[Spring Security 5.2.0] 8.1.3 Authentication

8.1.3 Authentication

Spring Security can participate in many different authentication environments. While we recommend people use Spring Security for authentication and not integrate with existing Container Managed Authentication, it is nevertheless supported - as is integrating with your own proprietary authentication system.

Spring Security可以参与许多不同的身份验证环境。虽然我们建议人们使用Spring Security进行身份验证，而不是与现有的容器管理身份验证集成，但是它仍然受到支持——就像与您自己的专有身份验证系统集成一样。

What is authentication in Spring Security?

Let’s consider a standard authentication scenario that everyone is familiar with.

1, A user is prompted to log in with a username and password.

2, The system (successfully) verifies that the password is correct for the username.

3, The context information for that user is obtained (their list of roles and so on).

4, A security context is established for the user

5, The user proceeds, potentially to perform some operation which is potentially protected by an access control mechanism which checks the required permissions for the operation against the current security context information.

让我们考虑一个每个人都熟悉的标准身份验证场景。

1, 提示用户使用用户名和密码登录。

2, 系统(成功)验证用户名的密码是否正确。

3, 获取该用户的上下文信息(角色列表等)。

4, 为用户建立一个安全上下文

5, 用户继续执行某些操作，这些操作可能受到访问控制机制的保护，该机制根据当前安全上下文信息检查操作所需的权限。

The first three items constitute the authentication process so we’ll take a look at how these take place within Spring Security.

1, The username and password are obtained and combined into an instance of UsernamePasswordAuthenticationToken (an instance of the Authentication interface, which we saw earlier).

2, The token is passed to an instance of AuthenticationManager for validation.

3, The AuthenticationManager returns a fully populated Authentication instance on successful authentication.

4, The security context is established by calling SecurityContextHolder.getContext().setAuthentication(…​), passing in the returned authentication object.

前三项构成了身份验证过程，因此我们将了解这些在Spring Security中是如何发生的。

1, 用户名和密码被获取并组合到UsernamePasswordAuthenticationToken的实例中(Authenticationinterface的实例，我们在前面看到过)。

2, 令牌传递给AuthenticationManager的一个实例进行验证。

3, AuthenticationManager在身份验证成功时返回一个完整填充的身份验证实例。

4, 安全上下文是通过调用securitycontext.getcontext().setauthentication(…)，传入返回的身份验证对象来建立的。

From that point on, the user is considered to be authenticated. Let’s look at some code as an example.

从那时起，用户被认为是经过身份验证的。让我们以一些代码为例。

import org.springframework.security.authentication.*;
import org.springframework.security.core.*;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;

public class AuthenticationExample {
private static AuthenticationManager am = new SampleAuthenticationManager();

public static void main(String[] args) throws Exception {
    BufferedReader in = new BufferedReader(new InputStreamReader(System.in));

    while(true) {
    System.out.println("Please enter your username:");
    String name = in.readLine();
    System.out.println("Please enter your password:");
    String password = in.readLine();
    try {
        Authentication request = new UsernamePasswordAuthenticationToken(name, password);
        Authentication result = am.authenticate(request);
        SecurityContextHolder.getContext().setAuthentication(result);
        break;
    } catch(AuthenticationException e) {
        System.out.println("Authentication failed: " + e.getMessage());
    }
    }
    System.out.println("Successfully authenticated. Security context contains: " +
            SecurityContextHolder.getContext().getAuthentication());
}
}

class SampleAuthenticationManager implements AuthenticationManager {
static final List<GrantedAuthority> AUTHORITIES = new ArrayList<GrantedAuthority>();

static {
    AUTHORITIES.add(new SimpleGrantedAuthority("ROLE_USER"));
}

public Authentication authenticate(Authentication auth) throws AuthenticationException {
    if (auth.getName().equals(auth.getCredentials())) {
    return new UsernamePasswordAuthenticationToken(auth.getName(),
        auth.getCredentials(), AUTHORITIES);
    }
    throw new BadCredentialsException("Bad Credentials");
}
}