ContextManager.java 文件源码

public void refreshContext(boolean ssoMode, String entityId) {
    LOG.info("Context refresh process started. SSO mode: {}", ssoMode);
    CONTEXT_REFRESH_IN_PROCESS = true;
    //for sso
    if(ssoMode) {
        // do not change order of context refreshes
        // we need to refresh root context otherwise springSecurityFilterChain will not be updated
        // https://jira.spring.io/browse/SPR-6228
        XmlWebApplicationContext rootContext = (XmlWebApplicationContext) applicationContext.getParent();
        rootContext.setConfigLocations("/WEB-INF/spring-security-saml.xml");
        // add property entityId to root context, it will be used as psw for jks
        rootContext.getEnvironment().getPropertySources().addLast((new RefreshRootContextPropertySource(entityId)));
        rootContext.refresh();

        // refresh application context
        applicationContext.setConfigLocations("/WEB-INF/spring-web-config.xml");
        applicationContext.refresh();

        // set userService property to userDetails bean, so we could manage users roles within ssoLogin mode
        applicationContext.getBean(SamlUserDetails.class).setUserService(applicationContext.getBean(UserService.class));
        applicationContext.getBean(SAMLAuthenticationProviderImpl.class).setConfigurationMediator(applicationContext.getBean(ConfigurationMediator.class));
        applicationContext.getBean(SAMLAuthenticationProviderImpl.class).setUserService(applicationContext.getBean(UserService.class));
    }
    // for local authentication
    else {
        applicationContext.setConfigLocations("/WEB-INF/spring-web-config.xml", "/WEB-INF/spring-security-dynamoDB.xml");
        applicationContext.refresh();
        // clearing init auth providers
        ((ProviderManager)applicationContext.getBean("authenticationManager")).getProviders().clear();

        // adding main auth provider
        ((ProviderManager)applicationContext.getBean("authenticationManager")).getProviders()
                .add((AuthenticationProvider) applicationContext.getBean("authProvider"));
    }

    LOG.info("Context refreshed successfully.");
    SecurityContextHolder.clearContext();
    CONTEXT_REFRESH_IN_PROCESS = false;
}