27 Ekim 2020 Salı

SpringSecurity UsernamePasswordAuthenticationFilter Sınıfı

Giriş
Açıklaması şöyle
This filter is used to authenticate a user using a username and password.
Şeklen şöyle. POST isteğinin içindeki "user name" ve "password" alanlarını alır. Bir tane UsernamePasswordAuthenticationToken nesnesi yaratır ve bunu AuthenticationManager nesnesine geçerek kullanıcıyı doğrular


Açıklaması şöyle
From the API documentation: “Processes an authentication form submission.”

See also Chapter 10 of the Spring Security Reference for a detailed description of the Spring Security authentication process.

The UsernamePasswordAuthenticationFilter triggers the authentication, if necessary and possible. It reads username and password from a login form request, wraps them into a UsernamePasswordAuthenticationToken and calls the configured AuthenticationManager to perform the authentication.

In the default configuration, the AuthenticationManager is a ProviderManager which holds a list of AuthenticationProviders to which it delegates the authentication request. In our sample project we use a very basic InMemoryAuthenticationProvider which knows only one static user. In a real world project we would instead use a database or LDAP provider (from the Spring Security LDAP module).

After a successful login the configured AuthenticationSuccessHandler is called. Usually, this handler decides about where to forward the user to after the successful login. In the default configuration a SavedRequestAwareAuthenticationSuccessHandler is used. It loads and replays the original request (which was cached before by the ExceptionTranslationFilter, see next section) to show the page to the user which he/she originally requested.

Hiç yorum yok:

Yorum Gönder