<http auto-config="true" authentication-manager-ref="authenticationManager">
... ...
<logout logout-url="/dynamic/j_spring_security_logout"
logout-success-url="/login.html" invalidate-session="true" />
<custom-filter before="REMEMBER_ME_FILTER" ref="tokenLoginFilter" />
</http>
下面是我的两个authentication-manager配置
<authentication-manager id="authenticationManager">
<authentication-provider user-service-ref="userDetailsServiceImpl">
<!-- 用于密码的认证 -->
<password-encoder ref="userPasswordEncoder" />
</authentication-provider>
</authentication-manager>
<authentication-manager id="equalAuthenticationManager">
<authentication-provider user-service-ref="userDetailsServiceImpl">
<!--用于不需要密码的认证 -->
<password-encoder ref="equalPasswordEncoder" />
</authentication-provider>
</authentication-manager>
好了,另一个equalAuthenticationManager在哪里被使用呢,就是tokenLoginFilter了。
下面是tokenLoginFilter的代码
package org.foggy.application.basic.impl.security;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.foggy.application.basic.impl.BasicRuntimeImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;
@Component
public class TokenLoginFilter extends GenericFilterBean implements
ApplicationEventPublisherAware {
@Autowired
BasicRuntimeImpl runtime;
@Autowired
@Qualifier("equalAuthenticationManager")
AuthenticationManager authenticationManager;
@Autowired
UserDetailsService userDetailsService;
AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
private ApplicationEventPublisher eventPublisher;
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (SecurityContextHolder.getContext().getAuthentication() != null) {
chain.doFilter(request, response);
return;
}
String tokenId = request.getParameter("tokenId");
if (tokenId == null) {
/**
* 没有tokenId,交由下一个Filter处理
*/
chain.doFilter(request, response);
return;
}
Authentication auth = null;
try {
UserDetails ud = userDetailsService.loadUserByUsername(tokenId);
if (ud == null) {
throw new UsernameNotFoundException("tokenId : [" + tokenId
+ "] not found");
}
UsernamePasswordAuthenticationToken upToken = new UsernamePasswordAuthenticationToken(
ud, ud.getPassword(), ud.getAuthorities());
upToken.setDetails(authenticationDetailsSource
.buildDetails(request));
/**
* 调用 authenticationManager的认证方法
*/
auth = authenticationManager.authenticate(upToken);
/**
* 成功,设置当前上下文的认证信息
*/
SecurityContextHolder.getContext().setAuthentication(auth);
onSuccessfulAuthentication((HttpServletRequest) request,
(HttpServletResponse) response, auth);
/**
* 发出InteractiveAuthenticationSuccessEvent事件
*/
if (eventPublisher != null) {
eventPublisher
.publishEvent(new InteractiveAuthenticationSuccessEvent(
SecurityContextHolder.getContext()
.getAuthentication(), this.getClass()));
}
} catch (AuthenticationException authenticationException) {
if (logger.isDebugEnabled()) {
logger.debug(
"SecurityContextHolder not populated with remember-me token, as "
+ "AuthenticationManager rejected Authentication returned by RememberMeServices: '"
+ auth + "'; invalidating remember-me token",
authenticationException);
}
onUnsuccessfulAuthentication((HttpServletRequest) request,
(HttpServletResponse) response, authenticationException);
}
chain.doFilter(request, response);
}
protected void onSuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, Authentication authResult) {
}
protected void onUnsuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, AuthenticationException failed) {
}
@Override
public void setApplicationEventPublisher(
ApplicationEventPublisher eventPublisher) {
this.eventPublisher = eventPublisher;
}
}