AbstractAuthenticationProcessingFilter

  1 package org.springframework.security.web.authentication;
  2 
  3 import java.io.IOException;
  4 import javax.servlet.FilterChain;
  5 import javax.servlet.ServletException;
  6 import javax.servlet.ServletRequest;
  7 import javax.servlet.ServletResponse;
  8 import javax.servlet.http.HttpServletRequest;
  9 import javax.servlet.http.HttpServletResponse;
 10 import org.springframework.context.ApplicationEventPublisher;
 11 import org.springframework.context.ApplicationEventPublisherAware;
 12 import org.springframework.context.MessageSource;
 13 import org.springframework.context.MessageSourceAware;
 14 import org.springframework.context.support.MessageSourceAccessor;
 15 import org.springframework.security.authentication.AuthenticationDetailsSource;
 16 import org.springframework.security.authentication.AuthenticationManager;
 17 import org.springframework.security.authentication.InternalAuthenticationServiceException;
 18 import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
 19 import org.springframework.security.core.Authentication;
 20 import org.springframework.security.core.AuthenticationException;
 21 import org.springframework.security.core.SpringSecurityMessageSource;
 22 import org.springframework.security.core.context.SecurityContextHolder;
 23 import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
 24 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
 25 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 26 import org.springframework.security.web.util.matcher.RequestMatcher;
 27 import org.springframework.util.Assert;
 28 import org.springframework.web.filter.GenericFilterBean;
 29 
 30 public abstract class AbstractAuthenticationProcessingFilter extends GenericFilterBean implements ApplicationEventPublisherAware, MessageSourceAware {
 31     protected ApplicationEventPublisher eventPublisher;//应用事件发布者
 32     protected AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();//身份验证详细信息源
 33     private AuthenticationManager authenticationManager;//认证管理器
 34     protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();//消息源访问器
 35     private RememberMeServices rememberMeServices = new NullRememberMeServices();//记住我的服务
 36     private RequestMatcher requiresAuthenticationRequestMatcher;//请求匹配器
 37     private boolean continueChainBeforeSuccessfulAuthentication = false;//成功认证前的继续链
 38     private SessionAuthenticationStrategy sessionStrategy = new NullAuthenticatedSessionStrategy();//会话认证策略
 39     private boolean allowSessionCreation = true;//允许会话创建
 40     private AuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();//身份验证成功处理程序
 41     private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();//身份验证失败处理程序
 42 
 43     protected AbstractAuthenticationProcessingFilter(String defaultFilterProcessesUrl) {//默认过滤处理的url
 44         this.setFilterProcessesUrl(defaultFilterProcessesUrl);
 45     }
 46 
 47     protected AbstractAuthenticationProcessingFilter(RequestMatcher requiresAuthenticationRequestMatcher) {//请求匹配器
 48         Assert.notNull(requiresAuthenticationRequestMatcher, "requiresAuthenticationRequestMatcher cannot be null");
 49         this.requiresAuthenticationRequestMatcher = requiresAuthenticationRequestMatcher;
 50     }
 51 
 52     public void afterPropertiesSet() {//属性集之后
 53         Assert.notNull(this.authenticationManager, "authenticationManager must be specified");
 54     }
 55 
 56     public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
 57         HttpServletRequest request = (HttpServletRequest)req;
 58         HttpServletResponse response = (HttpServletResponse)res;
 59         if (!this.requiresAuthentication(request, response)) {
 60             chain.doFilter(request, response);
 61         } else {
 62             if (this.logger.isDebugEnabled()) {
 63                 this.logger.debug("Request is to process authentication");
 64             }
 65 
 66             Authentication authResult;
 67             try {
 68                 authResult = this.attemptAuthentication(request, response);
 69                 if (authResult == null) {
 70                     return;
 71                 }
 72 
 73                 this.sessionStrategy.onAuthentication(authResult, request, response);
 74             } catch (InternalAuthenticationServiceException var8) {
 75                 this.logger.error("An internal error occurred while trying to authenticate the user.", var8);
 76                 this.unsuccessfulAuthentication(request, response, var8);
 77                 return;
 78             } catch (AuthenticationException var9) {
 79                 this.unsuccessfulAuthentication(request, response, var9);
 80                 return;
 81             }
 82 
