Spring源代码解析9：Spring Acegi框架鉴权的实现.docVIP

简单分析一下Spring Acegi的源代码实现： Servlet.Filter的实现AuthenticationProcessingFilter启动Web页面的验证过程 - 在AbstractProcessingFilter定义了整个验证过程的模板： 代码 public?void?doFilter(ServletRequest?request,?ServletResponse?response,?FilterChain?chain) ?? ????throws?IOException,?ServletException?{ ?? ????//这里检验是不是符合ServletRequest/SevletResponse的要求 ?? ????if?(!(request?instanceof?HttpServletRequest))?{ ?? ????????throw?new?ServletException(Can?only?process?HttpServletRequest); ?? ????} ?? ?? ????if?(!(response?instanceof?HttpServletResponse))?{ ?? ????????throw?new?ServletException(Can?only?process?HttpServletResponse); ?? ????} ?? ?? ????HttpServletRequest?httpRequest?=?(HttpServletRequest)?request; ?? ????HttpServletResponse?httpResponse?=?(HttpServletResponse)?response; ?? ????//根据HttpServletRequest和HttpServletResponse来进行验证 ?? ????if?(requiresAuthentication(httpRequest,?httpResponse))?{ ?? ????????if?(logger.isDebugEnabled())?{ ?? ????????????logger.debug(Request?is?to?process?authentication); ?? ????????} ?? ????????//这里定义Acegi中的Authentication对象来持有相关的用户验证信息 ?? ????????Authentication?authResult; ?? ?? ????????try?{ ?? ????????????onPreAuthentication(httpRequest,?httpResponse); ?? ????????????//这里的具体验证过程委托给子类完成，比如AuthenticationProcessingFilter来完成基于Web页面的用户验证 ?? ????????????authResult?=?attemptAuthentication(httpRequest); ?? ????????}?catch?(AuthenticationException?failed)?{ ?? ????????????//?Authentication?failed ?? ????????????unsuccessfulAuthentication(httpRequest,?httpResponse,?failed); ?? ?? ????????????return; ?? ????????} ?? ?? ????????//?Authentication?success ?? ????????if?(continueChainBeforeSuccessfulAuthentication)?{ ?? ????????????chain.doFilter(request,?response); ?? ????????} ?? ????????//完成验证后的后续工作，比如跳转到相应的页面 ?? ????????successfulAuthentication(httpRequest,?httpResponse,?authResult); ?? ?? ????????return; ?? ????} ?? ?? ????chain.doFilter(request,?response); ?? } ?? 在AuthenticationProcessingFilter中的具体验证过程是这样的： 代码 public?Authentication?attemptAuthentication(HttpServletRequest?req