mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-05-30 16:52:13 +00:00
29a7669101
echo "Replacing $adoc_file_to_replace"
for id_file in build/ids/*.id; do
id=$(basename $id_file | sed 's/\.id$//')
xref_page=$(cat $id_file)
if [[ "$adoc_file_to_replace" -ef "./docs/modules/ROOT/pages/$xref_page" ]]
then
echo " - Skipping same page refid $id "
else
text_file=$(echo $id_file | sed 's/\.id$/.text/')
default_text=$(cat $text_file)
sed -i -E "s%xref:${xref_page}#${id}\[\]%xref:${xref_page}#${id}[$default_text]%g" $adoc_file_to_replace
fi
done
done
23 lines
2.7 KiB
Plaintext
23 lines
2.7 KiB
Plaintext
[[servlet-authentication-daoauthenticationprovider]]
|
|
= DaoAuthenticationProvider
|
|
:figures: servlet/authentication/unpwd
|
|
|
|
{security-api-url}org/springframework/security/authentication/dao/DaoAuthenticationProvider.html[`DaoAuthenticationProvider`] is an xref:servlet/authentication/architecture/index.adoc#servlet-authentication-authenticationprovider[`AuthenticationProvider`] implementation that leverages a xref:servlet/authentication/unpwd/user-details-service.adoc#servlet-authentication-userdetailsservice[`UserDetailsService`] and xref:servlet/authentication/unpwd/password-encoder.adoc#servlet-authentication-password-storage[`PasswordEncoder`] to authenticate a username and password.
|
|
|
|
Let's take a look at how `DaoAuthenticationProvider` works within Spring Security.
|
|
The figure explains details of how the xref:servlet/authentication/architecture/index.adoc#servlet-authentication-authenticationmanager[`AuthenticationManager`] in figures from xref:servlet/authentication/unpwd/index.adoc#servlet-authentication-unpwd-input[Reading the Username & Password] works.
|
|
|
|
.`DaoAuthenticationProvider` Usage
|
|
image::{figures}/daoauthenticationprovider.png[]
|
|
|
|
image:{icondir}/number_1.png[] The authentication `Filter` from xref:servlet/authentication/unpwd/index.adoc#servlet-authentication-unpwd-input[Reading the Username & Password] passes a `UsernamePasswordAuthenticationToken` to the `AuthenticationManager` which is implemented by xref:servlet/authentication/architecture/index.adoc#servlet-authentication-providermanager[`ProviderManager`].
|
|
|
|
image:{icondir}/number_2.png[] The `ProviderManager` is configured to use an xref:servlet/authentication/architecture/index.adoc#servlet-authentication-authenticationprovider[AuthenticationProvider] of type `DaoAuthenticationProvider`.
|
|
|
|
image:{icondir}/number_3.png[] `DaoAuthenticationProvider` looks up the `UserDetails` from the `UserDetailsService`.
|
|
|
|
image:{icondir}/number_4.png[] `DaoAuthenticationProvider` then uses the xref:servlet/authentication/unpwd/password-encoder.adoc#servlet-authentication-password-storage[`PasswordEncoder`] to validate the password on the `UserDetails` returned in the previous step.
|
|
|
|
image:{icondir}/number_5.png[] When authentication is successful, the xref:servlet/authentication/architecture/index.adoc#servlet-authentication-authentication[`Authentication`] that is returned is of type `UsernamePasswordAuthenticationToken` and has a principal that is the `UserDetails` returned by the configured `UserDetailsService`.
|
|
Ultimately, the returned `UsernamePasswordAuthenticationToken` will be set on the xref:servlet/authentication/architecture/index.adoc#servlet-authentication-securitycontextholder[`SecurityContextHolder`] by the authentication `Filter`.
|