Authentication是个接口,如下图1所示,此图来自于《Pro Spring Security》,建议读者阅读原书:
图1 Authentication的继承图
原书,讲的很好,原文是:
"An Authentication object is used both when an authentication request is created (when a user logs in), to carry around the different layers and classes of the framework the requesting data, and then when it is validated, containing the authenticated entity and storing it in SecurityContext.
The most common behavior is that when you log in to the application a new Authentication object will be created storing your user name, password, and permissions—most of which are technically known as Principal, Credentials, and Authorities, respectively."
即:Authentication在认证请求时用到,也可在层次间传递。最常见的场景就是登录,登录中的name、password、permission,对于过来就是Authentication的Principal、Credentials、Authorities。如下图2所示:
图2 Authentication的类图
参考:
(adsbygoogle = window.adsbygoogle || []).push({});