在SpringSecurity, 默认实现AuthenticationManager是ProviderManager,这个主要作用是给Authentication找到支持的Provider,并authenticate
1、只在配置文件中定义用户名和密码
2、自定义userDetailsService
3、Config文件覆盖authenticationManager()方法
@Bean
MyAuthenticationProvider myAuthenticationProvider() {
MyAuthenticationProvider myAuthenticationProvider = new MyAuthenticationProvider();
myAuthenticationProvider.setPasswordEncoder(passwordEncoder());
myAuthenticationProvider.setUserDetailsService(userDetailsService());
return myAuthenticationProvider;
}
@Override
@Bean
protected AuthenticationManager authenticationManager() throws Exception {
ProviderManager manager = new ProviderManager(Arrays.asList(myAuthenticationProvider()));
return manager;
}
//可以在一个ProviderManager中,插入多个Provider
@Bean
@Override
protected UserDetailsService userDetailsService() {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("admin").password("123456").roles("admin").build());
return manager;
}
总结
所在在ProviderManager的authenticate方法中
for (AuthenticationProvider provider : getProviders())
supports不符合只循环一次就跳出
parent.authenticate(authentication);
这句话就是切换ProviderManager实例