II. Summary statement
- As detailed aboveFourth, Spring Boot integration Spring Security certification process
- This article focuses on the realization of the principle process of UsernamePasswordAuthenticationFilter.
- AuthenticationManager
- AuthenticationProvider
- Custom Configuration of Username Password Implementation (UserDetailsService)
III. UsernamePasswordAuthenticationFilter
1. Structure and role
- Inherit AbstractAuthenticationProcessingFilter
- Initialization request address
- Initialize authenticationManager
- Initialize successHandler
- Initialize the failureHandler
- Implement the filter entry doFilter method
- The doFilter method calls the abstract methodattemptAuthenticationThe attemptAuthentication subclass is used to fulfill the username and password authentication business.
- Updates the security context on successful authentication and calls the
- Removes the security context on authentication failure and calls the
- realizationattemptAuthenticationmethodologies
- Get username and password from request
- Generate unauthenticated Authentication
- call (programming)authenticationManagerauthenticate method to complete username and password authentication.
IV. Authentication Manager (AuthenticationManager)
1. Role
- Complete Authentication
2. ProviderManager (default implementation)
- ProviderManager implements the AuthenticationManager interface.
- The role of the AuthenticationManager is to complete the authentication.
- However, the ProviderManager does not directly fulfill the Authentication
- Instead, it provides aAuthenticationProviderset (mathematics)
- Iterate through the AuthenticationProvider collection to complete the Authentication
- When you need multiple authentication methods, you can register a custom AuthenticationProvider, which will be introduced later.
V. AuthenticationProvider
1. Role
- Call the interface to get user information UserDetails
- Verify that the user and password are available
2. DaoAuthenticationProvider (default implementation)
- DaoAuthenticationProviderpredecessorAbstractUserDetailsAuthenticationProviderrealizationAuthenticationProviderconnector
- Call the retrieveUser method to get the user information UserDetails
- Call to get user information UserDetails
- Verify that the user exists and is available, and throw exceptions (expired, locked, enabled) if it doesn't exist or is unavailable
- Verify that the password is available and throw an exception (null, expired) if it is not.
- Verification of passwords using a password encryptor (passwords entered in the interface and passwords that have been encrypted in the database)
- Throw an exception if the passwords don't match
VI. UserDetailsService
1. Role
- Get user details by username UserDetails
- Return user information UserDetails
2. InMemoryUserDetailsManager (default implementation)
- A username and password are generated by default when the project starts, and are stored in memory.
- Get the user by username and return
3, recommended implementation: custom UserDetailsService
- Get the user from the database by username
- Database users to UserDetails, the database is not set in the attributes like whether or not to enable, the account has not expired, the password has not expired, the account has not been locked directly set to true can be
package ;
import ;
import ;
import ;
import ;
import ;
import ;
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
//@Autowired
//private UserService userService;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//TODO pass (a bill or inspection etc)usernameGetting users from the database,redirect usersUserDetails
//User user = (username);
//return new User(username, (), (), (), (), (), ());
return new User(username, "123", true, true, true, true, AuthorityUtils.NO_AUTHORITIES);
}
}
