{"id":1427,"date":"2023-03-20T21:54:23","date_gmt":"2023-03-20T13:54:23","guid":{"rendered":"https:\/\/www.appblog.cn\/?p=1427"},"modified":"2023-04-28T21:03:18","modified_gmt":"2023-04-28T13:03:18","slug":"analysis-of-authenticationmanager-providermanager-and-authenticationprovider-user-authentication-source-for-spring-security","status":"publish","type":"post","link":"https:\/\/www.appblog.cn\/index.php\/2023\/03\/20\/analysis-of-authenticationmanager-providermanager-and-authenticationprovider-user-authentication-source-for-spring-security\/","title":{"rendered":"Spring Security\u4e4bAuthenticationManager\u3001ProviderManager\u3001AuthenticationProvider\u7528\u6237\u8ba4\u8bc1\u6e90\u7801\u5206\u6790"},"content":{"rendered":"

AuthenticationManager\u7c7b\u6e90\u7801\u89e3\u6790<\/h2>\n
public interface AuthenticationManager {\n    Authentication authenticate(Authentication authentication)\n            throws AuthenticationException;\n}<\/code><\/pre>\n
<\/p>\n
AuthenticationManager<\/code>\u662f\u4e00\u4e2a\u9876\u7ea7\u63a5\u53e3\uff0c\u7528\u6765\u5904\u7406\u8eab\u4efd\u9a8c\u8bc1\u8bf7\u6c42\uff0c\u5e76\u8fd4\u56de\u4e00\u4e2aAuthentication<\/code>\u5bf9\u8c61\uff0c\u5982\u679c\u53d1\u751f\u5f02\u5e38\u5c06\u4f1a\u629b\u51faAuthenticationException<\/p>\n
AuthenticationManager<\/code>\u7684\u5b9e\u73b0\u6709\u5f88\u591a\uff0c\u901a\u5e38\u4f7f\u7528ProviderManager<\/code>\u5bf9\u8ba4\u8bc1\u8bf7\u6c42\u94fe\u8fdb\u884c\u7ba1\u7406<\/p>\n
ProviderManager<\/code>\u4e3b\u8981\u662f\u5bf9AuthenticationProvider<\/code>\u94fe\u8fdb\u9879\u7ba1\u7406\uff0c\u770b\u4e0b\u6ce8\u89e3\u63cf\u8ff0\uff1a<\/p>\n
 * <tt>AuthenticationProvider<\/tt>s are usually tried in order until one provides a\n * non-null response. A non-null response indicates the provider had authority to decide\n * on the authentication request and no further providers are tried. If a subsequent\n * provider successfully authenticates the request, the earlier authentication exception\n * is disregarded and the successful authentication will be used. If no subsequent\n * provider provides a non-null response, or a new <code>AuthenticationException<\/code>,\n * the last <code>AuthenticationException<\/code> received will be used. If no provider\n * returns a non-null response, or indicates it can even process an\n * <code>Authentication<\/code>, the <code>ProviderManager<\/code> will throw a\n * <code>ProviderNotFoundException<\/code>. A parent {@code AuthenticationManager} can also\n * be set, and this will also be tried if none of the configured providers can perform the\n * authentication. This is intended to support namespace configuration options though and\n * is not a feature that should normally be required.<\/code><\/pre>\n
\n
AuthenticationProvider<\/code>\u901a\u5e38\u6309\u7167\u8ba4\u8bc1\u8bf7\u6c42\u94fe\u987a\u5e8f\u53bb\u6267\u884c\uff0c\u4e00\u4e2a\u8fd4\u56de\u975enull\u54cd\u5e94\u8868\u793a\u7a0b\u5e8f\u9a8c\u8bc1\u901a\u8fc7\uff0c\u4e0d\u518d\u5c1d\u8bd5\u9a8c\u8bc1\u5176\u5b83\u7684provider\u3002\u5982\u679c\u540e\u7eed\u63d0\u4f9b\u7684\u8eab\u4efd\u9a8c\u8bc1\u7a0b\u5e8f\u6210\u529f\u5730\u5bf9\u8bf7\u6c42\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\uff0c\u5219\u5ffd\u7565\u5148\u524d\u7684\u8eab\u4efd\u9a8c\u8bc1\u5f02\u5e38\u53canull\u54cd\u5e94\uff0c\u5e76\u5c06\u4f7f\u7528\u6210\u529f\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002\u5982\u679c\u6ca1\u6709provider\u63d0\u4f9b\u4e00\u4e2a\u975enull\u54cd\u5e94\uff0c\u6216\u8005\u6709\u4e00\u4e2a\u65b0\u7684\u629b\u51faAuthenticationException\uff0c\u90a3\u4e48\u6700\u540e\u7684AuthenticationException\u5c06\u4f1a\u629b\u51fa\u3002<\/p>\n<\/blockquote>\n
