AuthenticationManagerResponsible for managing many of AuthenticationProviderthese Provider can provide different calibration procedures for different landing approach
By acquiring ProvicerManagerand call its authenticate()methods through all the check mode provider to verify, get a validator to support the current login mode
You will find the corresponding login by the Provider provider.authenticate(authentication);verifies the checksum way calling provider offers
1.3 AuthenticationProvider
By way of example here, the account password, it will be used to achieve a AbstractUserDetailsAuthenticationProviderspecific implementation class DaoAuthenticationProviderto perform a checksum;
Verification process calls AbstractUserDetailsAuthenticationProviderthe authenticatemethod
Verification process is divided into three stages:
preAuthenticationChecks.check(user);Pre-check, according to the four methods UserDetails interface, for the account is enabled, the account has expired, if the account lockout status check
When a request comes in : the Session check, to determine whether there SecurityContext session (i.e. there is no user authentication information), if it will be out, put the request thread;
When the request is complete ** Returns: Are there SecurityContext ** Check the thread, the authentication information into the session
Method 2: In the parameters of the controller, the type declaration Authentication, SPRINGMVC us to automatically inject user authentication information;