免费视频淫片aa毛片_日韩高清在线亚洲专区vr_日韩大片免费观看视频播放_亚洲欧美国产精品完整版

一、查看applicationContext-acegi-security.xml配置文件，涉及到登錄的配置為：

 1．

<bean id="authenticationProcessingFilter"class="org.javajohn.test.plugins.security.UserAuthenticationProcessingFilter">

        <property name="authenticationManager" ref="authenticationManager"/>

        <property name="authenticationFailureUrl">

            <value>/login.jsp?login_error=1</value>

        </property>

        <property name="defaultTargetUrl">

            <value>/index.jsp</value>

        </property>

        <property name="filterProcessesUrl">

            <value>/j_acegi_security_check</value>

        </property>

        <property name="userManager" ref="userManager"/>

        <property name="rememberMeServices" ref="rememberMeServices"/>

        <property name="exceptionMappings">

            <value>

                org.acegisecurity.AuthenticationException=/login.jsp?login_error=user_psw_error

                org.acegisecurity.concurrent.ConcurrentLoginException=/login.jsp?login_error=too_many_user_error

            </value>

        </property>

</bean>

2．<bean id="authenticationManager"

       class="org.acegisecurity.providers.ProviderManager">

       <property name="providers">

           <list>

              <ref local="daoAuthenticationProvider" />

              <beanclass="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">

                  <property name="key" value="javajohnKey"/>

              </bean>

              <beanclass="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">

                  <property name="key" value="javajohnKey"/>

              </bean>

           </list>

       </property>  

    </bean>

3．

<bean id="daoAuthenticationProvider"class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">

       <property name="userDetailsService" ref="jdbcDaoImpl"/>

       <property name="userCache">

           <beanclass="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">

              <property name="cache">

                  <beanclass="org.springframework.cache.ehcache.EhCacheFactoryBean">

                     <property name="cacheManager">

                         <beanclass="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />

                     </property>

                     <property name="cacheName" value="userCache"/>

                  </bean>

              </property>

           </bean>

       </property>

       <property name="passwordEncoder" ref="passwordEncoder"/>

    </bean>

4．<bean id="jdbcDaoImpl"

          class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">

        <property name="dataSource" ref="dataSource"/>

        <property name="usersByUsernameQuery">

            <value>

                select loginid,passwd,1 from users where status=‘1‘ and loginid = ?

            </value>

        </property>

        <property name="authoritiesByUsernameQuery">

            <value>

                select u.loginid,p.name from

                users u,roles r,permissions p,user_role ur,role_permis rp

                where

                u.id=ur.user_id and

                r.id=ur.role_id and

                p.id=rp.permis_id and

                r.id=rp.role_id and

                p.status=‘1‘ and u.loginid=?

            </value>

        </property>

</bean>

二、程序流程：

1．登錄的時(shí)候執(zhí)行的過(guò)濾為authenticationProcessingFilter，查看其實(shí)現(xiàn)為org.bookStore.test.plugins.security.UserAuthenticationProcessingFilter，該類(lèi)繼承自org.acegisecurity.ui.webapp.AuthenticationProcessingFilter，又繼承自org.acegisecurity.ui.AbstractProcessingFilter，這時(shí)候看到了doFilter()該方法取了web層傳過(guò)來(lái)的request和response，然后對(duì)登錄路徑執(zhí)行了判斷等操作，接下來(lái)執(zhí)行至authResult = attemptAuthentication(httpRequest);

2．從類(lèi)繼承關(guān)系上找到該方法的實(shí)現(xiàn)來(lái)自AuthenticationProcessingFilter，執(zhí)行的邏輯為先取出web層傳過(guò)來(lái)的用戶(hù)名和密碼接著將得到的信息包裝為UsernamePasswordAuthenticationToken：

public UsernamePasswordAuthenticationToken(Object principal, Object credentials) {

    super(null);

    this.principal = principal;    

    this.credentials = credentials;

    setAuthenticated(false);

}

3．接下來(lái)執(zhí)行了setDetails(request, authRequest);將request實(shí)例賦給authRequest的屬性。

4．調(diào)用authenticationManager的authenticate(authRequest)方法。

5．程序轉(zhuǎn)至authenticationManager內(nèi)執(zhí)行。該類(lèi)繼承自org.acegisecurity. AbstractAuthenticationManager，執(zhí)行方法authenticate(authRequest)：

public final Authentication authenticate(Authentication authRequest)

    throws AuthenticationException {

    try {

        Authentication authResult = doAuthentication(authRequest);

        copyDetails(authRequest, authResult);

        return authResult;

    } catch (AuthenticationException e) {

        e.setAuthentication(authRequest);

        throw e;

    }

}

doAuthentication(authRequest)來(lái)自ProviderManager該方法執(zhí)行了其providers中的方法authenticate(Authentication authentication)

6．此方法中調(diào)用了retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication)該方法內(nèi)按web層用戶(hù)輸入的用戶(hù)名和密碼從數(shù)據(jù)庫(kù)內(nèi)比較是否有該用戶(hù)，如果有則將其user表內(nèi)對(duì)應(yīng)的信息包裝為UserDetail(接口,實(shí)際為User的實(shí)例)的List對(duì)象，并將該用戶(hù)相應(yīng)的權(quán)限包裝為GrantedAuthorityImpl對(duì)象的List集合對(duì)象。至此程序返回至（3.）繼續(xù)執(zhí)行

7．繼續(xù)執(zhí)行org.acegisecurity.ui.AbstractProcessingFilter的successfulAuthentication(

HttpServletRequest request,

HttpServletResponse response,

Authentication authResult){

    ......

SecurityContextHolder.getContext().setAuthentication(authResult);//將包裝好的UsernamePasswordAuthenticationToken對(duì)象保存至系統(tǒng)上下文

......

}

8．登錄執(zhí)行完畢。