spring-security/docs/modules/ROOT/pages/servlet/authentication/index.adoc

[[servlet-authentication]]
= Authentication

Spring Security provides comprehensive support for xref:features/authentication/index.adoc#authentication[Authentication].
We start by discussing the overall xref:servlet/authentication/architecture.adoc[Servlet Authentication Architecture].
As you might expect, this section is more abstract describing the architecture without much discussion on how it applies to concrete flows.

If you prefer, you can refer to <<servlet-authentication-mechanisms,Authentication Mechanisms>> for concrete ways in which users can authenticate.
These sections focus on specific ways you may want to authenticate and point back at the architecture sections to describe how the specific flows work.

[[servlet-authentication-mechanisms]]
== Authentication Mechanisms

// FIXME: brief description

* xref:servlet/authentication/passwords/index.adoc#servlet-authentication-unpwd[Username and Password] - how to authenticate with a username/password
* xref:servlet/oauth2/login/index.adoc#oauth2login[OAuth 2.0 Login] - OAuth 2.0 Log In with OpenID Connect and non-standard OAuth 2.0 Login (i.e. GitHub)
* xref:servlet/saml2/index.adoc#servlet-saml2[SAML 2.0 Login] - SAML 2.0 Log In
* xref:servlet/authentication/cas.adoc#servlet-cas[Central Authentication Server (CAS)] - Central Authentication Server (CAS) Support
* xref:servlet/authentication/rememberme.adoc#servlet-rememberme[Remember Me] - how to remember a user past session expiration
* xref:servlet/authentication/jaas.adoc#servlet-jaas[JAAS Authentication] - authenticate with JAAS
* xref:servlet/authentication/preauth.adoc#servlet-preauth[Pre-Authentication Scenarios] - authenticate with an external mechanism such as https://www.siteminder.com/[SiteMinder] or Java EE security but still use Spring Security for authorization and protection against common exploits.
* xref:servlet/authentication/x509.adoc#servlet-x509[X509 Authentication] - X509 Authentication
Start Servlet Authentication Cleanup Issue gh-7628 2019-12-06 11:39:55 -05:00			`[[servlet-authentication]]`
Restructure Docs Issue gh-5935 2019-09-22 02:56:30 -04:00			`= Authentication`

overview/ -> ../ 2021-08-10 16:21:42 -04:00			`Spring Security provides comprehensive support for xref:features/authentication/index.adoc#authentication[Authentication].`
Updated reference to architecture page In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page 2022-09-01 07:55:35 -04:00			`We start by discussing the overall xref:servlet/authentication/architecture.adoc[Servlet Authentication Architecture].`
Remove includes 2021-07-29 18:12:34 -04:00			`As you might expect, this section is more abstract describing the architecture without much discussion on how it applies to concrete flows.`
Restructure Docs Issue gh-5935 2019-09-22 02:56:30 -04:00
Remove includes 2021-07-29 18:12:34 -04:00			`If you prefer, you can refer to <<servlet-authentication-mechanisms,Authentication Mechanisms>> for concrete ways in which users can authenticate.`
			`These sections focus on specific ways you may want to authenticate and point back at the architecture sections to describe how the specific flows work.`
Polish Authentication Docs Structure 2020-02-21 12:33:36 -05:00
Add ProviderManager to Reference Closes gh-8029 2020-02-24 16:13:41 -05:00			`[[servlet-authentication-mechanisms]]`
Remove includes 2021-07-29 18:12:34 -04:00			`== Authentication Mechanisms`
Polish Authentication Docs Structure 2020-02-21 12:33:36 -05:00
Add ProviderManager to Reference Closes gh-8029 2020-02-24 16:13:41 -05:00			`// FIXME: brief description`

