Spring Security API: DaoAuthenticationProvider

DaoAuthenticationProvider

Declared

package org.springframework.security.authentication.dao;
public class DaoAuthenticationProvider 
extends AbstractUserDetailsAuthenticationProvider 

Jdoc

• 通过UserDetailsService获取用户详细信息的AuthenticationProvider实现

retrieveUser

Declared

protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException

Method Code

protected final UserDetails retrieveUser(String username,
        UsernamePasswordAuthenticationToken authentication)
        throws AuthenticationException {
    prepareTimingAttackProtection();
    try {
        // 通过UserDetailsService检索用户信息
        UserDetails loadedUser = this.getUserDetailsService().loadUserByUsername(username);
        if (loadedUser == null) {
            throw new InternalAuthenticationServiceException(
                    "UserDetailsService returned null, which is an interface contract violation");
        }
        return loadedUser;
    }
    catch (UsernameNotFoundException ex) {
        mitigateAgainstTimingAttack(authentication);
        throw ex;
    }
    catch (InternalAuthenticationServiceException ex) {
        throw ex;
    }
    catch (Exception ex) {
        throw new InternalAuthenticationServiceException(ex.getMessage(), ex);
    }
}

additionalAuthenticationChecks

Declared

protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException

Method Code

protected void additionalAuthenticationChecks(UserDetails userDetails,
        UsernamePasswordAuthenticationToken authentication)
        throws AuthenticationException {
    // 校验：凭证不可为null
    if (authentication.getCredentials() == null) {
        logger.debug("Authentication failed: no credentials provided");

        throw new BadCredentialsException(messages.getMessage(
                "AbstractUserDetailsAuthenticationProvider.badCredentials",
                "Bad credentials"));
    }

    String presentedPassword = authentication.getCredentials().toString();
    // 比较凭证
    if (!passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
        logger.debug("Authentication failed: password does not match stored value");

        throw new BadCredentialsException(messages.getMessage(
                "AbstractUserDetailsAuthenticationProvider.badCredentials",
                "Bad credentials"));
    }
}

createSuccessAuthentication

Declared

@Override
protected Authentication createSuccessAuthentication(Object principal,
        Authentication authentication, UserDetails user)

Method Code

@Override
protected Authentication createSuccessAuthentication(Object principal,
        Authentication authentication, UserDetails user) {
    // 判断凭证是否编码
    boolean upgradeEncoding = this.userDetailsPasswordService != null
            && this.passwordEncoder.upgradeEncoding(user.getPassword());
    // 如果凭证已编码，则将认证请求提供的凭证进行相同的编码
    if (upgradeEncoding) {
        String presentedPassword = authentication.getCredentials().toString();
        String newPassword = this.passwordEncoder.encode(presentedPassword);
        user = this.userDetailsPasswordService.updatePassword(user, newPassword);
    }
    // 调用父类方法
    return super.createSuccessAuthentication(principal, authentication, user);
}