 83             if (this.continueChainBeforeSuccessfulAuthentication) {
 84                 chain.doFilter(request, response);
 85             }
 86 
 87             this.successfulAuthentication(request, response, chain, authResult);
 88         }
 89     }
 90             
 91     protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {//是否需要认证
          //请求匹配器与请求路劲是否匹配,如果匹配返回真,如果不匹配返回假
92 return this.requiresAuthenticationRequestMatcher.matches(request); 93 } 94       //认证逻辑的方法,由子类实现 95 public abstract Authentication attemptAuthentication(HttpServletRequest var1, HttpServletResponse var2) throws AuthenticationException, IOException, ServletException; 96         //认证成功 97 protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException { 98 if (this.logger.isDebugEnabled()) { 99 this.logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult); 100 } 101 102 SecurityContextHolder.getContext().setAuthentication(authResult); 103 this.rememberMeServices.loginSuccess(request, response, authResult); 104 if (this.eventPublisher != null) {
            //交互式认证成功事件
105 this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass())); 106 } 107 108 this.successHandler.onAuthenticationSuccess(request, response, authResult); 109 } 110             //没有认证成功 111 protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException { 112 SecurityContextHolder.clearContext(); 113 if (this.logger.isDebugEnabled()) { 114 this.logger.debug("Authentication request failed: " + failed.toString(), failed); 115 this.logger.debug("Updated SecurityContextHolder to contain null Authentication"); 116 this.logger.debug("Delegating to authentication failure handler " + this.failureHandler); 117 } 118 119 this.rememberMeServices.loginFail(request, response); 120 this.failureHandler.onAuthenticationFailure(request, response, failed); 121 } 122       //get认证管理器 123 protected AuthenticationManager getAuthenticationManager() { 124 return this.authenticationManager; 125 } 126       //set认证管理器 127 public void setAuthenticationManager(AuthenticationManager authenticationManager) { 128 this.authenticationManager = authenticationManager; 129 } 130         //设置过滤器处理的url 131 public void setFilterProcessesUrl(String filterProcessesUrl) { 132 this.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(filterProcessesUrl)); 133 } 134       //设置需要认证请求匹配器 135 public final void setRequiresAuthenticationRequestMatcher(RequestMatcher requestMatcher) { 136 Assert.notNull(requestMatcher, "requestMatcher cannot be null"); 137 this.requiresAuthenticationRequestMatcher = requestMatcher; 138 } 139       //get记住我的服务 140 public RememberMeServices getRememberMeServices() { 141 return this.rememberMeServices; 142 } 143       //set记住我的服务 144 public void setRememberMeServices(RememberMeServices rememberMeServices) { 145 Assert.notNull(rememberMeServices, "rememberMeServices cannot be null"); 146 this.rememberMeServices = rememberMeServices; 147 } 148       //set 是否跳出 链 在认证成功前 149 public void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication) { 150 this.continueChainBeforeSuccessfulAuthentication = continueChainBeforeSuccessfulAuthentication; 151 } 152       //set 应用事件发布者 153 public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) { 154 this.eventPublisher = eventPublisher; 155 } 156 //set 身份认证详细信息源 157 public void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) { 158 Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required"); 159 this.authenticationDetailsSource = authenticationDetailsSource; 160 } 161       //set 消息源访问器 162 public void setMessageSource(MessageSource messageSource) { 163 this.messages = new MessageSourceAccessor(messageSource); 164 } 165 // get 允许会话创建 166 protected boolean getAllowSessionCreation() { 167 return this.allowSessionCreation; 168 } 169 //set 允许会话创建 170 public void setAllowSessionCreation(boolean allowSessionCreation) { 171 this.allowSessionCreation = allowSessionCreation; 172 } 173 //set 会话认证策略 174 public void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionStrategy) { 175 this.sessionStrategy = sessionStrategy; 176 } 177 //set 认证成功的处理程序 178 public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler) { 179 Assert.notNull(successHandler, "successHandler cannot be null"); 180 this.successHandler = successHandler; 181 } 182 // set 认证失败的处理程序 183 public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler) { 184 Assert.notNull(failureHandler, "failureHandler cannot be null"); 185 this.failureHandler = failureHandler; 186 } 187 //get 认证成功的处理程序 188 protected AuthenticationSuccessHandler getSuccessHandler() { 189 return this.successHandler; 190 } 191 //get 认证失败的处理程序 192 protected AuthenticationFailureHandler getFailureHandler() { 193 return this.failureHandler; 194 } 195 }

 

posted @ 2018-06-06 13:31  chenhonggao  阅读(2631)  评论(0编辑  收藏  举报