unpwd->passwords folder 2021-08-25 14:31:00 -04:00			`* xref:servlet/authentication/passwords/index.adoc#servlet-authentication-unpwd[Username and Password] - how to authenticate with a username/password`
Separate OAuth 2.0 Login Servlet Docs Issue gh-10367 2021-11-04 13:55:53 -04:00			`* xref:servlet/oauth2/login/index.adoc#oauth2login[OAuth 2.0 Login] - OAuth 2.0 Log In with OpenID Connect and non-standard OAuth 2.0 Login (i.e. GitHub)`
mkdir -p build/ids find -name ".adoc" \| xargs -I{file} awk -v file={file} '/\[\[/ { gsub("\[\|\]", ""); id=$0; gsub("./docs/modules/ROOT/pages/", "", file); gsub("\[\|\]", ""); id=$0;getline;text=$0; sub("^=+ ","", text); print file > "build/ids/"id".id"; print text > "build/ids/"id".text" }' {file} find docs/modules -name ".adoc"\|while read adoc_file_to_replace; do echo "Replacing $adoc_file_to_replace" for id_file in build/ids/*.id; do id=$(basename $id_file \| sed 's/\.id$//') xref_page=$(cat $id_file) if [[ "$adoc_file_to_replace" -ef "./docs/modules/ROOT/pages/$xref_page" ]] then echo " - Skipping same page refid $id " else sed -i -E "s%<<$id(\|,([^,>]+))>>%xref:${xref_page}#${id}[\2]%g" $adoc_file_to_replace fi done done 2021-07-30 17:56:54 -04:00			`* xref:servlet/saml2/index.adoc#servlet-saml2[SAML 2.0 Login] - SAML 2.0 Log In`
Revert "Remove CAS module" This reverts commit caf4c471 2022-12-10 11:39:24 -05:00			`* xref:servlet/authentication/cas.adoc#servlet-cas[Central Authentication Server (CAS)] - Central Authentication Server (CAS) Support`
mkdir -p build/ids find -name ".adoc" \| xargs -I{file} awk -v file={file} '/\[\[/ { gsub("\[\|\]", ""); id=$0; gsub("./docs/modules/ROOT/pages/", "", file); gsub("\[\|\]", ""); id=$0;getline;text=$0; sub("^=+ ","", text); print file > "build/ids/"id".id"; print text > "build/ids/"id".text" }' {file} find docs/modules -name ".adoc"\|while read adoc_file_to_replace; do echo "Replacing $adoc_file_to_replace" for id_file in build/ids/*.id; do id=$(basename $id_file \| sed 's/\.id$//') xref_page=$(cat $id_file) if [[ "$adoc_file_to_replace" -ef "./docs/modules/ROOT/pages/$xref_page" ]] then echo " - Skipping same page refid $id " else sed -i -E "s%<<$id(\|,([^,>]+))>>%xref:${xref_page}#${id}[\2]%g" $adoc_file_to_replace fi done done 2021-07-30 17:56:54 -04:00			`* xref:servlet/authentication/rememberme.adoc#servlet-rememberme[Remember Me] - how to remember a user past session expiration`
			`* xref:servlet/authentication/jaas.adoc#servlet-jaas[JAAS Authentication] - authenticate with JAAS`
rg "xref:\S+?#\S+\[\]" docs/modules -l -g ".adoc" \| while read adoc_file_to_replace; do echo "Replacing $adoc_file_to_replace" for id_file in build/ids/.id; do id=$(basename $id_file \| sed 's/\.id$//') xref_page=$(cat $id_file) if [[ "$adoc_file_to_replace" -ef "./docs/modules/ROOT/pages/$xref_page" ]] then echo " - Skipping same page refid $id " else text_file=$(echo $id_file \| sed 's/\.id$/.text/') default_text=$(cat $text_file) sed -i -E "s%xref:${xref_page}#${id}\[\]%xref:${xref_page}#${id}[$default_text]%g" $adoc_file_to_replace fi done done 2021-07-30 18:02:44 -04:00			`* xref:servlet/authentication/preauth.adoc#servlet-preauth[Pre-Authentication Scenarios] - authenticate with an external mechanism such as https://www.siteminder.com/[SiteMinder] or Java EE security but still use Spring Security for authorization and protection against common exploits.`
mkdir -p build/ids find -name ".adoc" \| xargs -I{file} awk -v file={file} '/\[\[/ { gsub("\[\|\]", ""); id=$0; gsub("./docs/modules/ROOT/pages/", "", file); gsub("\[\|\]", ""); id=$0;getline;text=$0; sub("^=+ ","", text); print file > "build/ids/"id".id"; print text > "build/ids/"id".text" }' {file} find docs/modules -name ".adoc"\|while read adoc_file_to_replace; do echo "Replacing $adoc_file_to_replace" for id_file in build/ids/*.id; do id=$(basename $id_file \| sed 's/\.id$//') xref_page=$(cat $id_file) if [[ "$adoc_file_to_replace" -ef "./docs/modules/ROOT/pages/$xref_page" ]] then echo " - Skipping same page refid $id " else sed -i -E "s%<<$id(\|,([^,>]+))>>%xref:${xref_page}#${id}[\2]%g" $adoc_file_to_replace fi done done 2021-07-30 17:56:54 -04:00			`* xref:servlet/authentication/x509.adoc#servlet-x509[X509 Authentication] - X509 Authentication`