Mr丶Yang 2016-11-04
AtLeastOneSuccessfulStrategy类用来实现至少有一个认证通过的策略,它继承了AbstractAuthenticationStrategy抽象类,先对其解析如下:
1.AbstractAuthenticationStrategy抽象类
此抽象类可以参照AbstractAuthenticationStrategy抽象类源码解析,主要实现了beforeAllAttempts(所有realm认证之前进行的操作),beforeAttempt(某一个realm认证之前进行的操作),afterAttempt(某一个realm认证之后进行的操作),merge(之前认证的认证信息与当前realm认证之后获取的认证信息的合并),afterAllAttempts(所有的realm认证完成之后的操作)。
2.AtLeastOneSuccessfulStrategy类
2.1.所有的认证通过后的操作(如果所有的认证通过后返回的认证信息为空,或者认证信息的身份信息为空,则抛出异常;否则返回认证通过后返回的认证信息,此方法覆盖了AbstractAuthenticationStrategy的方法)
public AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException {
//we know if one or more were able to succesfully authenticate if the aggregated account object does not
//contain null or empty data:
if (aggregate == null || CollectionUtils.isEmpty(aggregate.getPrincipals())) {
throw new AuthenticationException("Authentication token of type [" + token.getClass() + "] " +
"could not be authenticated by any configured realms. Please ensure that at least one realm can " +
"authenticate these tokens.");
}
return aggregate;
}