Spring Security API: UsernamePasswordAuthenticationFilter

最新推荐文章于 2024-05-24 14:50:10 发布

dengdeying

最新推荐文章于 2024-05-24 14:50:10 发布

阅读量174

点赞数

分类专栏： Spring Security

Spring Security 专栏收录该内容

17 篇文章 2 订阅

订阅专栏

文章目录

UsernamePasswordAuthenticationFilter

UsernamePasswordAuthenticationFilter

声明

package org.springframework.security.web.authentication;
public class UsernamePasswordAuthenticationFilter
    extends AbstractAuthenticationProcessingFilter

Class JDOC

处理身份认证表单提交。在Spring Security3.0之前调用AuthenticationProcessingFilter。
表单提交必须向此过滤器提供两个参数：用户名和密码。默认参数名为静态常量：SPRING_SECURITY_FORM_USERNAME_KEY和SPRING_SECURITY_FORM_PASSWORD_KEY。
可以通过配置usernameParameter和passwordParameter来改变参数名称。
此过滤器默认情况下响应URL为/login

Method attemptAuthentication

Declared

public Authentication attemptAuthentication(HttpServletRequest request,HttpServletResponse response) throws AuthenticationException

Method Jdoc

见AbstractAuthenticationProcessingFilter.attemptAuthentication

Method Code

	public Authentication attemptAuthentication(HttpServletRequest request,
			HttpServletResponse response) throws AuthenticationException {
		if (postOnly && !request.getMethod().equals("POST")) {
			throw new AuthenticationServiceException(
					"Authentication method not supported: " + request.getMethod());
		}
		
		//从表单数据中取出用户名和密码
		String username = obtainUsername(request);
		String password = obtainPassword(request);

		if (username == null) {
			username = "";
		}

		if (password == null) {
			password = "";
		}

		username = username.trim();
		
		//使用用户名和密码，创建UsernamePasswordAuthenticationToken实例
		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
				username, password);

		// Allow subclasses to set the "details" property
       // 允许子类设置“详细”属性
		setDetails(request, authRequest);

		//调用org.springframework.security.authentication.AuthenticationManager#authenticate。
		return this.getAuthenticationManager().authenticate(authRequest);
	}