Spring Security 学习

Spring Secutity核心组件

    SecurityContext、SecurityContextHolder、Authentication、Userdetails 和 AuthenticationManager

相关组件介绍:

1.Authentication

public interface Authentication extends Principal, Serializable {
    Collection getAuthorities();

    Object getCredentials();

    Object getDetails();

    Object getPrincipal();

    boolean isAuthenticated();

    void setAuthenticated(boolean var1) throws IllegalArgumentException;
}

 

public interface UserDetails extends Serializable {
    Collection getAuthorities();

    String getPassword();

    String getUsername();

    boolean isAccountNonExpired();

    boolean isAccountNonLocked();

    boolean isCredentialsNonExpired();

    boolean isEnabled();
}

 

解析:该组件是认证组件;能干什么:该组件所持有方法用来获取用户通过spring security设置的用户相关的所有信息

    这些信息包括

       a.getAuthorities //用于获取认证用户的权限列表

       b.getCredentials //用于获取用于获取用户的认证信息

       c.getPrincipal  //1.当用户未认证时获取的是当前用户的username;2. 用户认证之后获取的是UserDetails

       d.getDetails //获取用户的额外信息(我打印获得是【RemoteIpAddress: 127.0.0.1; SessionId:                3AD6191B44EF801CF3E5A7F61A742F5F】)

 

2.SecurityContext

    该组件是安全应用上下文;能干什么:该应用中有两个方法【getAuthentaciton,setAuthentaciton】,通过方法名可以看出该类作用是通过该应用上下文获取认证组件,以用于获取认证相关信息;

3.SecurityContextHolder

public class SecurityContextHolder {
    public static final String MODE_THREADLOCAL = "MODE_THREADLOCAL";
    public static final String MODE_INHERITABLETHREADLOCAL = "MODE_INHERITABLETHREADLOCAL";
    public static final String MODE_GLOBAL = "MODE_GLOBAL";
    public static final String SYSTEM_PROPERTY = "spring.security.strategy";
    private static String strategyName = System.getProperty("spring.security.strategy");
    private static SecurityContextHolderStrategy strategy;
    private static int initializeCount = 0;

    public SecurityContextHolder() {
    }

    public static void clearContext() {
        strategy.clearContext();
    }

    public static SecurityContext getContext() {
        return strategy.getContext();
    }

    public static int getInitializeCount() {
        return initializeCount;
    }

    private static void initialize() {
        if (!StringUtils.hasText(strategyName)) {
            strategyName = "MODE_THREADLOCAL";
        }

        if (strategyName.equals("MODE_THREADLOCAL")) {
            strategy = new ThreadLocalSecurityContextHolderStrategy();
        } else if (strategyName.equals("MODE_INHERITABLETHREADLOCAL")) {
            strategy = new InheritableThreadLocalSecurityContextHolderStrategy();
        } else if (strategyName.equals("MODE_GLOBAL")) {
            strategy = new GlobalSecurityContextHolderStrategy();
        } else {
            try {
                Class clazz = Class.forName(strategyName);
                Constructor customStrategy = clazz.getConstructor();
                strategy = (SecurityContextHolderStrategy)customStrategy.newInstance();
            } catch (Exception var2) {
                ReflectionUtils.handleReflectionException(var2);
            }
        }

        ++initializeCount;
    }

    public static void setContext(SecurityContext context) {
        strategy.setContext(context);
    }

    public static void setStrategyName(String strategyName) {
        strategyName = strategyName;
        initialize();
    }

    public static SecurityContextHolderStrategy getContextHolderStrategy() {
        return strategy;
    }

    public static SecurityContext createEmptyContext() {
        return strategy.createEmptyContext();
    }

    public String toString() {
        return "SecurityContextHolder[strategy='" + strategyName + "'; initializeCount=" + initializeCount + "]";
    }

    static {
        initialize();
    }
}

    该组件是SecurityContext的持有者;能干什么:该组件的使用策略模式,通过制定或默认策略产生holder,使用指定的holder来存储应用上下文,还有清除持有的上下文、获取策略名等

4.AuthenticationManager

public interface AuthenticationManager {
    Authentication authenticate(Authentication var1) throws AuthenticationException;
}

    该组件是一个接口,它只有一个方法,接收参数为Authentication;能干什么:校验Authentication,如果验证失败会抛出AuthenticationException异常。AuthenticationException是一个抽象类,因此代码逻辑并不能实例化一个AuthenticationException异常并抛出,实际上抛出的异常通常是其实现类,如DisabledException,LockedException,BadCredentialsException等。BadCredentialsException可能会比较常见,即密码错误的时候。

你可能感兴趣的:(#,学习1:Spring,Security核心组件)