Spring相关之SpringSecurity使用(六)

AbstractAuthenticationProcessingFilter

package com.lee.security.springsecurity;

import com.mysql.jdbc.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 认证过滤器
 *
 */
public class MyAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {

    public MyAuthenticationProcessingFilter() {
        super(new AntPathRequestMatcher("/login", "POST"));
    }

    public static final Logger logger = Logger.getLogger(MyAuthenticationProcessingFilter.class);

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
            throws AuthenticationException {
        MyAuthenticationToken authRequest = null;
        //获取客户端传过来的 用户信息 可以是用户名密码 可以是加密字符串
        String rrtn = request.getParameter("rrtn");
        //如果为NULL或者空直接抛出异常
        if(StringUtils.isNullOrEmpty(rrtn)){
            throw new AuthenticationServiceException("缺失参数!");
        }
        authRequest=new MyAuthenticationToken(rrtn);
        //将拿到的用户信息进行填装
        setDetails(request,authRequest);
        logger.info("AuthenticationProcessingFilter:AuthenticationToken:"+authRequest);
        return this.getAuthenticationManager().authenticate(authRequest);
    }

    protected void setDetails(HttpServletRequest request, MyAuthenticationToken authRequest) {
        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
    }

}

你可能感兴趣的