Joke Collection Website - Public benefit messages - Spring security analysis 9: AuthenticationManager
Spring security analysis 9: AuthenticationManager
AuthenticationManager only cares about the success of authentication, not the specific authentication method. For example, we can authenticate through username and password, SMS, face brushing and OAuth2 protocol. AuthenticationProvider is responsible for these specific authentication methods.
Some implementations of AuthenticationProvider are shown below.
How AuthenticationManager and AuthenticationProvider are created and used, and how to freely add authentication methods will be further analyzed in the following content.
In the previous chapter, we analyzed the related contents in the WebSecurityConfiguration class. Now, let's go back to the comments of @EnableWebSecurity, and then let's analyze what has been done inside @ enablebobalauthentication.
The key is to import the AuthenticationConfiguration configuration object.
AuthenticationConfiguration also imports the ObjectPostProcessOrConfiguration configuration configuration, which is relatively simple, that is, instantiating a bean, which has been used in the previous chapters.
Next, we deeply analyze the implementation of AuthenticationConfiguration configuration class.
Let's briefly talk about the main process of AuthenticationManager construction.
From the door, we can know that it uses DefaultPasswordAuthentication ManagerBuilder as the builder of authentication management by default, and the execution process of its build () method is analyzed below.
When DefaultPasswordEncoding ManagerBuilder executes the build () method, it will execute the doBuild () method of its parent class AbstractConfigSecurityBuilder. As mentioned earlier, this method is a template method, as follows:
Then let's analyze what the init and configure methods do in these three instances of the default GlobalTauthenticationConfigureradapter type.
The purpose of this class is only to add the initializeuserdetailsmanagerconfigurer configuration. By creating the DaoAuthenticationProvider object in its configure method phase, it is finally added to the ProviderManager.
By default, InMemoryUserDetailsManager will be created in the automatic configuration of Springboot. Please refer to Spring Security Solution 2: Automatic Assembly.
We can also specify through configuration, for example:
Then further study what DaoAuthenticationProvider has done, and how does it authenticate identity?
Visible operation is mainly to obtain user information from a certain place, and then view the user status. If the check fails, a corresponding exception will be thrown, otherwise successful authentication information will be returned.
RetrieveUser and additionalAuthenticationChecks above are places that need further study.
User information is obtained through userDetailsService, and passwordEncoder is used to verify whether the password is correct. These two objects are obtained from the ApplicationContext by initializing the User Details Manager Configurator in the abstract in 3.2 above.
The purpose of this class is only to add the initializeuserdetailsmanagerconfigurer configuration. At the stage of its configure method, the Bean of type AuthenticationProvider is obtained from the ApplicationContext and added to the ProviderManager.
Summary:
After completing the above steps, add one or more authenticationProviders to the AuthenticationProviders property of the DefaultPasswordEncodeAuthentication Manager generator. The next task is to execute the performBuild () method of the DefaultPasswordEncoding Authentication Manager generator to complete the creation of the authentication manager. Of course, this method is actually in the parent class AuthenticationManagerBuilder.
In fact, the ProviderManager is returned, which can be regarded as a proxy object of AuthenticationManager, in which several implementations of AuthenticationManager are stored.
By default, Spring Security will create an instance of AuthenticationManager for us to verify according to the user name and password, collect Bean of AuthenticationProvider type in the ApplicationContext, and add them to ProviderManager (a subclass of AuthenticationManager) for use when necessary.
- Previous article:Is mobile cmcc a wifi network?
- Next article:How to write a thank-you letter in English?
- Related articles
- How to open SMS for the traffic of Gansu Unicom? The brand is Wo 3G.
- What should I do if I forget the user password and certificate password of the tax-controlled invoicing software for VAT invoices?
- Why can't I send my mobile phone information as long as I send a chat message after my Apple phone has a chat?
- Is it true that netizens chat to register Alibaba Cloud account?
- SMS, go to hell.
- How to find dealers and agents?
- My friend is depressed and often asks me to commit suicide. What should I do?
- Wu sent a message to his uncle.
- Feicheng traffic violation inquiry
- What are the comparative advantages of mass SMS, mass SMS advertising and print media? Who knows?