AtLeastOneSuccessfulStrategy类

AtLeastOneSuccessfulStrategy类用来实现至少有一个认证通过的策略,它继承了AbstractAuthenticationStrategy抽象类,先对其解析如下:

1.AbstractAuthenticationStrategy抽象类

此抽象类可以参照AbstractAuthenticationStrategy抽象类源码解析,主要实现了beforeAllAttempts(所有realm认证之前进行的操作),beforeAttempt(某一个realm认证之前进行的操作),afterAttempt(某一个realm认证之后进行的操作),merge(之前认证的认证信息与当前realm认证之后获取的认证信息的合并),afterAllAttempts(所有的realm认证完成之后的操作)。

2.AtLeastOneSuccessfulStrategy类

2.1.所有的认证通过后的操作(如果所有的认证通过后返回的认证信息为空,或者认证信息的身份信息为空,则抛出异常;否则返回认证通过后返回的认证信息,此方法覆盖了AbstractAuthenticationStrategy的方法)

public AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException {
        //we know if one or more were able to succesfully authenticate if the aggregated account object does not
        //contain null or empty data:
        if (aggregate == null || CollectionUtils.isEmpty(aggregate.getPrincipals())) {
            throw new AuthenticationException("Authentication token of type [" + token.getClass() + "] " +
                    "could not be authenticated by any configured realms.  Please ensure that at least one realm can " +
                    "authenticate these tokens.");
        }

        return aggregate;
    }

相关推荐