Authentication英文翻译过来就是身份验证,验证的意思。Authentication在SpringSecutiry架构中占有核心地位,在org.springframework.security.core包中。定义了身份验证成功前和后通常用此接口存储用户基础信息后续保存:
// 当前登录人的详细 // Authentication是SpringSecurity中认证的主体,包含主体权限列表、主体凭据、主体详细信息,以及主体是否验证成功等信息 public interface Authentication extends Principal, Serializable { // 权限集合 Collection getAuthorities(); // 凭证 一般情况下都是指的是密码 Object getCredentials(); // 用户信息详情 Object getDetails(); // 一般指用户名 Object getPrincipal(); // 否认证成功 boolean isAuthenticated(); // 设置是否认证成功 void setAuthenticated(boolean var1) throws IllegalArgumentException; }
在Spring源码中一般接口后面肯定是对应的抽象类,对接口功能进行扩展,AbstractAuthenticationToken抽象类则是对==Authentication接口功能进行了扩展和完善,其中CredentialsContainer也非常的重要,在后期认证过程中有着承上启下的作用 ,都同属于org.springframework.security.core包下:
// 根据接口名称翻译则是凭证容器
// 可以理解为实现了此接口的类则会成为容纳认证完后的凭证信息
public interface CredentialsContainer {
// 擦除凭据方法
void eraseCredentials();
}
// 通过抽象类的名称得知是通过token认证
public abstract class AbstractAuthenticationToken implements Authentication, CredentialsContainer {
// 容纳权限的集合
private final Collection authorities;
// 用户详情对象
private Object details;
// 默认是没有认证
private boolean authenticated = false;
// 构造器
// authorities 权限集合
public AbstractAuthenticationToken(Collection authorities) {
// 如果权限集合为空
// 创建一个空集合
if (authorities == null) {
this.authorities = AuthorityUtils.NO_AUTHORITIES;
} else {
// 迭代authorities权限集合
// 初始化authorities
Iterator var2 = authorities.iterator();
GrantedAuthority a;
do {
if (!var2.hasNext()) {
ArrayList temp = new ArrayList(authorities.size());
temp.addAll(authorities);
this.authorities = Collections.unmodifiableList(temp);
return;
}
a = (GrantedAuthority)var2.next();
} while(a != null);
throw new IllegalArgumentException("Authorities collection cannot contain any null elements");
}
}
// 获取权限
public Collection getAuthorities() {
return this.authorities;
}
// 获取名称
public String getName() {
if (this.getPrincipal() instanceof UserDetails) {
return ((UserDetails)this.getPrincipal()).getUsername();
} else if (this.getPrincipal() instanceof AuthenticatedPrincipal) {
return ((AuthenticatedPrincipal)this.getPrincipal()).getName();
} else if (this.getPrincipal() instanceof Principal) {
return ((Principal)this.getPrincipal()).getName();
} else {
return this.getPrincipal() == null ? "" : this.getPrincipal().toString();
}
}
// 返回当前认证状态
public boolean isAuthenticated() {
return this.authenticated;
}
// 设置当前认证状态
public void setAuthenticated(boolean authenticated) {
this.authenticated = authenticated;
}
// 返回详细信息
public Object getDetails() {
return this.details;
}
// 设置详细信息
public void setDetails(Object details) {
this.details = details;
}
// 擦除凭证
public void eraseCredentials() {
// 密码
this.eraseSecret(this.getCredentials());
// 用户名
this.eraseSecret(this.getPrincipal());
// 详情
this.eraseSecret(this.details);
}
// 擦除凭证方法
private void eraseSecret(Object secret) {
// secret 是否是CredentialsContainer的子类
if (secret instanceof CredentialsContainer) {
// 使用擦除凭证的具体实现方法对凭证进行擦除
((CredentialsContainer)secret).eraseCredentials();
}
}
public boolean equals(Object obj) {
if (!(obj instanceof AbstractAuthenticationToken)) {
return false;
} else {
AbstractAuthenticationToken test = (AbstractAuthenticationToken)obj;
if (!this.authorities.equals(test.authorities)) {
return false;
} else if (this.details == null && test.getDetails() != null) {
return false;
} else if (this.details != null && test.getDetails() == null) {
return false;
} else if (this.details != null && !this.details.equals(test.getDetails())) {
return false;
} else if (this.getCredentials() == null && test.getCredentials() != null) {
return false;
} else if (this.getCredentials() != null && !this.getCredentials().equals(test.getCredentials())) {
return false;
} else if (this.getPrincipal() == null && test.getPrincipal() != null) {
return false;
} else if (this.getPrincipal() != null && !this.getPrincipal().equals(test.getPrincipal())) {
return false;
} else {
return this.isAuthenticated() == test.isAuthenticated();
}
}
}
public int hashCode() {
int code = 31;
GrantedAuthority authority;
for(Iterator var2 = this.authorities.iterator(); var2.hasNext(); code ^= authority.hashCode()) {
authority = (GrantedAuthority)var2.next();
}
if (this.getPrincipal() != null) {
code ^= this.getPrincipal().hashCode();
}
if (this.getCredentials() != null) {
code ^= this.getCredentials().hashCode();
}
if (this.getDetails() != null) {
code ^= this.getDetails().hashCode();
}
if (this.isAuthenticated()) {
code ^= -37;
}
return code;
}
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append(super.toString()).append(": ");
sb.append("Principal: ").append(this.getPrincipal()).append("; ");
sb.append("Credentials: [PROTECTED]; ");
sb.append("Authenticated: ").append(this.isAuthenticated()).append("; ");
sb.append("Details: ").append(this.getDetails()).append("; ");
if (!this.authorities.isEmpty()) {
sb.append("Granted Authorities: ");
int i = 0;
GrantedAuthority authority;
for(Iterator var3 = this.authorities.iterator(); var3.hasNext(); sb.append(authority)) {
authority = (GrantedAuthority)var3.next();
if (i++ > 0) {
sb.append(", ");
}
}
} else {
sb.append("Not granted any authorities");
}
return sb.toString();
}
}
下面我们就说说Authentication具体的子类实现,通过不同方式认证时,使用的不同的实现类存储认证成功或待认证的用户信息:
- UsernamePasswordAuthenticationToken
- TestingAuthenticationToken
- RememberMeAuthenticationToken
- AnonymousAuthticationToken
- PreAuthenticatedAuthenticationToekn
- RunAsUserToken
- JaasAuthenticationToken
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)