注:版本是Springsecurity4.3.x.RELEASE
ProviderManager中有如下List-1的属性,AuthenticationProvider就是被ProviderManager使用到的,如下List-2所示。
List-1
private List<AuthenticationProvider> providers
List-2
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
Class<? extends Authentication> toTest = authentication.getClass();
AuthenticationException lastException = null;
Authentication result = null;
boolean debug = logger.isDebugEnabled();
for (AuthenticationProvider provider : getProviders()) {
if (!provider.supports(toTest)) {
continue;
}
if (debug) {
logger.debug("Authentication attempt using "
+ provider.getClass().getName());
}
try {
result = provider.authenticate(authentication);
if (result != null) {
copyDetails(authentication, result);
break;
}
}
catch (AccountStatusException e) {
prepareException(e, authentication);
// SEC-546: Avoid polling additional providers if auth failure is due to
// invalid account status
throw e;
}
catch (InternalAuthenticationServiceException e) {
prepareException(e, authentication);
throw e;
}
catch (AuthenticationException e) {
lastException = e;
}
}
如List-2所示,会遍历List-1中的AuthenticationProvider,逐个provider的authenticate方法。
图1 CasAuthenticationProvider的authenticate方法时序图
来一张图,描述下CasAuthenticationFilter、ProviderManager等的调用关系吧,如下图1所示,原图见我的Github。
图1
(adsbygoogle = window.adsbygoogle || []).push({});