1. The authentication fails or the authentication fails

1.1 Literal Description

Unauthenticated means that user information is not provided; An authentication failure means that the user information is provided but fails to pass the authentication.

1.2 Flags in code

Unauthenticated means two things in SpringSecurity:

  1. The first is to throw AuthenticationException
  2. The second throws an AccessDeniedException and the user is a low security user (anonymous user or remember-me user)

Authentication failed in SpringSecurity

  1. Throw AuthenticationException

Looks the same as uncertified, doesn’t it? The reason is that the code AbstractAuthenticationProcessingFilter. Login authentication is a known request that does not require authentication, so when handled in this class, there are two branches.

If authentication is required, various filters will be called during the processing process. The goal is to retrieve various information from the request to complete authentication. Finally, if the user's information is not available, the user will be asked to log in. If there is no login required (remember this is Spring Security, whose working context is authentication), then it takes the username and password (why just take it? Because I am a spring security, here is the AbstractAuthenticationProcessingFilter, is the complete certification) certification. All of these are introduced by the function attemptAuthentication (). It causes getAuthenticationManager().authenticate to participate. > this is why we want to implement your own authentication method, need to write such a ` ` auth. AuthenticationProvider (new MyAuthenticationProvider ()) ` ` reason: is the provider introduce himself inCopy the code

Unauthenticated results will eventually be invoked to our sendStartAuthentication method (the most common unauthenticated search on the web) and finally to commerce () method of AuthenticationEntryPoint.

That’s why a lot of posts say “Reload AuthenticationEntryPoint for custom unlogged processing

The default processor is unauthorized LoginUrlAuthenticationEntryPoint. Java, Chou Chou will know that the code is very simple, is to send a login url redirection. We customize, often is to add header what, url can be configured anyway.

Authentication failure will be transferred to the failureHandler. OnAuthenticationFailure () this method, which is why we need to configure failureHandler.