Acegi(十二):anonymousProcessingFilter有什么好玩的? - 编程入门网
onymousAuthenticationProvider"保护"着"逃过 "check.
一个猜想: 这里的key跟上面anonymousProcessingFilter的key得一致, 不然在"投票"时, 没这个"暗号""自己人"也互相不认识了.想验证这个猜想, 看了下文档,发现这样的话: "The key is shared between the filter and authentication provider, so that tokens created by the former are accepted by the latter".自己的猜想不错! 有了上面的配置分析, 运行机理稍看下源码就可以明白了, 这里也就不用再另写了. ----------------------------------------- 看文档时发现这么段话, 觉得很有必要记下来,虽说现在还没有切身体验:Rounding out the anonymous authentication discussion is the AuthenticationTrustResolver interface, with its corresponding AuthenticationTrustResolverImpl implementation. This interface provides an isAnonymous(Authentication) method, which allows interested classes to take into account this special type of authentication status. The ExceptionTranslationFilter uses this interface in processing AccessDeniedExceptions. If an AccessDeniedException is thrown, and the authentication is of an anonymous type, instead of throwing a 403 (forbidden) response, the filter will instead commence the AuthenticationEntryPoint so the principal can authenticate properly. This is a necessary distinction, otherwise principals would always be deemed "authenticated" and never be given an opportunity to login via form, basic, digest or some other normal authentication mechanism. |
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |