Spring Security UsernamePasswordAuthenticationToken在調用超類方法之前拋出異常

Question

為什么在發生異常后會調用超類方法？ 如果發生異常，則調用堆棧將返回給調用者，而不是執行超類方法？

public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
        if (isAuthenticated) {
            throw new IllegalArgumentException(
                    "Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
        }

        super.setAuthenticated(false);
    }

https://github.com/spring-projects/spring-security/blob/master/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java

Answer 1

UsernamePasswordAuthenticationToken類中的setAuthenticated（boolean isAuthenticated）方法是AbstractAuthenticationToken類的重寫方法。

在此類中設置私有認證屬性的唯一方法是通過其super.setAuthenticated（boolean authenticated）方法。

setAuthenticated方法的此重寫行為確保只能通過其構造函數之一將其設置為true：

public UsernamePasswordAuthenticationToken(Object principal, Object credentials,
            Collection<? extends GrantedAuthority> authorities) {
        super(authorities);
        this.principal = principal;
        this.credentials = credentials;
        super.setAuthenticated(true); // must use super, as we override
}

並且不允許將authenticated屬性顯式設置為true。

關於超類方法的調用，有一個使用此函數的構造函數：

public UsernamePasswordAuthenticationToken(Object principal, Object credentials) {
        super(null);
        this.principal = principal;
        this.credentials = credentials;
        setAuthenticated(false);
}