ProviderManager\u7c7b\u6e90\u7801\u89e3\u6790<\/h2>\n
ProviderManager<\/code>\u4e2d\u6709\u4e00\u4e2aList\u7528\u6765\u5b58\u50a8\u5b9a\u4e49\u7684AuthenticationProvider<\/code>\u8ba4\u8bc1\u5b9e\u73b0\u7c7b\uff0c\u4e5f\u53ef\u4ee5\u8ba4\u4e3a\u662f\u4e00\u4e2a\u8ba4\u8bc1\u5904\u7406\u5668\u94fe\u6765\u652f\u6301\u540c\u4e00\u4e2a\u5e94\u7528\u4e2d\u7684\u591a\u4e2a\u4e0d\u540c\u8eab\u4efd\u8ba4\u8bc1\u673a\u5236\uff0cProviderManager\u5c06\u4f1a\u6839\u636e\u987a\u5e8f\u6765\u8fdb\u884c\u9a8c\u8bc1<\/p>\n
private List<AuthenticationProvider> providers = Collections.emptyList();<\/code><\/pre>\n
ProviderManager\u7c7b\u7ee7\u627fAuthenticationManager\u63a5\u53e3\uff0c\u5b9e\u73b0\u4e86authenticate\u65b9\u6cd5<\/p>\n
public Authentication authenticate(Authentication authentication)\n        throws AuthenticationException {\n    Class<? extends Authentication> toTest = authentication.getClass();\n    AuthenticationException lastException = null;\n    AuthenticationException parentException = null;\n    Authentication result = null;\n    Authentication parentResult = null;\n    boolean debug = logger.isDebugEnabled();\n   \/\/\u83b7\u53d6AuthenticationProvider\u5bf9\u8c61\uff0c\u5faa\u73af\u904d\u5386\n    for (AuthenticationProvider provider : getProviders()) {\n        \/\/\u5982\u679c\u652f\u6301\u8ba4\u8bc1\u5b9e\u73b0\u7c7b\u5c31\u7ee7\u7eed\u5904\u7406\n        if (!provider.supports(toTest)) {\n            continue;\n        }\n\n        if (debug) {\n            logger.debug("Authentication attempt using "\n                    + provider.getClass().getName());\n        }\n\n        try {\n            \/\/\u91cd\u70b9\uff0c\u8c03\u7528\u5b9e\u73b0\u7c7b\u7684authenticate\u65b9\u6cd5\u8fdb\u884c\u771f\u5b9e\u4e1a\u52a1\u903b\u8f91\u8ba4\u8bc1\u5904\u7406\n            result = provider.authenticate(authentication);\n\n            if (result != null) {\n                copyDetails(authentication, result);\n                break;\n            }\n        }\n        catch (AccountStatusException e) {\n            prepareException(e, authentication);\n            \/\/ SEC-546: Avoid polling additional providers if auth failure is due to\n            \/\/ invalid account status\n            throw e;\n        }\n        catch (InternalAuthenticationServiceException e) {\n            prepareException(e, authentication);\n            throw e;\n        }\n        catch (AuthenticationException e) {\n            lastException = e;\n        }\n    }\n\n    if (result == null && parent != null) {\n        \/\/ Allow the parent to try.\n        try {\n            result = parentResult = parent.authenticate(authentication);\n        }\n        catch (ProviderNotFoundException e) {\n            \/\/ ignore as we will throw below if no other exception occurred prior to\n            \/\/ calling parent and the parent\n            \/\/ may throw ProviderNotFound even though a provider in the child already\n            \/\/ handled the request\n        }\n        catch (AuthenticationException e) {\n            lastException = parentException = e;\n        }\n    }\n\n    if (result != null) {\n        if (eraseCredentialsAfterAuthentication\n                && (result instanceof CredentialsContainer)) {\n            \/\/ Authentication is complete. Remove credentials and other secret data\n            \/\/ from authentication\n            ((CredentialsContainer) result).eraseCredentials();\n        }\n\n        \/\/ If the parent AuthenticationManager was attempted and successful than it will publish an AuthenticationSuccessEvent\n        \/\/ This check prevents a duplicate AuthenticationSuccessEvent if the parent AuthenticationManager already published it\n        if (parentResult == null) {\n            \/\/\u53d1\u9001\u8ba4\u8bc1\u6210\u529f\u4e8b\u4ef6\n            eventPublisher.publishAuthenticationSuccess(result);\n        }\n        return result;\n    }\n\n    \/\/ Parent was null, or didn't authenticate (or throw an exception).