5 Implementing authentication
This chapter covers
- Implementing the authentication logic using a custom AuthenticationProvider
- Using the HTTP Basic authentication method and Form Login authentication method
- Understanding and managing the SecurityContext
In chapters 3 and 4, we covered a few of the components acting in the authentication flow. We discussed the UserDetails and how to define the prototype to describe a user in Spring Security. We then used the UserDetails in examples where you learned how the UserDetailsService and UserDetailsManager contracts work and how you can implement them. We discussed and used, in examples, the leading implementations of these interfaces as well. Finally, you learned how a PasswordEncoder manages the passwords and how to use one, as well as the Spring Security Crypto Module, with its encryptors and key generators.
However, the AuthenticationProvider layer is the one responsible for the logic of authentication. The AuthenticationProvider is the place where you find the conditions and instructions that decide whether to authenticate a request. The component that delegates this responsibility to the AuthenticationProvider is the AuthenticationManager, which receives the request from the HTTP filter layer. We’ll discuss the filters layer in detail in chapter 9. The authentication process has only two possible results: