SpringSecurity运行原理
以formLogin
()开始登陆页面,会跳转到
UsernamePasswordAuthenticationFilter
类,本类的attemptAuthentication
方法获取用户名密码进行判断,在本方法的88行,获取返回的authRequest
(也叫tocken
)点击进入UsernamePasswordAuthenticationToken
类中找到其的构造方法UsernamePasswordAuthenticationToken,
他把用户名密码存储在本类中,调用父类AbstractAuthenticationToken
进行权限操作,因为现在还未查找权限所以为null,并返回UsernamePasswordAuthenticationToken
代码如下:
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
if (postOnly && !request.getMethod().equals("POST")) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
//获取用户名密码
String username = obtainUsername(request);
String password = obtainPassword(request);
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
username = username.trim();
//获取authRequest(Tocken)
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
username, password);
// Allow subclasses to set the "de