AG8tMjibEOjPqz4P/vAi/SRKoLAd3/i5P6RPokAprlKfcvqEYUu
V4EyezMVC4MtjCKCoEE=
MehwvUbM9pNWx4hXJwNuA5f99F64gJLvrKFinajXl7YSg7qyiyOwIhWiCZGOODh41VWMH4PTQBiK
N1yZ0fspes4/xsRTLsOtQTrbPKLd6HKnEy9DWuv5RpOqlgFLaBIo2m4XEwa/JzdiKjJrm2D8RQ4u
vv2yvNJDYRZEHTY3zvA=
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
