AbstractAuthenticator抽象类源码解析

GoodQt 2016-11-03

AbstractAuthenticator抽象类实现了Authenticator,LogoutAware这两个接口,先对其分析如下:

1.Authenticator接口

该接口的解析见Authenticator接口源码解析(其实里面只有一个方法,完成的是token的认证)

2.LogoutAware接口

该接口的解析见LogoutAware接口源码解析(其实里面只有一个方法,完成的是subject的退出)

3.AbstractAuthenticator抽象类

3.1.数据数据

private Collection<AuthenticationListener> listeners;//认证监听器

3.2.构造方法(创建认证监听器列表)

public AbstractAuthenticator() {
        listeners = new ArrayList<AuthenticationListener>();
}

3.3.设置认证监听器列表

public void setAuthenticationListeners(Collection<AuthenticationListener> listeners) {
        if (listeners == null) {
            this.listeners = new ArrayList<AuthenticationListener>();
        } else {
            this.listeners = listeners;
        }
}

3.4.获取认证监听器列表

public Collection<AuthenticationListener> getAuthenticationListeners() {
        return this.listeners;
}

3.5.通知所有的认证监听器,当前token和info认证成功

 protected void notifySuccess(AuthenticationToken token, AuthenticationInfo info) {
        for (AuthenticationListener listener : this.listeners) {
            listener.onSuccess(token, info);
        }
    }

3.6.通知所有的认证监听器,当前token认证失败

 protected void notifyFailure(AuthenticationToken token, AuthenticationException ae) {
        for (AuthenticationListener listener : this.listeners) {
            listener.onFailure(token, ae);
        }
    }

3.7.通知所有的认证监听器,当前token退出

protected void notifyLogout(PrincipalCollection principals) {
        for (AuthenticationListener listener : this.listeners) {
            listener.onLogout(principals);
        }
    }

3.8.当前token退出(继承自接口LogoutAware接口)

public void onLogout(PrincipalCollection principals) {
        notifyLogout(principals);

 }

3.9.完成token的认证(如果token为空,抛出异常;如果不为空,根据token获取AuthenticationInfo信息,如果info为空,抛出异常;如果在获取AuthenticationInfo信息时报错,则抛出异常,并通知所有的认证监听器,当前认证失败;如果获取AuthenticationInfo信息,则通知所有的认证监听器,当前认证成功)

public final AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {

        if (token == null) {
            throw new IllegalArgumentException("Method argumet (authentication token) cannot be null.");
        }

        log.trace("Authentication attempt received for token [{}]", token);

        AuthenticationInfo info;
        try {
            info = doAuthenticate(token);
            if (info == null) {
                String msg = "No account information found for authentication token [" + token + "] by this " +
                        "Authenticator instance.  Please check that it is configured correctly.";
                throw new AuthenticationException(msg);
            }
        } catch (Throwable t) {
            AuthenticationException ae = null;
            if (t instanceof AuthenticationException) {
                ae = (AuthenticationException) t;
            }
            if (ae == null) {
                //Exception thrown was not an expected AuthenticationException.  Therefore it is probably a little more
                //severe or unexpected.  So, wrap in an AuthenticationException, log to warn, and propagate:
                String msg = "Authentication failed for token submission [" + token + "].  Possible unexpected " +
                        "error? (Typical or expected login exceptions should extend from AuthenticationException).";
                ae = new AuthenticationException(msg, t);
            }
            try {
                notifyFailure(token, ae);
            } catch (Throwable t2) {
                if (log.isWarnEnabled()) {
                    String msg = "Unable to send notification for failed authentication attempt - listener error?.  " +
                            "Please check your AuthenticationListener implementation(s).  Logging sending exception " +
                            "and propagating original AuthenticationException instead...";
                    log.warn(msg, t2);
                }
            }


            throw ae;
        }

        log.debug("Authentication successful for token [{}].  Returned account [{}]", token, info);

        notifySuccess(token, info);

        return info;
    }

3.10.根据token获取AuthenticationInfo信息

protected abstract AuthenticationInfo doAuthenticate(AuthenticationToken token)
            throws AuthenticationException;

相关推荐

80374192 / 0评论 2017-02-06
Mr丶Yang / 0评论 2016-11-04