acegi源码分析

最新推荐文章于 2023-03-21 22:08:36 发布

李雨泽

最新推荐文章于 2023-03-21 22:08:36 发布

阅读量136

点赞数

CC 4.0 BY-SA版权

分类专栏： java

本文链接：https://blog.youkuaiyun.com/u010090557/article/details/84527266

java 专栏收录该内容

58 篇文章

订阅专栏

AbstractProcessingFilter中doFilter方法源码

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		// 这里检验是不是符合ServletRequest/SevletResponse的要求
		if (!(request instanceof HttpServletRequest)) {
			throw new ServletException("Can only process HttpServletRequest");
		}

		if (!(response instanceof HttpServletResponse)) {
			throw new ServletException("Can only process HttpServletResponse");
		}
		
		HttpServletRequest httpRequest = (HttpServletRequest) request;
		HttpServletResponse httpResponse = (HttpServletResponse) response;
		// 根据HttpServletRequest和HttpServletResponse来进行验证
		if (requiresAuthentication(httpRequest, httpResponse)) {
			if (logger.isDebugEnabled()) {
				logger.debug("Request is to process authentication");
			}
			// 这里定义Acegi中的Authentication对象来持有相关的用户验证信息
			Authentication authResult;
			
			try {
				onPreAuthentication(httpRequest, httpResponse);
				// 这里的具体验证过程委托给子类完成，比如AuthenticationProcessingFilter来完成基于Web页面的用户验证
				authResult = attemptAuthentication(httpRequest);
			} catch (AuthenticationException failed) {
				// Authentication failed
				unsuccessfulAuthentication(httpRequest, httpResponse, failed);
				
				return;
			}

			// Authentication success
			if (isContinueChainBeforeSuccessfulAuthentication()) {
				chain.doFilter(request, response);
			}
			// 完成验证后的后续工作，比如跳转到相应的页面
			successfulAuthentication(httpRequest, httpResponse, authResult);
			
			return;
		}

		chain.doFilter(request, response);
	}

AuthenticationProcessingFilter中attemptAuthentication方法源码

	public Authentication attemptAuthentication(HttpServletRequest request)
			throws AuthenticationException {
		// 这里从HttpServletRequest中得到用户验证的用户名和密码
		String username = obtainUsername(request);
		String password = obtainPassword(request);

		if (username == null) {
			username = "";
		}

		if (password == null) {
			password = "";
		}
		// 这里根据得到的用户名和密码去构造一个Authentication对象提供给AuthenticationManager进行验证，里面包含了用户的用户名和密码信息
		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
				username, password);

		// Place the last username attempted into HttpSession for views
		request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY,
				username);

		// Allow subclasses to set the "details" property
		setDetails(request, authRequest);
		// 这里启动AuthenticationManager进行验证过程
		return this.getAuthenticationManager().authenticate(authRequest);
	}