\n\n    if (lastException == null) {\n        lastException = new ProviderNotFoundException(messages.getMessage(\n                "ProviderManager.providerNotFound",\n                new Object[] { toTest.getName() },\n                "No AuthenticationProvider found for {0}"));\n    }\n\n    \/\/ If the parent AuthenticationManager was attempted and failed than it will publish an AbstractAuthenticationFailureEvent\n    \/\/ This check prevents a duplicate AbstractAuthenticationFailureEvent if the parent AuthenticationManager already published it\n    if (parentException == null) {\n        prepareException(lastException, authentication);\n    }\n\n    throw lastException;\n}<\/code><\/pre>\n
AuthenticationProvider\u7c7b\u6e90\u7801\u89e3\u6790<\/h2>\n
AuthenticationProvider<\/code>\u662f\u4e00\u4e2a\u9876\u7ea7\u7684\u63a5\u53e3\uff0c\u91cc\u9762\u53ea\u63d0\u4f9b\u4e86\u4e24\u4e2a\u65b9\u6cd5<\/p>\n
public interface AuthenticationProvider {\n    Authentication authenticate(Authentication authentication) throws AuthenticationException;\n    boolean supports(Class<?> authentication);\n}<\/code><\/pre>\n
\n
AuthenticationProvider<\/code>\u63a5\u53e3\u548cAuthenticationManager<\/code>\u63a5\u53e3\u5f88\u76f8\u4f3c\uff0c\u53ea\u591a\u4e86\u4e00\u4e2asupports\u65b9\u6cd5\uff0c\u5b83\u662f\u7528\u6765\u9a8c\u8bc1\u662f\u5426\u652f\u6301\u67d0\u79cd\u8eab\u4efd\u9a8c\u8bc1\u65b9\u5f0f\uff1b\u8be5\u63a5\u53e3\u901a\u5e38\u662f\u63d0\u4f9b\u7ed9\u5f00\u53d1\u4eba\u5458\u5b9e\u73b0\uff0c\u6309\u7167\u81ea\u5df1\u7cfb\u7edf\u7684\u7279\u70b9\u6765\u8fdb\u884c\u6269\u5c55\u9a8c\u8bc1<\/p>\n<\/blockquote>\n
\u5230\u8fd9\u91cc\u53ef\u80fd\u4f1a\u6709\u4e00\u4e2a\u7591\u95ee\uff0cAuthenticationProvider<\/code>\u5bf9\u8c61\u662f\u5982\u4f55\u52a0\u5165\u8fdbAuthenticationProviders<\/code>\u8bf7\u6c42\u8ba4\u8bc1\u94fe\u7684\uff0c\u4e0a\u8ff0\u7684authenticate<\/code>\u65b9\u6cd5\u4e2dgetProviders()<\/code>\u83b7\u53d6\u5230\u7684providers<\/code>\u662f\u901a\u8fc7\u6784\u9020\u51fd\u6570\u6765\u8fdb\u884c\u8d4b\u503c\u7684\uff1a<\/p>\n
public ProviderManager(List<AuthenticationProvider> providers,\n        AuthenticationManager parent) {\n    Assert.notNull(providers, "providers list cannot be null");\n    this.providers = providers;\n    this.parent = parent;\n    checkState();\n}<\/code><\/pre>\n
\u6784\u9020\u51fd\u6570\u53c8\u662f\u54ea\u91cc\u8c03\u7528\u5462\uff1f\u795e\u79d8\u9762\u7eb1\u9a6c\u4e0a\u63ed\u6653\uff0cWebSecurityConfigurerAdapter<\/code>\u9002\u914d\u5668\u7c7b\u4e2d\u6709\u4e00\u4e2aconfigure<\/code>\u65b9\u6cd5<\/p>\n
@Override\nprotected void configure(AuthenticationManagerBuilder auth) throws Exception {\n    \/\/ \u52a0\u5165\u81ea\u5b9a\u4e49\u7684\u5b89\u5168\u8ba4\u8bc1\n    auth.userDetailsService(this.authUserDetailsService)\n            .passwordEncoder(this.passwordEncoder())\n         .and()\n            .authenticationProvider(smsAuthenticationProvider())\n            .authenticationProvider(authenticationProvider());\n}<\/code><\/pre>\n
\u53ef\u4ee5\u901a\u8fc7AuthenticationManagerBuilder<\/code>\u5bf9\u8c61\u7684authenticationProvider<\/code>\u65b9\u6cd5\u6dfb\u52a0AuthenticationProvider<\/code>\u8ba4\u8bc1\u5bf9\u8c61\uff0c\u770b\u4e0bauthenticationProvider<\/code>\u65b9\u6cd5\uff1a<\/p>\n
