登录过滤器 AuthenticatingFilter
protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
// 从request参数中创建token,
AuthenticationToken token = createToken(request, response);
if (token == null) {
String msg = "createToken method implementation returned null. A valid non-null AuthenticationToken " +
"must be created in order to execute a login attempt.";
throw new IllegalStateException(msg);
}
try {
// SecurityUtils.getSubject();中创建
// 其源码是 当前线程容器中
//Subject subject = ThreadContext.getSubject();
// if (subject == null) {
// subject = (new Subject.Builder()).buildSubject();
// ThreadContext.bind(subject);
//}
// return subject;
Subject subject = getSubject(request, response);
// 实际调用SecurityManager.login(subject, token);
subject.login(token);
return onLoginSuccess(token, subject, request, response);
} catch (AuthenticationException e) {
return onLoginFailure(token, e, request, response);
}
}
subject 登录过程代码,实际调用securityManager.login
public void login(AuthenticationToken token) throws AuthenticationException {
// 清理 runAs
clearRunAsIdentitiesInternal();
// securityManager 代理登录
Subject subject = securityManager.