Spring Security的基于内存身份验证主要流程
1.请求被(身份验证过滤器)拦截 2.身份验证职能被委托给(身份验证管理器AuthenticationManager)3.身份验证管理器使用实现身份验证逻辑的(身份验证提供程序DaoAuthenticationProvider)4.身份验证提供程序使用(用户详情服务UserDetailsService)找到用户,并使用(密码编码器NoOpPasswordEncoder)验证密码,5.身份验证的结果返回给过滤器6.已验证实体的详情被储存到安全上下文中。
a.在springboot启动过滤器配置的ApplicationFilterChain中ApplicationFilterConfig[] filters,filters[4]值为springSecurityFilterChain,将其委托给FilterChainProxy类
b.FilterChainProxy类中List
c.BasicAuthenticationFilter类中有重要的身份认证管理器AuthenticationManager authenticationManager值为ProviderManager类
d.ProviderManager类有两个重要的属性List providers 值为AnonymousAuthenticationProvider,AuthenticationManager parent值为ProviderManager类。在parent中的parent为null,providers有一个DaoAuthenticationProvider。
e.DaoAuthenticationProvider类中有两个重要属性PasswordEncoder passwordEncoder=NoOpPasswordEncoder
,UserDetailsService userDetailsService=InMemoryUserDetailsManager,调用Authentication authenticate(Authentication authentication)
f.DaoAuthenticationProvider.authenticate(authentication)方法:将前端传来的用户名,密码初始化为Authentication的实例(authenticated = false)UsernamePasswordAuthenticationToken对象作为入参,返回(authenticated = false)的对象。首先在retrieveUser()中this.InMemoryUserDetailsManager.loadUserByUsername(name)返回内存中的该用户详情,在additionalAuthenticationChecks()方法this.passwordEncoder.matches() 验证密码。
UserDetailsService 组件
//根据用户名返回用户详情
public interface UserDetailsService {
UserDetails loadUserByUsername(String var1) throws UsernameNotFoundException;
}
public class User implements UserDetails {
private String password;
private final String username;
private final Set authorities;
private final boolean accountNonExpired;
private final boolean accountNonLocked;
private final boolean credentialsNonExpired;
private final boolean enabled;
getAuthorities();
String getPassword();
String getUsername();
boolean isAccountNonExpired();
boolean isAccountNonLocked();
boolean isCredentialsNonExpired();
boolean isEnabled();
}
//基于内存实现UserDetailsService
public class InMemoryUserDetailsManager{
//储存用户数据的map
private final Map users = new HashMap();
//是一个认证管理器
private AuthenticationManager authenticationManager;
//创建用户,删除用户,更新用户等 *** 作
//重要实现UserDetails loadUserByUsername(String var1)方法
} 身份认证管理器
//认证管理器的认证接口
public interface AuthenticationManager {
Authentication authenticate(Authentication var1) throws AuthenticationException;
}
//实现AuthenticationManager接口,提供认证功能
public class ProviderManager{
private List providers;
//parent值为ProviderManager实例,其属性parent为null,
//providers[0]=DaoAuthenticationProvider实例
private AuthenticationManager parent;
public Authentication authenticate(Authentication authentication){
//1.先循环providers数组,调用authenticate(authentication)
Iterator var6 = this.getProviders().iterator();
while(var6.hasNext()) {
AuthenticationProvider provider = (AuthenticationProvider)var6.next();
result = provider.authenticate(authentication);
}
//2.调用authenticate(authentication);
this.parent.authenticate(authentication);
}
}
AuthenticationProvider
//身份认证提供接口
public interface AuthenticationProvider {
Authentication authenticate(Authentication var1) throws AuthenticationException;
boolean supports(Class var1);
}
//一个重要的AuthenticationProvider接口实现
public class DaoAuthenticationProvider{
private PasswordEncoder passwordEncoder;
private UserDetailsService userDetailsService;
//返回认证过的authentication
Authentication authenticate(Authentication authentication);
}
//认证体接口
public interface Authentication {
Collection getAuthorities();
Object getCredentials();
Object getDetails();
Object getPrincipal();
boolean isAuthenticated();
void setAuthenticated(boolean var1) throws IllegalArgumentException;
}
//Authentication接口的实现类
public class UsernamePasswordAuthenticationToken{
private final Object principal;
private Object credentials;
private final Collection authorities;
private Object details;
private boolean authenticated = false;
} SpringSecurity中使用方式1,在配置类导入UserDetailService/PasswordEncoder的bean。2,继承WebSecurityConfigurerAdapter,configure(AuthenticationManagerBuilder auth)方法auth.userDetailsService().passwordEncoder()。
自定义身份验证逻辑。1,实现AuthenticationProvider接口2,在configure(AuthenticationManagerBuilder auth)中添加AuthenticationProvider接口的bean。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)