[英]Spring Security: AnonymousAuthenticationToken vs UsernamePasswordAuthenticationToken
[英]Spring Security UsernamePasswordAuthenticationToken throws Exception before invoking super class method
為什么在發生異常后會調用超類方法? 如果發生異常,則調用堆棧將返回給調用者,而不是執行超類方法?
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
if (isAuthenticated) {
throw new IllegalArgumentException(
"Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
}
super.setAuthenticated(false);
}
UsernamePasswordAuthenticationToken類中的setAuthenticated(boolean isAuthenticated)方法是AbstractAuthenticationToken類的重寫方法。
在此類中設置私有認證屬性的唯一方法是通過其super.setAuthenticated(boolean authenticated)方法。
setAuthenticated方法的此重寫行為確保只能通過其構造函數之一將其設置為true:
public UsernamePasswordAuthenticationToken(Object principal, Object credentials,
Collection<? extends GrantedAuthority> authorities) {
super(authorities);
this.principal = principal;
this.credentials = credentials;
super.setAuthenticated(true); // must use super, as we override
}
並且不允許將authenticated屬性顯式設置為true。
關於超類方法的調用,有一個使用此函數的構造函數:
public UsernamePasswordAuthenticationToken(Object principal, Object credentials) {
super(null);
this.principal = principal;
this.credentials = credentials;
setAuthenticated(false);
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.