Spring Security源码实现

2025-08-11 15:36:53   2  举报





AI智能生成

Spring Security源码实现

spring security

spring security 核心组件

模版推荐

作者其他创作

大纲/内容

过滤器进行用户验证实现

AbstractAuthenticationProcessingFilter#doFilter

AbstractAuthenticationProcessingFilter#requiresAuthentication(request, response)

RequestMatcher#matches(request)

验证器

Authentication authResult = UsernamePasswordAuthenticationFilter#attemptAuthentication(request, response)

UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);

用户数据提供器

ProviderManager#authenticate(authRequest)

Iterator var9 = this.getProviders().iterator();

Authentication result = provider.authenticate(authentication);

AbstractUserDetailsAuthenticationProvider#authenticate(authentication)

String username = AbstractUserDetailsAuthenticationProvider#determineUsername

authentication.getPrincipal() == null ? "NONE_PROVIDED" : authentication.getName()

UserDetails user = this.userCache.getUserFromCache(username)

user = DaoAuthenticationProvider#retrieveUser(username, authentication)

List<UserDetails> users = JdbcDaoImpl#loadUserByUsername(username)

"select username,password,enabled from users where username = ?"

UserDetails user = (UserDetails)users.get(0)

Set<GrantedAuthority> dbAuthsSet List<GrantedAuthority> dbAuths = new ArrayList(dbAuthsSet);

JdbcDaoImpl#loadUserAuthorities(username)

"select username,authority from authorities where username = ?"

JdbcDaoImpl#loadGroupAuthorities(username)

"select g.id, g.group_name, ga.authority from groups g, group_members gm, group_authorities ga where gm.username = ? and g.id = ga.group_id and g.id = gm.group_id"

JdbcDaoImpl#addCustomAuthorities(user.getUsername(), dbAuths)

JdbcDaoImpl#createUserDetails(username, user, dbAuths)

new User(returnUsername, userFromUserQuery.getPassword(), userFromUserQuery.isEnabled(), userFromUserQuery.isAccountNonExpired(), userFromUserQuery.isCredentialsNonExpired(), userFromUserQuery.isAccountNonLocked(), combinedAuthorities)

DefaultPreAuthenticationChecks#check(user)

user.isAccountNonLocked()

user.isEnabled()

user.isAccountNonExpired()

DaoAuthenticationProvider#additionalAuthenticationChecks

passwordEncoder.matches(authentication.getCredentials().toString(), userDetails.getPassword())

userCache.putUserInCache(user)

DaoAuthenticationProvider#createSuccessAuthentication(principalToReturn, authentication, user)

ProviderManager#copyDetails(authentication, result)

AbstractAuthenticationProcessingFilter#successfulAuthentication(request, response, chain, authResult)

rememberme.AbstractRememberMeServices#loginSuccess(request, response, authResult)

successHandler.onAuthenticationSuccess(request, response, authResult)