SpringSecurity: in simple terms (1)

Others 2019-08-15 16:20:35 views: null

SpringSecurity: in simple terms (1)

SecurityContextHolder

  SecurityContextHolderStoring information for the security context (security context) of . The current operation is who the user is, whether the user has been authenticated, which he has the role of authority ... these are stored in the SecurityContextHolder.

  SecurityContextHolderDefault ThreadLocal policy to store authentication information . See ThreadLocal also means that it is a strategy with the thread binding. Spring Security authentication information is automatically bound to the current thread when a user logs in when the user exits, automatically clears the authentication information for the current thread.

Get the current user information

  Because identity is bound with thread, so you can get the user information using the static method anywhere in the program . A typical login name of the user to get the current example is shown below:

Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();

if (principal instanceof UserDetails) {
String username = ((UserDetails)principal).getUsername();
} else {
String username = principal.toString();
}

  

Authentication

  Authentication is the highest level of identity / authentication in spring security in the abstract . From this top-level interface, we can get a list of information the user has permissions, passwords, user information, and authentication information.

public interface Authentication extends Principal, Serializable {
    Collection<? extends GrantedAuthority> getAuthorities();

    Object getCredentials();

    Object getDetails();

    Object getPrincipal();

    boolean isAuthenticated();

    void setAuthenticated(boolean var1) throws IllegalArgumentException;
}

  

AuthenticationManager

  AuthenticationManager responsible for the accreditation of Authentication, which is an interface that requires subclasses to implement authentication methods.

package org.springframework.security.authentication;

public interface AuthenticationManager {
    Authentication authenticate(Authentication var1) throws AuthenticationException;
}

  It is the most common implementation class is ProviderManager, ProviderManagerinternal maintains a List<AuthenticationProvider>list of store variety of authentication methods.

Under the default policy, only through a AuthenticationProvider certification, it can be considered a successful login .

    private List<AuthenticationProvider> providers;
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Class<? extends Authentication> toTest = authentication.getClass();
        ...
        Iterator var8 = this.getProviders().iterator();

        while(var8.hasNext()) {
            AuthenticationProvider provider = (AuthenticationProvider)var8.next();
            //每个Provider都有一个对Authentication的支持列表
            if (provider.supports(toTest)) {
                if (debug) {
                    logger.debug("Authentication attempt using " + provider.getClass().getName());
                }
            //每个Provider分别提供验证
                try {
                    result = provider.authenticate(authentication);
                    if (result != null) {
                        this.copyDetails(authentication, result);
                        break;
                    }
                } catch (AccountStatusException var13) {
                    this.prepareException(var13, authentication);
                    throw var13;
                } catch (InternalAuthenticationServiceException var14) {
                    this.prepareException(var14, authentication);
                    throw var14;
                } catch (AuthenticationException var15) {
                    lastException = var15;
                }
            }
        }

        if (result == null && this.parent != null) {
            try {
                result = parentResult = this.parent.authenticate(authentication);
            } catch (ProviderNotFoundException var11) {
            } catch (AuthenticationException var12) {
                parentException = var12;
                lastException = var12;
            }
        }

        if (result != null) {
            if (this.eraseCredentialsAfterAuthentication && result instanceof CredentialsContainer) {
                ((CredentialsContainer)result).eraseCredentials();
            }

            if (parentResult == null) {
                this.eventPublisher.publishAuthenticationSuccess(result);
            }

            return result;
        } else {
            if (lastException == null) {
                lastException = new ProviderNotFoundException(this.messages.getMessage("ProviderManager.providerNotFound", new Object[]{toTest.getName()}, "No AuthenticationProvider found for {0}"));
            }

            if (parentException == null) {
                this.prepareException((AuthenticationException)lastException, authentication);
            }

            throw lastException;
        }
    }

  

 

 

 

Guess you like

Origin www.cnblogs.com/MrSaver/p/11356607.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com