AbstractAuthenticationProcessingFilter
package com.lee.security.springsecurity;
import com.mysql.jdbc.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* 认证过滤器
*
*/
public class MyAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
public MyAuthenticationProcessingFilter() {
super(new AntPathRequestMatcher("/login", "POST"));
}
public static final Logger logger = Logger.getLogger(MyAuthenticationProcessingFilter.class);
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException {
MyAuthenticationToken authRequest = null;
//获取客户端传过来的 用户信息 可以是用户名密码 可以是加密字符串
String rrtn = request.getParameter("rrtn");
//如果为NULL或者空直接抛出异常
if(StringUtils.isNullOrEmpty(rrtn)){
throw new AuthenticationServiceException("缺失参数!");
}
authRequest=new MyAuthenticationToken(rrtn);
//将拿到的用户信息进行填装
setDetails(request,authRequest);
logger.info("AuthenticationProcessingFilter:AuthenticationToken:"+authRequest);
return this.getAuthenticationManager().authenticate(authRequest);
}
protected void setDetails(HttpServletRequest request, MyAuthenticationToken authRequest) {
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
}
}
网友评论