认证功能中的术语
背景
看过spring security相关组件包源码的小伙伴应该都与我一样,不管是因为语言差异还是别的原因吧,会对认证中的术语弄得一头雾水,找不着北。
下面通过对spring源码中的Authentication接口分析
public interface Authentication extends Principal, Serializable
以及接口中的方法
image.png
输理一下相关的概念及设计思想。
术语
Authentication
中文直接翻译意思如下:
身份验证; 认证;鉴定;
源码注释如下:
Represents the token for an authentication request or for an authenticated principal once the request has been processed by the AuthenticationManager.authenticate(Authentication)method.
Once the request has been authenticated, the Authentication will usually be stored in a thread-local SecurityContext managed by the SecurityContextHolder by the authentication mechanism which is being used. An explicit authentication can be achieved, without using one of Spring Security's authentication mechanisms, by creating an Authentication instance and using the code:
SecurityContextHolder.getContext().setAuthentication(anAuthentication);
Note that unless the Authentication has the authenticated property set to true, it will still be authenticated by any security interceptor (for method or web invocations) which encounters it.
In most cases, the framework transparently takes care of managing the security context and authentication objects for you.
- 个人理解:
对系统认证相关信息的一个概念抽象。
Principal
大学校长; 学院院长; 本金; 资本; 主要演员; 主角;
The identity of the principal being authenticated. In the case of an authentication request with username and password, this would be the username. Callers are expected to populate the principal for an authentication request.
The AuthenticationManager implementation will often return an Authentication containing richer information as the principal for use by the application. Many of the authentication providers will create a UserDetails object as the principal.
- 个人理解
对认证对象的概念抽象,我比较喜欢叫他认证主体
Credential
资格; 资历; 资格证书; 证明书; 证件;
The credentials that prove the principal is correct. This is usually a password, but could be anything relevant to the AuthenticationManager. Callers are expected to populate the credentials.
- 个人理解
对主体认证的附加信息,也就是需要一些信息证明主体就是本体,不是被冒充的。我比较喜欢叫他认证证件或身份凭证。
Authenticate
证明…是真实的; 证实;
- 个人理解
根据主体和证件信息,鉴定主体是该本体的抽象行为。
Authorities
权力; 威权; 当权(地位); 权; 职权; 批准; 授权;
Set by an AuthenticationManager to indicate the authorities that the principal has been granted. Note that classes should not rely on this value as being valid unless it has been set by a trusted AuthenticationManager.
Implementations should ensure that modifications to the returned collection array do not affect the state of the Authentication object, or use an unmodifiable instance.
- 个人理解
认证主体的权限信息。
