先來無事看看acegi的登陸過濾器 寫下來當作備忘吧
主要的類是AuthenticationProcessingFilter 繼承了AbstractProcessingFilter 這要的邏輯都在后面這個類中
讓我們看看核心代碼吧
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
- ServletException {
- if (!(request instanceof HttpServletRequest)) {
- throw new ServletException("Can only process HttpServletRequest");
- }
-
- if (!(response instanceof HttpServletResponse)) {
- throw new ServletException("Can only process HttpServletResponse");
- }
-
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- HttpServletResponse httpResponse = (HttpServletResponse) response;
-
- if (requiresAuthentication(httpRequest, httpResponse)) {
- if (logger.isDebugEnabled()) {
- logger.debug("Request is to process authentication");
- }
-
- Authentication authResult;
- /下面才是重點 上面都是些基本檢查
- try {
- onPreAuthentication(httpRequest, httpResponse);
- authResult = attemptAuthentication(httpRequest);
- }
- catch (AuthenticationException failed) {
-
- unsuccessfulAuthentication(httpRequest, httpResponse, failed);
-
- return;
- }
-
-
- if (continueChainBeforeSuccessfulAuthentication) {
- chain.doFilter(request, response);
- }
-
- successfulAuthentication(httpRequest, httpResponse, authResult);
-
- return;
- }
-
- chain.doFilter(request, response);
- }
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException {
if (!(request instanceof HttpServletRequest)) {
throw new ServletException("Can only process HttpServletRequest");
}
if (!(response instanceof HttpServletResponse)) {
throw new ServletException("Can only process HttpServletResponse");
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
if (requiresAuthentication(httpRequest, httpResponse)) {
if (logger.isDebugEnabled()) {
logger.debug("Request is to process authentication");
}
Authentication authResult;
//下面才是重點 上面都是些基本檢查
try {
onPreAuthentication(httpRequest, httpResponse);
authResult = attemptAuthentication(httpRequest);//這個方法就是去登陸了 就是調用dao檢查用戶名密碼 登陸不成功將拋出異常
}
catch (AuthenticationException failed) {
// Authentication failed
unsuccessfulAuthentication(httpRequest, httpResponse, failed);
return;
}
// Authentication success
if (continueChainBeforeSuccessfulAuthentication) {
chain.doFilter(request, response);
}
successfulAuthentication(httpRequest, httpResponse, authResult);
return;
}
chain.doFilter(request, response);
}
看一些登陸成功后 做些什么
- protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
- Authentication authResult) throws IOException {
- if (logger.isDebugEnabled()) {
- logger.debug("Authentication success: " + authResult.toString());
- }
-
-
- SecurityContextHolder.getContext().setAuthentication(authResult);
-
- if (logger.isDebugEnabled()) {
- logger.debug("Updated SecurityContextHolder to contain the following Authentication: '" + authResult + "'");
- }
-
- String targetUrl = determineTargetUrl(request);
-
- if (logger.isDebugEnabled()) {
- logger.debug("Redirecting to target URL from HTTP Session (or default): " + targetUrl);
- }
-
- onSuccessfulAuthentication(request, response, authResult);
-
- rememberMeServices.loginSuccess(request, response, authResult);
-
-
- if (this.eventPublisher != null) {
- eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
- }
-
- sendRedirect(request, response, targetUrl);
- }