This chapter covers
- Implementing authentication logic using a custom AuthenticationProvider
- Using the HTTP Basic and form-based login authentication methods
- Understanding and managing the Security-Context component
Chapters 3 and 4 covered a few of the components acting in the authentication flow. We discussed UserDetails and how to define the prototype to describe a user in Spring Security. Next, we used UserDetails in examples that showed how the UserDetailsService and UserDetailsManager contracts work and how to implement them. We discussed and used the leading implementations of these interfaces in examples as well. Finally, you learned how a PasswordEncoder manages passwords and how to use one, as well as the Spring Security crypto module (SSCM) with its encryptors and key generators.
The AuthenticationProvider layer, however, is responsible for the logic of authentication. The AuthenticationProvider is where you find the conditions and instructions that decide whether to authenticate a request. The component that delegates this responsibility to the AuthenticationProvider is the AuthenticationManager, which receives the request from the HTTP filter layer, and it was discussed in chapter 5. In this chapter, we’ll look at the authentication process, which has only two possible results: