AnonymousAuthenticationFilter:如果当前安全上下文的Authentication为空,则创建一个匿名的Authentication用户
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException
//判断SecurityContext中的Authentication是否为空
if (SecurityContextHolder.getContext().getAuthentication() == null) {
//设置匿名认证用户AnonymousAuthenticationToken
SecurityContextHolder.getContext().setAuthentication(
createAuthentication((HttpServletRequest) req));
if (logger.isDebugEnabled()) {
logger.debug("Populated SecurityContextHolder with anonymous token: '"
+ SecurityContextHolder.getContext().getAuthentication() + "'");
}
}
else {
if (logger.isDebugEnabled()) {
logger.debug("SecurityContextHolder not populated with anonymous token, as it already contained: '"
+ SecurityContextHolder.getContext().getAuthentication() + "'");
}
}
chain.doFilter(req, res);
}