Spring-Security主要是一个由一堆Filter组成的过滤器链,每个Filter做自己的事情。今天我跟一下登录的密码认证过程,主要是UsernamePasswordAuthenticationFilter这个类
1.web.xml中配置security
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2. spring-security.xml 这里定义了一个ValidateCodeAuthenticationFilter,这个filter继承自 UsernamePasswordAuthenticationFilter,在做认证的时候调用UsernamePasswordAuthenticationFilter中的attemptAuthentication方法,
<beans:bean id="validateCodeAuthenticationFilter" class="com.*.interceptors.ValidateCodeAuthenticationFilter">
<beans:property name="authe