本文主要是介绍acegi源码分析,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
AbstractProcessingFilter中doFilter方法源码
public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {// 这里检验是不是符合ServletRequest/SevletResponse的要求if (!(request instanceof HttpServletRequest)) {throw new ServletException("Can only process HttpServletRequest");}if (!(response instanceof HttpServletResponse)) {throw new ServletException("Can only process HttpServletResponse");}HttpServletRequest httpRequest = (HttpServletRequest) request;HttpServletResponse httpResponse = (HttpServletResponse) response;// 根据HttpServletRequest和HttpServletResponse来进行验证if (requiresAuthentication(httpRequest, httpResponse)) {if (logger.isDebugEnabled()) {logger.debug("Request is to process authentication");}// 这里定义Acegi中的Authentication对象来持有相关的用户验证信息Authentication authResult;try {onPreAuthentication(httpRequest, httpResponse);// 这里的具体验证过程委托给子类完成,比如AuthenticationProcessingFilter来完成基于Web页面的用户验证authResult = attemptAuthentication(httpRequest);} catch (AuthenticationException failed) {// Authentication failedunsuccessfulAuthentication(httpRequest, httpResponse, failed);return;}// Authentication successif (isContinueChainBeforeSuccessfulAuthentication()) {chain.doFilter(request, response);}// 完成验证后的后续工作,比如跳转到相应的页面successfulAuthentication(httpRequest, httpResponse, authResult);return;}chain.doFilter(request, response);}
AuthenticationProcessingFilter中attemptAuthentication方法源码
public Authentication attemptAuthentication(HttpServletRequest request)throws AuthenticationException {// 这里从HttpServletRequest中得到用户验证的用户名和密码String username = obtainUsername(request);String password = obtainPassword(request);if (username == null) {username = "";}if (password == null) {password = "";}// 这里根据得到的用户名和密码去构造一个Authentication对象提供给AuthenticationManager进行验证,里面包含了用户的用户名和密码信息UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);// Place the last username attempted into HttpSession for viewsrequest.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY,username);// Allow subclasses to set the "details" propertysetDetails(request, authRequest);// 这里启动AuthenticationManager进行验证过程return this.getAuthenticationManager().authenticate(authRequest);}
这篇关于acegi源码分析的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!