Authentication 절차

1. FilterChainProxy

• filterchain.doFilter()를 통해 Filter 실행.

@Override
		public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
			if (this.currentPosition == this.size) {
				if (logger.isDebugEnabled()) {
					logger.debug(LogMessage.of(() -> "Secured " + requestLine(this.firewalledRequest)));
				}
				// Deactivate path stripping as we exit the security filter chain
				this.firewalledRequest.reset();
				this.originalChain.doFilter(request, response);
				return;
			}
			this.currentPosition++;
			Filter nextFilter = this.additionalFilters.get(this.currentPosition - 1);
			if (logger.isTraceEnabled()) {
				logger.trace(LogMessage.format("Invoking %s (%d/%d)", nextFilter.getClass().getSimpleName(),
						this.currentPosition, this.size));
			}
			nextFilter.doFilter(request, response, this);
		}

	}

• 리스트로 필터 저장해서 currentPosition 변수로 index를 저장해놓고 다음 필터를 실행시킨다.

2. 특정 Filter

• AbstractAuthenticationProcessingFilter의 일부

public abstract class AbstractAuthenticationProcessingFilter extends GenericFilterBean
		implements ApplicationEventPublisherAware, MessageSourceAware {
        
        ...
	public abstract Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
			throws AuthenticationException, IOException, ServletException;
}

• attemptAuthentication 에서 ProviderManager를 호출하게 된다.
  UsernamePasswordAuthenticationFilter 구현체 참고.

3. ProviderManager(Authentication Provider의 구현체)

public class ProviderManager implements AuthenticationManager, MessageSourceAware, InitializingBean {

...

	private List<AuthenticationProvider> providers = Collections.emptyList();
    
    @Override
	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
		...

		for (AuthenticationProvider provider : getProviders()) {
			...
			}
			try {
				result = provider.authenticate(authentication);
				if (result != null) {
					copyDetails(authentication, result);
					break;
				}
			}
			catch (AccountStatusException | InternalAuthenticationServiceException ex) {
				...
			}
			catch (AuthenticationException ex) {
				...
			}
		}
    

• ProviderManager는 AuthenticationProvider를 List로 여러개 가질 수 있고, 각각의 AuthenticaitonProvider의 authenticate method를 사용해 인증을 실시한다.

4. AuthenticationProvider

• Each AuthenticationProvider performs a specific type of authentication.
• 각각의 인증방식에 따라 구현한다.

참고

• Top architecture
• Authentication