Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

对于登录方面有一些疑问 #32

Open
TestLove opened this issue Feb 14, 2021 · 3 comments
Open

对于登录方面有一些疑问 #32

TestLove opened this issue Feb 14, 2021 · 3 comments
Labels
question Further information is requested

Comments

@TestLove
Copy link

TestLove commented Feb 14, 2021
edited

我看您的代码,第一次登录时是在controller层对于密码和用户名进行检查.但是在SpringSecurity中似乎是通过过滤器去验证UsernamePasswordToken成功之后才到达controller层执行之后的请求.这样的话SpringSecurity的作用似乎就体现不出来了
@carryxiong
Copy link

过滤器UsernamePasswordFilter最后还是走到了那个继承了UserDetailService中loadByUsername方法中,去查数据库,你一步步跟进去可以看到。

@TestLove
Copy link
Author

过滤器UsernamePasswordFilter最后还是走到了那个继承了UserDetailService中loadByUsername方法中,去查数据库,你一步步跟进去可以看到。

image
或许我表述的不太清楚,的确最后都调用了loadByUsername方法,可我的意思是进入认证的入口不应该是在Filter(图中绿色)中吗?但demo中却是在请求已经被分发到了相应的controller层方法(图中最右)后才开始进行认证

@carryxiong
Copy link

过滤器UsernamePasswordFilter最后还是走到了那个继承了UserDetailService中loadByUsername方法中,去查数据库,你一步步跟进去可以看到。

image
或许我表述的不太清楚,的确最后都调用了loadByUsername方法,可我的意思是进入认证的入口不应该是在Filter(图中绿色)中吗?但demo中却是在请求已经被分发到了相应的controller层方法(图中最右)后才开始进行认证

但是默认实现查数据那部分代码应该也是业务代码了吧,loadByUsername应该是在业务类里面。你还是进入到里面了。
这些拦截器我记得只要有一个可以拦截就可以了,你自己可以实现怎么去拦截,就算你一个拦截器都没过,也会有个默认的匿名拦截器,去拦截,然后处理token,最后都是会那个usernamepasswordtoken上。

@Snailclimb Snailclimb added the question Further information is requested label Feb 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@carryxiong @Snailclimb @TestLove