一.概述
当用户认证时,认证成功后,需要对用户进行额外的检查,比如官方提供的用户名密码认证Provider,是DaoAuthenticationProvider,此类继承了AbstractUserDetailsAuthenticationProvider,
此类中就有设置postCheck和preCheck,默认检查用户是否有效,是否过期等
public abstract class AbstractUserDetailsAuthenticationProvider
implements AuthenticationProvider, InitializingBean, MessageSourceAware {
protected final Log logger = LogFactory.getLog(getClass());
private UserDetailsChecker preAuthenticationChecks = new DefaultPreAuthenticationChecks();
private UserDetailsChecker postAuthenticationChecks = new DefaultPostAuthenticationChecks();
private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
() -> this.messages.getMessage(