**1. 认证
执行AbstractAuthenticationProcessingFilter类中的doFilter方法,
AbstractAuthenticationProcessingFilter是一个抽象类,其子类是UsernamePasswordAuthenticationFilter(当然也可以自己创建一个子类,并更改部分配置,如拦截的路径等)
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)res;
if (!this.requiresAuthentication(request, response)) {
chain.doFilter(request, response);
} else {
if (this.logger.isDebugEnabled()) {
this.logger.debug("Request is to process authentication");
}
Authentication authResult;
try {
authResult = this.attemptAuthentication(request, response);
if (authResult == null) {
return;
}
this.sessionStrategy.onAuthentication(authResult, request, response);
} catch (InternalAuthenticationServiceException var8) {
this.logger.error("An internal error occurred while trying to authenticate the user.", var8);
this.unsuccessfulAuthentication(request, response, var8);
return;
} catch (AuthenticationException var9) {
this.unsuccessfulAuthentication(request, response, var9);
return;
}
if (this.continueChainBeforeSuccessfulAuthentication) {
chain.doFilter(request, response);
}
this.successfulAuthentication(request, response, chain, authResult);
}
}
其中
if (!this.requiresAuthentication(request, response))
的判断交由RequestMatcher接口的matches方法处理。由于是接口,所以需要一个类来实现,AntPathRequestMatcher是其中之一。
而在生成UsernamePasswordAuthenticationFilter类的过程中可以看到
public UsernamePasswordAuthenticationFilter() {
super(new AntPathRequestMatcher("/login", "POST"));
}
是创建了一个RequestMatcher是实现类,并定义了拦截的请求和路径,并将创建的类交给了AbstractAuthenticationProcessingFilter的RequestMatcher属性,这样就做到了在if判断语句中拦截post请求的方法了
(持续学习更新)