Analysis of spring security login verification process source code

Java

1、 Login authentication is based on filter chain

The core of the login verification process of spring security is the filter chain. When a request arrives, it is processed in sequence according to the filter chain. Through the verification of all filter chains, you can access the API interface.

Spring security provides a variety of login authentication methods, which are implemented by a variety of filter filters, such as:

According to our different requirements and configurations, different filters will be loaded into the application.

2、 Explain the login verification process combined with the source code

Let's take the login method of user name and password as an example to explain the login authentication process of spring security.

2.1 UsernamePasswordAuthenticationFilter

This filter encapsulates the basic user information (user name and password) and defines the information related to the data reception of the login form, such as:

2.2 verification process of dofilter method of abstractauthenticationprocessingfilter

Usernamepasswordauthenticationfilter inherits from the abstract class abstractauthenticationprocessingfilter, which defines the processing methods for successful verification and failed verification.

2.3 handler after successful verification and handler after failed verification

In other words, when we need to customize the processing methods for successful or failed authentication, we need to implement the authenticationsuccesshandler or authenticationfailurehandler interface

3、 Login authentication internal details

3.1 management of multiple authentication methods

Providermanager inherits from AuthenticationManager and is the core class of login authentication. Providermanager keeps multiple authenticationproviders for different types of login authentication. For example:

public class ProviderManager implements AuthenticationManager,MessageSourceAware,InitializingBean { …… private List
providers; ……

The following is the core source code of providermanager, which traverses the authenticationproviders of different login authentication. Only when this method is supported, the specific login authentication logic is executed.

3.2 login authentication interface authenticationprovider

public interface AuthenticationProvider {
 Authentication authenticate(Authentication var1) throws AuthenticationException;
 boolean supports(Class<?> var1);
}

The implementation class of authenticationprovider defines the specific login verification logic

3.3 database loading user information daoauthenticationprovider

public class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {

Get user information source code from database

Therefore, when we need to load user information for login authentication, we need to implement the userdetailsservice interface and rewrite the loaduserbyusername method. The parameter is the user name entered by the user. The return value is userdetails.

summary

The above is the spring security login verification process source code introduced by Xiaobian. I hope it will be helpful to you. If you have any questions, please leave me a message, and Xiaobian will reply to you in time. Thank you very much for your support to our website! If you think this article is helpful to you, welcome to reprint, please indicate the source, thank you!

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>