springboot springsecurity can be used as a security framework, we can use springsecurity implement secure login.
springsecurity is using a series of filters to achieve security.
Implement user login using:
UsernamePasswordAuthenticationFilter filter implemented.
His place in the filter chain as follows:
Implement the logic of this code is:
1. interception address / login the URL.
2. If the logic processing after the address in the address bar of the login, otherwise skip.
3. Verify user
This method is implemented by attemptAuthentication UsernamePasswordAuthenticationFilter, obtain a user name and password in context.
We can see from the above code, the code obtaining user interface information acquired by AuthenticationManager.
When Success:
Execute the code above are:
1. Set Context
2. Remember the password login process success message.
3. Call successful custom processor.
When a failure:
Failed processing interface
public interface AuthenticationFailureHandler { void onAuthenticationFailure(HttpServletRequest var1, HttpServletResponse var2, AuthenticationException var3) throws IOException, ServletException; }