SpringBoot第五篇SpringSecurity 认证机制

一、SpringSecurity主要用于鉴权和授权功能，他的过滤器链路如图

 

 

1. BasicAuthenticationFilter实现的是HttpBasic模式的登录认证
2. UsernamePasswordAuthenticationFilter实现用户名密码的登录认证
3. RememberMeAuthenticationFilter实现登录认证的“记住我”的功能
4. SmsCodeAuthenticationFilter实现短信验证码登录认证
5. SocialAuthenticationFilter实现社交媒体方式登录认证的处理
6. Oauth2AuthenticationProcessingFilter和Oauth2ClientAuthenticationProcessingFilter实现Oauth2的鉴权方式

一、登录认证，调用方法ip/login,自动触发UsernamePasswordAuthenticationFilter过滤器

 　　自定义过滤器，继承该过滤器，可以实现验证之前的操作，比如验证码判断

     1.重写验证方法

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res)           throws AuthenticationException {       try {           String username = req.getParameter("username");           String password = req.getParameter("password");           //验证码判断，手机验证码判断等           // 将用户信息放入authenticationManager           return authenticationManager.authenticate(                   new UsernamePasswordAuthenticationToken(                           username,                           password,                           Collections.emptyList())           );       } catch (Exception e) {           throw new RuntimeException(e);       }   }

　　2、验证成功方法重写，可以返回token等数据

?

1 2 3 4

protected void successfulAuthentication(HttpServletRequest req, HttpServletResponse res,                                             FilterChain chain, Authentication auth) throws IOException, ServletException { //返回处理的token }

　　3、