// 该接口有两个方法,该接口的实现类主要做认证的。
public interface AuthenticationProvider {
Authentication authenticate(Authentication var1) throws AuthenticationException;
// supports是用来检测该类型的认证信息是否可以被自己处理。可以被处理则调用自身的authenticate方法。
boolean supports(Class<?> var1);
}
(4)ProviderManager的authenticate()方法源码关键部分如下:
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
Class toTest = authentication.getClass();
Object lastException = null;
Authentication result = null;
boolean debug = logger.isDebugEnabled();
// 拿到全部的provider
Iterator e = this.getProviders().iterator();
// 遍历provider
while(e.hasNext()) {
AuthenticationProvider provider = (AuthenticationProvider)e.next();
// 挨着个的校验是否支持当前token
if(provider.supports(toTest)) {
if(debug) {
logger.debug("Authentication attempt using " + provider.getClass().getName());
}
try {
// 找到后直接break,并由当前provider来进行校验工作
result = provider.authenticate(authentication);
if(result != null) {
this.copyDetails(authentication, result);
break;
}
} catch (AccountStatusException var11) {
this.prepareException(var11, authentication);
throw var11;
} catch (InternalAuthenticationServiceException var12) {
this.prepareException(var12, authentication);
throw var12;
} catch (AuthenticationException var13) {
lastException = var13;
}
}
}
// 若没有一个支持,则尝试交给父类来执行
if(result == null && this.parent != null) {
try {
result = this.parent.authenticate(authentication);
} catch (ProviderNotFoundException var9) {
;
} catch (AuthenticationEx