Spring Book – Chapter 15 – Web Application Security with Spring

Authentication

Authentication as defined in earlier section checks whether the user is who he/she claims to be. Spring Security verifies username (principal) along with supplied password (credentials) to establish this. There are quite a large variety of ways by which you can authenticate the user into your application. Thankfully, Spring Security also has support for almost all the variety of authentication methodologies available in the industry by having appropriate authentication managers capable of handling these authentication models. Figure 15-8 below shows the various authentication managers available in Spring Security and their appropriate linkages to the framework.

Figure 15-8. Authentication managers in Spring Security

Figure 15-8. Authentication managers in Spring Security

Spring Security uses a default authentication DB schema as shown in Figure 15-9 below using which authentication details can be fully offloaded to the database.

Figure 15-9. Spring Security DB authentication schema

Figure 15-9. Spring Security DB authentication schema

The core interfaces in Spring Security authentication can be summarized as below:

  • AuthenticationManager – interface responsible for processing the authentication requests. Listing 15-1 below shows this interface definition.

Listing 15-1. AuthenticationManager interface in Spring Security

  • AuthenticationProvider – interface which actually performs the authentication process. Listing 15-2 below shows this interface definition.

Listing 15-2. AuthenticationProvider interface in Spring Security

  • UserDetailsService – service interface which is responsible for returning the UserDetails object. Listing 15-3 below shows this interface definition.

Listing 15-3. UserDetailsService interface in Spring Security

  • UserDetails – interface which gives the complete details about the user. Listing 15-4 below shows this interface definition.

Listing 15-4. UserDetails interface in Spring Security

Page Visitors: 1246

The following two tabs change content below.

Tomcy John

Blogger & Author at javacodebook
He is an Enterprise Java Specialist holding a degree in Engineering (B-Tech) with over 10 years of experience in several industries. He's currently the Senior Technical Engineer at Emirates Group IT since 2005. Prior to this he has worked with Oracle Corporation and Ernst & Young. His main specialization is on various web technologies and acts as chief mentor and Principal Architect to facilitate incorporating Spring as Corporate Standard in the organization.

Latest posts by Tomcy John (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">