4 Implementing authentication
This chapter covers
- Implementing the authentication logic using a custom AuthenticationProvider
- Using the HTTP Basic authentication method and Form Login authentication method
- Understanding and managing the SecurityContext
- Putting in action everything you have learned until now about the authentication with Spring Security with an example
In chapter 3, we have covered a few of the components acting in the authentication flow. We have discussed the UserDetails and how to define the prototype to describe a user for Spring Security. We have then used the UserDetails in examples where you have learned how the UserDetailsService and UserDetailsManager contracts work and how could they be implemented. We have discussed and used, in examples, the leading implementations of these interfaces as well. Finally, we have learned how a PasswordEncoder manages the passwords and how to use one, as well as the Spring Security Crypto Module, with its encryptors and key generators.
However, the AuthenticationProvider level is the one to do the logic for authentication. The AuthenticationProvider is the place where you will find the conditions and instructions that decide to authenticate or not a request. The component that delegates this responsibility to the AuthenticationProvider is the AuthenticationManager, which receives the request from the HTTP filter itself. The authentication process can only have two possible results: