In chapters 3 and 4, we covered a few of the components acting in the authentication flow. We discussed UserDetails
and how to define the prototype to describe a user in Spring Security. We then used UserDetails
in examples where you learned how the UserDetailsService
and UserDetailsManager
contracts work and how you can implement these. We discussed and used the leading implementations of these interfaces in examples as well. Finally, you learned how a PasswordEncoder
manages the passwords and how to use one, as well as the Spring Security crypto module (SSCM) with its encryptors and key generators.
The AuthenticationProvider
layer, however, is the one responsible for the logic of authentication. The AuthenticationProvider
is where you find the conditions and instructions that decide whether to authenticate a request or not. The component that delegates this responsibility to the AuthenticationProvider
is the AuthenticationManager
, which receives the request from the HTTP filter layer. We’ll discuss the filters layer in detail in chapter 9. In this chapter, let’s look at the authentication process, which has only two possible results: