Rob Winch
6 years ago
1 changed files with 40 additions and 0 deletions
@ -0,0 +1,40 @@
@@ -0,0 +1,40 @@
|
||||
= AbstractAuthenticationProcessingFilter |
||||
:figures: images/servlet/authentication/architecture |
||||
:icondir: images/icons |
||||
|
||||
{security-api-url}org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.html[`AbstractAuthenticationProcessingFilter`] is used as a base `Filter` for authenticating a user's credentials. |
||||
Before the credentials can be authenticated, Spring Security typically requests the credentials using <<servlet-authentication-authenticationentrypoint,`AuthenticationEntryPoint`>>. |
||||
|
||||
Next, the `AbstractAuthenticationProcessingFilter` can authenticate any authentication requests that are submitted to it. |
||||
|
||||
image::{figures}/abstractauthenticationprocessingfilter.png[] |
||||
|
||||
image:{icondir}/number_1.png[] When the user submits their credentials, the `AbstractAuthenticationProcessingFilter` creates an <<servlet-authentication>> from the `HttpServletRequest` to be authenticated. |
||||
The type of `Authentication` created depends on the subclass of `AbstractAuthenticationProcessingFilter`. |
||||
For example, `UsernamePasswordAuthenticationFilter` creates a `UsernamePasswordAuthenticationToken` from a __username__ and __password__ that are submitted in the `HttpServletRequest`. |
||||
// FIXME: link UsernamePasswordAuthenticationFilter |
||||
|
||||
image:{icondir}/number_2.png[] Next, the `Authentication` is passed into the `AuthenticationManager` to be authenticated. |
||||
// FIXME: link to AuthenticationManager |
||||
|
||||
image:{icondir}/number_3.png[] If authentication fails, then __Failure__ |
||||
|
||||
* The <<servlet-authentication-securitycontextholder>> is cleared out. |
||||
* `RememberMeServices.loginFail` is invoked. |
||||
If remember me is not configured, this is a no-op. |
||||
// FIXME: link to rememberme |
||||
* `AuthenticationFailureHandler` is invoked. |
||||
// FIXME: link to AuthenticationFailureHandler |
||||
|
||||
image:{icondir}/number_4.png[] If authentication is successful, then __Success__. |
||||
|
||||
* `SessionAuthenticationStrategy` is notified of a new log in. |
||||
// FIXME: Add link to SessionAuthenticationStrategy |
||||
* The <<servlet-authentication-authentication>> is set on the <<servlet-authentication-securitycontextholder>>. |
||||
Later the `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession`. |
||||
// FIXME: link securitycontextpersistencefilter |
||||
* `RememberMeServices.loginSuccess` is invoked. |
||||
If remember me is not configured, this is a no-op. |
||||
// FIXME: link to rememberme |
||||
* `ApplicationEventPublisher` publishes an `InteractiveAuthenticationSuccessEvent`. |
||||
|
||||
Loading…
Reference in new issue