Spring源代码解析(十):Spring Acegi框架授权的实现 - 编程入门网
作者 佚名技术
来源 NET编程
浏览
发布时间 2012-06-17
| ation } if (logger.isDebugEnabled()) { logger.debug("Secure object: " + object.toString() + "; ConfigAttributes: " + attr.toString()); } //这里从SecurityContextHolder中去取Authentication对象,一般在登录时 会放到SecurityContextHolder中去 if (SecurityContextHolder.getContext().getAuthentication() == null) { credentialsNotFound(messages.getMessage ("AbstractSecurityInterceptor.authenticationNotFound", "An Authentication object was not found in the SecurityContext"), object, attr); } // 如果前面没有处理鉴权,这里需要对鉴权进行处理 Authentication authenticated; if (!SecurityContextHolder.getContext().getAuthentication ().isAuthenticated() || alwaysReauthenticate) { try {//调用配置好的AuthenticationManager处理鉴权,如果鉴权不成 功,抛出异常结束处理 authenticated = this.authenticationManager.authenticate (SecurityContextHolder.getContext() .getAuthentication()); } catch (AuthenticationException authenticationException) { throw authenticationException; } // We don''t authenticated.setAuthentication(true), because each provider should do that if (logger.isDebugEnabled()) { logger.debug("Successfully Authenticated: " + authenticated.toString()); } //这里把鉴权成功后得到的Authentication保存到 SecurityContextHolder中供下次使用 SecurityContextHolder.getContext().setAuthentication (authenticated); } else {//这里处理前面已经通过鉴权的请求,先从SecurityContextHolder 中去取得Authentication authenticated = SecurityContextHolder.getContext ().getAuthentication(); if (logger.isDebugEnabled()) { logger.debug("Previously Authenticated: " + authenticated.toString()); } } // 这是处理授权的过程 try { //调用配置好的AccessDecisionManager来进行授权 this.accessDecisionManager.decide(authenticated, object, attr); } catch (AccessDeniedException accessDeniedException) { //授权不成功向外发布事件 AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attr, authenticated, accessDeniedException); publishEvent(event); throw accessDeniedException; } if (logger.isDebugEnabled()) { logger.debug("Authorization successful"); } AuthorizedEvent event = new AuthorizedEvent(object, attr, authenticated); publishEvent(event); // 这里构建一个RunAsManager来替代当前的Authentication对象,默认情况 下使用的是NullRunAsManager会把SecurityContextHolder中的Authentication对象清空 |
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |
你可能对下面的文章感兴趣
关于Spring源代码解析(十):Spring Acegi框架授权的实现 - 编程入门网的所有评论
