Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add AbstractAuthenticationProcessingFilter Docs 

Closes gh-8004
This commit is contained in:
Rob Winch 2020-02-20 14:48:32 -06:00
parent 052e103aed
commit 5e9c03aa83
1 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
docs/manual/src/docs/asciidoc/_includes/servlet/authentication/architecture/abstract-authentication-processing-filter.adoc Normal file
View File

@ -0,0 +1,40 @@
= AbstractAuthenticationProcessingFilter
:figures: images/servlet/authentication/architecture
:icondir: images/icons
{security-api-url}org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.html[`AbstractAuthenticationProcessingFilter`] is used as a base `Filter` for authenticating a user's credentials.
Before the credentials can be authenticated, Spring Security typically requests the credentials using <<servlet-authentication-authenticationentrypoint,`AuthenticationEntryPoint`>>.
Next, the `AbstractAuthenticationProcessingFilter` can authenticate any authentication requests that are submitted to it.
image::{figures}/abstractauthenticationprocessingfilter.png[]
image:{icondir}/number_1.png[] When the user submits their credentials, the `AbstractAuthenticationProcessingFilter` creates an <<servlet-authentication>> from the `HttpServletRequest` to be authenticated.
The type of `Authentication` created depends on the subclass of `AbstractAuthenticationProcessingFilter`.
For example, `UsernamePasswordAuthenticationFilter` creates a `UsernamePasswordAuthenticationToken` from a __username__ and __password__ that are submitted in the `HttpServletRequest`.
// FIXME: link UsernamePasswordAuthenticationFilter
image:{icondir}/number_2.png[] Next, the `Authentication` is passed into the `AuthenticationManager` to be authenticated.
// FIXME: link to AuthenticationManager
image:{icondir}/number_3.png[] If authentication fails, then __Failure__
* The <<servlet-authentication-securitycontextholder>> is cleared out.
* `RememberMeServices.loginFail` is invoked.
If remember me is not configured, this is a no-op.
// FIXME: link to rememberme
* `AuthenticationFailureHandler` is invoked.
// FIXME: link to AuthenticationFailureHandler
image:{icondir}/number_4.png[] If authentication is successful, then __Success__.
* `SessionAuthenticationStrategy` is notified of a new log in.
// FIXME: Add link to SessionAuthenticationStrategy
* The <<servlet-authentication-authentication>> is set on the <<servlet-authentication-securitycontextholder>>.
Later the `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession`.
// FIXME: link securitycontextpersistencefilter
* `RememberMeServices.loginSuccess` is invoked.
If remember me is not configured, this is a no-op.
// FIXME: link to rememberme
* `ApplicationEventPublisher` publishes an `InteractiveAuthenticationSuccessEvent`.