javajohn

金色年华

acegi源码学习之用户登录篇

acegi 源码学习之用户登录篇

一、查看 applicationContext-acegi-security.xml 配置文件,涉及到登录的配置为:

 1

< bean id = "authenticationProcessingFilter" class = "org.javajohn.test.plugins.security.UserAuthenticationProcessingFilter" >

        < property name = "authenticationManager" ref = "authenticationManager" />

        < property name = "authenticationFailureUrl" >

            < value > /login.jsp?login_error=1 </ value >

        </ property >

        < property name = "defaultTargetUrl" >

            < value > /index.jsp </ value >

        </ property >

        < property name = "filterProcessesUrl" >

            < value > /j_acegi_security_check </ value >

        </ property >

        < property name = "userManager" ref = "userManager" />

        < property name = "rememberMeServices" ref = "rememberMeServices" />

        < property name = "exceptionMappings" >

            < value >

                org.acegisecurity.AuthenticationException=/login.jsp?login_error=user_psw_error

                org.acegisecurity.concurrent.ConcurrentLoginException=/login.jsp?login_error=too_many_user_error

             </ value >

        </ property >

</ bean >

 

 

2 < bean id = "authenticationManager"

       class = "org.acegisecurity.providers.ProviderManager" >

       < property name = "providers" >

           < list >

              < ref local = "daoAuthenticationProvider" />

              < bean class = "org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider" >

                  < property name = "key" value = "javajohnKey" />

              </ bean >

              < bean class = "org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider" >

                  < property name = "key" value = "javajohnKey" />

              </ bean >

           </ list >

       </ property >   

    </ bean >

 

3

< bean id = "daoAuthenticationProvider" class = "org.acegisecurity.providers.dao.DaoAuthenticationProvider" >

       < property name = "userDetailsService" ref = "jdbcDaoImpl" />

       < property name = "userCache" >

           < bean class = "org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache" >

              < property name = "cache" >

                  < bean class = "org.springframework.cache.ehcache.EhCacheFactoryBean" >

                     < property name = "cacheManager" >

                         < bean class = "org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />

                     </ property >

                     < property name = "cacheName" value = "userCache" />

                  </ bean >

              </ property >

           </ bean >

       </ property >

       < property name = "passwordEncoder" ref = "passwordEncoder" />

    </ bean >

 

 

4 < bean id = "jdbcDaoImpl"

          class = "org.acegisecurity.userdetails.jdbc.JdbcDaoImpl" >

        < property name = "dataSource" ref = "dataSource" />

        < property name = "usersByUsernameQuery" >

            < value >

                select loginid,passwd,1 from users where status='1' and loginid = ?

            </ value >

        </ property >

        < property name = "authoritiesByUsernameQuery" >

            < value >

                select u.loginid,p.name from

                users u,roles r,permissions p,user_role ur,role_permis rp

                where

                u.id=ur.user_id and

                r.id=ur.role_id and

                p.id=rp.permis_id and

                r.id=rp.role_id and

                p.status='1' and u.loginid=?

            </ value >

        </ property >

</ bean >

 

 

二、程序流程:

1 .登录的时候执行的过滤为 authenticationProcessingFilter ,查看其实现为 org.bookStore.test.plugins.security.UserAuthenticationProcessingFilter ,该类继承自 org.acegisecurity.ui.webapp.AuthenticationProcessingFilter ,又继承自 org.acegisecurity.ui.AbstractProcessingFilter ,这时候看到了 doFilter() 该方法取了 web 层传过来的 request response ,然后对登录路径执行了判断等操作,接下来执行至 authResult = attemptAuthentication(httpRequest);

2 .从类继承关系上找到该方法的实现来自 AuthenticationProcessingFilter ,执行的逻辑为先取出 web 层传过来的用户名和密码接着将得到的信息包装为 UsernamePasswordAuthenticationToken

public UsernamePasswordAuthenticationToken(Object principal, Object credentials) {

    super ( null );

    this . principal = principal;    

    this . credentials = credentials;

    setAuthenticated( false );

}

3 .接下来执行了 setDetails(request, authRequest); request 实例赋给 authRequest 的属性。

4 .调用 authenticationManager authenticate(authRequest) 方法。

5 .程序转至 authenticationManager 内执行。该类继承自 org.acegisecurity. AbstractAuthenticationManager ,执行方法 authenticate(authRequest)

public final Authentication authenticate(Authentication authRequest)

    throws AuthenticationException {

    try {

        Authentication authResult = doAuthentication(authRequest);

        copyDetails(authRequest, authResult);

 

        return authResult;

    } catch (AuthenticationException e) {

        e.setAuthentication(authRequest);

        throw e;

    }

}

doAuthentication(authRequest) 来自 ProviderManager 该方法执行了其 providers 中的方法 authenticate(Authentication authentication)

6 .此方法中调用了 retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication) 该方法内按 web 层用户输入的用户名和密码从数据库内比较是否有该用户,如果有则将其 user 表内对应的信息包装为 UserDetail( 接口 , 实际为 User 的实例 ) List 对象,并将该用户相应的权限包装为 GrantedAuthorityImpl 对象的 List 集合对象。至此程序返回至( 3. )继续执行

7 .继续执行 org.acegisecurity.ui.AbstractProcessingFilter successfulAuthentication(

HttpServletRequest request,

HttpServletResponse response,

Authentication authResult){

    ......

SecurityContextHolder.getContext().setAuthentication(authResult);// 将包装好的 UsernamePasswordAuthenticationToken 对象保存至系统上下文

......

}

8 .登录执行完毕。

posted on 2006-12-06 17:33 javajohn 阅读(1856) 评论(3)  编辑  收藏 所属分类: 其他类

Feedback

# re: acegi源码学习之用户登录篇 2006-12-07 14:51

最近在学习这个东西
老兄多分析一下 跟进学习  回复  更多评论   

# re: acegi源码学习之用户登录篇 2007-02-06 16:07 mircle_wang

正在 学习中 请问 它对数据库的建表有什么特别的限制吗?
权限

  回复  更多评论   

# re: acegi源码学习之用户登录篇 2009-03-10 11:07 陈一

这个不错~ 我刚好在找这个! 在这谢过!  回复  更多评论   



只有注册用户登录后才能发表评论。


网站导航:
 

My Links

Blog Stats

常用链接

留言簿(7)

随笔分类(36)

随笔档案(39)

classmate

good blog

企业管理网站

好友

站点收藏

搜索

最新评论

阅读排行榜

评论排行榜