private List<AuthenticationProvider> authenticationProviders = new ArrayList<>();\n\npublic AuthenticationManagerBuilder authenticationProvider(\n        AuthenticationProvider authenticationProvider) {\n    this.authenticationProviders.add(authenticationProvider);\n    return this;\n}<\/code><\/pre>\n
\u4e0a\u9762\u7684\u662f\u5c06AuthenticationProvider<\/code>\u5bf9\u8c61\u52a0\u5165\u8ba4\u8bc1\u94fe\u4e2d\uff0c\u4e0b\u9762\u7684\u4ee3\u7801\u5c31\u662f\u521b\u5efaProviderManager<\/code>\u5bf9\u8c61\u5e76\u521d\u59cb\u5316\u8ba4\u8bc1\u8fde\uff1a<\/p>\n
@Override\nprotected ProviderManager performBuild() throws Exception {\n    if (!isConfigured()) {\n        logger.debug("No authenticationProviders and no parentAuthenticationManager defined. Returning null.");\n        return null;\n    }\n    \/\/\u521b\u5efaProviderManager\u5bf9\u8c61\uff0c\u5e76\u521d\u59cb\u5316\u8bf7\u6c42\u8ba4\u8bc1\u94fe\n    ProviderManager providerManager = new ProviderManager(authenticationProviders,\n            parentAuthenticationManager);\n    if (eraseCredentials != null) {\n        providerManager.setEraseCredentialsAfterAuthentication(eraseCredentials);\n    }\n    if (eventPublisher != null) {\n        providerManager.setAuthenticationEventPublisher(eventPublisher);\n    }\n    providerManager = postProcess(providerManager);\n    return providerManager;\n}<\/code><\/pre>\n
AuthenticationManagerBuilder<\/code>\u7c7b\u5b9e\u73b0\u4e86ProviderManagerBuilder<\/code>\u63a5\u53e3\uff0c\u63a5\u53e3\u5982\u4e0b\uff1a<\/p>\n
public interface ProviderManagerBuilder<B extends ProviderManagerBuilder<B>> extends\n        SecurityBuilder<AuthenticationManager> {\n\n    \/**\n     * Add authentication based upon the custom {@link AuthenticationProvider} that is\n     * passed in. Since the {@link AuthenticationProvider} implementation is unknown, all\n     * customizations must be done externally and the {@link ProviderManagerBuilder} is\n     * returned immediately.\n     *\n     * Note that an Exception is thrown if an error occurs when adding the {@link AuthenticationProvider}.\n     *\n     * @return a {@link ProviderManagerBuilder} to allow further authentication to be\n     * provided to the {@link ProviderManagerBuilder}\n     *\/\n    B authenticationProvider(AuthenticationProvider authenticationProvider);\n}<\/code><\/pre>\n
ProviderManagerBuilder<\/code>\u63a5\u53e3\u4e2d\u5b9a\u4e49\u4e86\u4e00\u4e2a\u65b9\u6cd5authenticationProvider<\/code>\uff0c\u8fd9\u4e2a\u65b9\u6cd5\u5c31\u662f\u5c31\u662f\u7528\u6765\u65b0\u589e\u81ea\u5b9a\u4e49\u5b9e\u73b0\u7684AuthenticationProvider<\/code><\/p>\n
\u5230\u8fd9\u91cc\u7528\u6237\u8ba4\u8bc1\u4ece\u914d\u7f6e\u5230AuthenticationManager<\/code>\u3001ProviderManager<\/code>\u3001AuthenticationPrivoder<\/code>\u6e90\u7801\u4e00\u6b65\u4e00\u6b65\u7684\u5206\u6790\u5b8c\u4e86\uff0c\u5e0c\u671b\u5bf9\u5b66\u4e60Spring Security\u6709\u6240\u5e2e\u52a9\u3002<\/p>\n
\u672c\u6587\u8f6c\u8f7d\u53c2\u8003 \u539f\u6587<\/a> \u5e76\u52a0\u4ee5\u8c03\u8bd5<\/p>\n","protected":false},"excerpt":{"rendered":"
AuthenticationManager\u7c7b\u6e90\u7801\u89e3\u6790 public interface Authenticat […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[354],"tags":[353],"class_list":["post-1427","post","type-post","status-publish","format-standard","hentry","category-spring-security","tag-oauth2"],"_links":{"self":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1427"}],"version-history":[{"count":0,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1427\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}