SpringSecurity运行原理
以formLogin()开始登陆页面,会跳转到
UsernamePasswordAuthenticationFilter类,本类的attemptAuthentication方法获取用户名密码进行判断,在本方法的88行,获取返回的authRequest(也叫tocken)点击进入UsernamePasswordAuthenticationToken类中找到其的构造方法UsernamePasswordAuthenticationToken,他把用户名密码存储在本类中,调用父类AbstractAuthenticationToken进行权限操作,因为现在还未查找权限所以为null,并返回UsernamePasswordAuthenticationToken代码如下:
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
if (postOnly && !request.getMethod().equals("POST")) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
//获取用户名密码
String username = obtainUsername(request);
String password = obtainPassword(request);
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
username = username.trim();
//获取authRequest(Tocken)
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
username, password);
// Allow subclasses to set the "de
最低0.47元/天 解锁文章
853
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
