公有接口
public interface AuthenticationManager {
public Authentication authenticate(Authentication authentication)
throws AuthenticationException;
}
The idea of ProviderManager is to enable you to authenticate users against multiple
identity management sources. Rather than relying on itself to perform
authentication, ProviderManager steps one by one through a collection of authentication
providers, until one of them successfully authenticates the user (or until it
runs out of providers).
数据库验证(两个实现)
■ DaoAuthenticationProvider 实现时获得用户名和密码
■ PasswordDaoAuthenticationProvider 委托给DAO来实现安全验证
<bean id="authenticationProvider" class="net.sf.acegisecurity.
providers.dao.DaoAuthenticationProvider">
<property name="authenticationDao">
<ref bean="authenticationDao"/>
</property>
</bean>
2个实现
InMemoryDaoImpl 和 JdbcDaoImpl.
<bean id="authenticationDao"
class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource"/>
</property>
</bean>
When JdbcDaoImpl looks up user information, it will use “SELECT username,
password, enabled FROM users WHERE username = ?” as its query.
通过usersByUserNameQuery.方法来实现
配置信息
<bean id="authenticationDao"
class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource"/>
</property>
<property name="usersByUserNameQuery">
<value>SELECT login, password
FROM student WHERE login=?</value>
</property>
</bean>
<bean id="authenticationDao"
class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource"/>
</property>
<property name="usersByUserNameQuery">
<value>SELECT login, password
FROM student WHERE login=?</value>
</property>
</bean>
In the case of JdbcDaoImpl, the MappingSqlQuery given in the usersByUser-
NameMapping is expected to convert a ResultSet (resulting from running the user
query) into a net.sf.acegisecurity.UserDetails object.
public class UsersByUsernameMapping extends MappingSqlQuery {
protected UsersByUsernameMapping(DataSource dataSource) {
super(dataSource, usersByUsernameQuery);
declareParameter(new SqlParameter(Types.VARCHAR));
compile();
}
protected Object mapRow(ResultSet rs, int rownum)
throws SQLException {
String username = rs.getString(1);
String password = rs.getString(2);
UserDetails user = new User(username, password, true,
new GrantedAuthority[]
{new GrantedAuthorityImpl("HOLDER")});
return user;
}
}