Spring源代码解析(九):Spring Acegi框架鉴权的实现
来源:互联网 发布:翼支付刷单软件 编辑:程序博客网 时间:2024/05/19 06:50
- if (className != null) {
- try {
- Class clazz = getClass().getClassLoader().loadClass(className);
- Constructor constructor = clazz.getConstructor(new Class[] {
- Authentication.class, AuthenticationException.class
- });
- Object obj = constructor.newInstance(new Object[] {authentication, lastException});
- Assert.isInstanceOf(AbstractAuthenticationEvent.class, obj, "Must be an AbstractAuthenticationEvent");
- event = (AbstractAuthenticationEvent) obj;
- } catch (ClassNotFoundException ignored) {}
- catch (NoSuchMethodException ignored) {}
- catch (IllegalAccessException ignored) {}
- catch (InstantiationException ignored) {}
- catch (InvocationTargetException ignored) {}
- }
- if (event != null) {
- publishEvent(event);
- } else {
- if (logger.isDebugEnabled()) {
- logger.debug("No event was found for the exception " + lastException.getClass().getName());
- }
- }
- // Throw the exception
- throw lastException;
- }
public Authentication doAuthentication(Authentication authentication) throws AuthenticationException { //这里取得配置好的provider链的迭代器,在配置的时候可以配置多个provider,这里我们配置的是DaoAuthenticationProvider来说明, 它使用数据库来保存用户的用户名和密码信息。 Iterator iter = providers.iterator(); Class toTest = authentication.getClass(); AuthenticationException lastException = null; while (iter.hasNext()) { AuthenticationProvider provider = (AuthenticationProvider) iter.next(); if (provider.supports(toTest)) { logger.debug("Authentication attempt using " + provider.getClass().getName()); //这个result包含了验证中得到的结果信息 Authentication result = null; try {//这里是provider进行验证处理的过程 result = provider.authenticate(authentication); sessionController.checkAuthenticationAllowed(result); } catch (AuthenticationException ae) { lastException = ae; result = null; } if (result != null) { sessionController.registerSuccessfulAuthentication(result); publishEvent(new AuthenticationSuccessEvent(result)); return result; } } } if (lastException == null) { lastException = new ProviderNotFoundException(messages.getMessage("ProviderManager.providerNotFound", new Object[] {toTest.getName()}, "No AuthenticationProvider found for {0}")); } // 这里发布事件来通知上下文的监听器 String className = exceptionMappings.getProperty(lastException.getClass().getName()); AbstractAuthenticationEvent event = null; if (className != null) { try { Class clazz = getClass().getClassLoader().loadClass(className); Constructor constructor = clazz.getConstructor(new Class[] { Authentication.class, AuthenticationException.class }); Object obj = constructor.newInstance(new Object[] {authentication, lastException}); Assert.isInstanceOf(AbstractAuthenticationEvent.class, obj, "Must be an AbstractAuthenticationEvent"); event = (AbstractAuthenticationEvent) obj; } catch (ClassNotFoundException ignored) {} catch (NoSuchMethodException ignored) {} catch (IllegalAccessException ignored) {} catch (InstantiationException ignored) {} catch (InvocationTargetException ignored) {} } if (event != null) { publishEvent(event); } else { if (logger.isDebugEnabled()) { logger.debug("No event was found for the exception " + lastException.getClass().getName()); } } // Throw the exception throw lastException; }
我们下面看看在DaoAuthenticationProvider是怎样从数据库中取出对应的验证信息进行用户验证的,在它的基类AbstractUserDetailsAuthenticationProvider定义了验证的处理模板:
Java代码
- Spring源代码解析(九):Spring Acegi框架鉴权的实现
- Spring源代码解析(九):Spring Acegi框架鉴权的实现
- Spring源代码解析(九):Spring Acegi框架鉴权的实现
- Spring源代码解析(九):Spring Acegi框架鉴权的实现
- Spring源代码解析(十):Spring Acegi框架授权的实现
- Spring源代码解析(十):Spring Acegi框架授权的实现
- Spring Acegi框架鉴权的实现
- Spring Acegi框架授权的实现
- Spring acegi 安全框架
- Spring源代码解析(八):Spring驱动Hibernate的实现
- Spring源代码解析(八):Spring驱动Hibernate的实现
- Spring Security - Acegi 框架介绍
- spring中注解处理框架解析----源代码实现
- 实战Acegi:使用Acegi作为基于Spring框架的WEB应用的安全框架
- Spring框架学习(九)——Spring实现AOP的多种方式
- 在项目中用Spring的Acegi安全框架的步骤
- Acegi-认证和授权,用于Spring Framework的安全框架
- Spring框架和Acegi安全框架介绍
- Java技术体验,HTTP多线程下载,端口侦听和自启动服务
- Hash表实现时的注意事项
- 熊猫烧香--核心代码2
- 熊猫烧香--核心代码1
- 各公司笔试题收藏(二)
- Spring源代码解析(九):Spring Acegi框架鉴权的实现
- 多线程断点续传实践
- 常用的DoS命令:IPC$口令
- 简单突破QQ好友拒加
- Spring源代码解析(十):Spring Acegi框架授权的实现
- 你、有没有 这样的时候
- 用自解压包入侵
- Spring源代码解析(九):Spring Acegi框架鉴权的实现
- DDoS攻击原理及防范(一)