文章目录
UsernamePasswordAuthenticationFilter
声明
package org.springframework.security.web.authentication;
public class UsernamePasswordAuthenticationFilter
extends AbstractAuthenticationProcessingFilter
Class JDOC
处理身份认证表单提交。在Spring Security3.0之前调用AuthenticationProcessingFilter。
表单提交必须向此过滤器提供两个参数:用户名和密码。默认参数名为静态常量:SPRING_SECURITY_FORM_USERNAME_KEY和SPRING_SECURITY_FORM_PASSWORD_KEY。
可以通过配置usernameParameter和passwordParameter来改变参数名称。
此过滤器默认情况下响应URL为/login
Method attemptAuthentication
Declared
public Authentication attemptAuthentication(HttpServletRequest request,HttpServletResponse response) throws AuthenticationException
Method Jdoc
见AbstractAuthenticationProcessingFilter.attemptAuthentication
Method Code
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
if (postOnly && !request.getMethod().equals("POST")) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
//从表单数据中取出用户名和密码
String username = obtainUsername(request);
String password = obtainPassword(request);
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
username = username.trim();
//使用用户名和密码,创建UsernamePasswordAuthenticationToken实例
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
username, password);
// Allow subclasses to set the "details" property
// 允许子类设置“详细”属性
setDetails(request, authRequest);
//调用org.springframework.security.authentication.AuthenticationManager#authenticate。
return this.getAuthenticationManager().authenticate(authRequest);
}