AnonymousAuthenticationFilter
介绍
该过滤器功能比较简单,请求经过过滤器时,判断一下SecurityContext上下文中身份认证信息是否为null,如果为null,则创建一个匿名的身份认证信息并放到SecurityContext上下文环境中。
代码分析
请求经过AnonymousAuthenticationFilter时,当SecurityContext上下文中身份认证信息是否为null时,则创建匿名的身份认证信息,由3个主要字段组从1. key是一个UUID 2.principal=“anonymousUser” 3.authorities包含一个ROLE_ANONYMOUS,代码如下:
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
if (SecurityContextHolder.getContext().getAuthentication() == null) {
//上下文中身份认证信息为空,创建匿名的身份认证信息并设置到上下文认证环境中
SecurityContextHolder.getContext().setAuthentication(
createAuthentication((HttpServletRequest) req));
...
}
...
chain.doFilter(req, res);
}
protected Authentication createAuthentication(HttpServletRequest request) {
//1. key是一个UUID 2.principal="anonymousUser" 3.authorities包含一个ROLE_ANONYMOUS
AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(key,
principal, authorities);
//WebAuthenticationDetailsSource是WebAuthenticationDetailsSource实例,buildDetails()也十分简单,获取了request的remoteAddress以及sessionId
auth.setDetails(authenticationDetailsSource.buildDetails(request));
return auth;
}