2019-12-06 10:39:55 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[[servlet-authentication]]
							 
						 
					
						
							
								
									
										
										
										
											2019-09-22 00:56:30 -06:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								= Authentication
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-08-10 15:21:42 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Spring Security provides comprehensive support for xref:features/authentication/index.adoc#authentication[Authentication].
							 
						 
					
						
							
								
									
										
										
										
											2022-09-01 13:55:35 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								We start by discussing the overall xref:servlet/authentication/architecture.adoc[Servlet Authentication Architecture].
							 
						 
					
						
							
								
									
										
										
										
											2021-07-29 17:12:34 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								As you might expect, this section is more abstract describing the architecture without much discussion on how it applies to concrete flows.
							 
						 
					
						
							
								
									
										
										
										
											2019-09-22 00:56:30 -06:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-07-29 17:12:34 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								If you prefer, you can refer to <<servlet-authentication-mechanisms,Authentication Mechanisms>> for concrete ways in which users can authenticate.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								These sections focus on specific ways you may want to authenticate and point back at the architecture sections to describe how the specific flows work.
							 
						 
					
						
							
								
									
										
										
										
											2020-02-21 11:33:36 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2020-02-24 15:13:41 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[[servlet-authentication-mechanisms]]
							 
						 
					
						
							
								
									
										
										
										
											2021-07-29 17:12:34 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								== Authentication Mechanisms
							 
						 
					
						
							
								
									
										
										
										
											2020-02-21 11:33:36 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2020-02-24 15:13:41 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								// FIXME: brief description
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-08-25 13:31:00 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								* xref:servlet/authentication/passwords/index.adoc#servlet-authentication-unpwd[Username and Password] - how to authenticate with a username/password
							 
						 
					
						
							
								
									
										
										
										
											2021-11-04 11:55:53 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								* xref:servlet/oauth2/login/index.adoc#oauth2login[OAuth 2.0 Login] - OAuth 2.0 Log In with OpenID Connect and non-standard OAuth 2.0 Login (i.e. GitHub)
							 
						 
					
						
							
								
									
										
										
										
											2021-07-30 16:56:54 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								* xref:servlet/saml2/index.adoc#servlet-saml2[SAML 2.0 Login] - SAML 2.0 Log In
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								* xref:servlet/authentication/cas.adoc#servlet-cas[Central Authentication Server (CAS)] - Central Authentication Server (CAS) Support
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								* xref:servlet/authentication/rememberme.adoc#servlet-rememberme[Remember Me] - how to remember a user past session expiration
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								* xref:servlet/authentication/jaas.adoc#servlet-jaas[JAAS Authentication] - authenticate with JAAS
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								* xref:servlet/authentication/openid.adoc#servlet-openid[OpenID] - OpenID Authentication (not to be confused with OpenID Connect)
							 
						 
					
						
							
								
									
										
										
										
											2021-07-30 17:02:44 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								* xref:servlet/authentication/preauth.adoc#servlet-preauth[Pre-Authentication Scenarios] - authenticate with an external mechanism such as https://www.siteminder.com/[SiteMinder] or Java EE security but still use Spring Security for authorization and protection against common exploits.
							 
						 
					
						
							
								
									
										
										
										
											2021-07-30 16:56:54 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								* xref:servlet/authentication/x509.adoc#servlet-x509[X509 Authentication] - X509 Authentication