Authentication with Spring Security
I have some confusion when working with authentication in spring security. There are two ways of authentication.
- By overriding configure method
- By implementing bean instance for AuthenticationProvider
I need to know what is the difference between them and the pros and cons of using each.
1.
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Bean
public BCryptPasswordEncoder getBCryptPasswordEncoder(){
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationProvider authenticationProvider(){
DaoAuthenticationProvider daoAuthenticationProvider=new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
daoAuthenticationProvider.setPasswordEncoder(new BCryptPasswordEncoder());
return daoAuthenticationProvider;
}
If you are not sure of the spring security filter chain, see this answer. How Spring Security Filter Chain works
Here is a screenshot I recently took when I was setting up demo ldap + in-memory auth.
As you can see, in the end, we want a type of
AuthenticationFilterin our spring security filter chain. That filter is responsible for receiving the login request and decide the if authentication successful or not.AuthenticationFilterhas a reference toAuthenticationMangerandAuthenticationMangerimplementation (which is calledProviderManager) does not do authentication directly. InsteadAuthenticationMangerimplementations can have a list ofAuthenticationProviders and depend on the type authentication request, it asks the correspondingAuthenticationProviderin its list do the authentication.AuthenticationFilterdelegates toAuthenticationManger(.ieProviderManager) which in turn delegates tooneofAuthenticationProviderSo here is sample. Just for demo purpose, I am duplicating your
authenticationProvider()definition and see how theAuthenticationManger.ieProviderManagerlooks
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(authenticationProvider1())
.authenticationProvider(authenticationProvider2());
}
@Bean("my-auth-provider-1")
public AuthenticationProvider authenticationProvider1(){
DaoAuthenticationProvider provider=new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService());
return provider;
}
@Bean("my-auth-provider-2")
public AuthenticationProvider authenticationProvider2(){
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService());
return provider;
}
Note
I have simplified a bit here. Actually ProviderManager can have parent too. But effectively it has a list of providers. See https://spring.io/guides/topicals/spring-security-architecture
- Android ImageButton does not display image, even though it is visible in the Designer preview
- What are Runtime.getRuntime().totalMemory() and freeMemory()?
- Case insensitive search in Mongodb
- Build jvm without jdk
- Not Able to Install Plugins Eclipse
- Gradle Android Version Mismatch in Flutter
- Remove ✅, 🔥, ✈ , ♛ and other such emojis/images/signs from Java strings
- Convert String input to int array in Java
- Java - How to create new Entry (key, value)
- Difference between "on-heap" and "off-heap"
- Java: Composite key in hashmaps
- Java FFM `Linker.Option.captureCallState` does not successfully capture `GetLastError` on Windows
- Room - Schema export directory is not provided to the annotation processor so we cannot export the schema
- Why is this code 5 times slower in C# compared to Java?
- Drawing panel to design a house
- Xerces2-J error location accuracy: library vs Oxygen Editor
- Is there a shouldOverrideUrlLoading in GeckoView?
- How to handle any new tab/window creations in GeckoView properly?
- Convert List<String> to Map<String, Integer>
- Searching for a valid pattern in files of under a folder? (Maybe with Perl or with some Apis at Java or anything else)
- using java , what are the methods to find a word inside a string?
- Java regular expression with lookahead
- How to fix Type definition error in Spring Boot application?
- Convert RGB value to HSV
- LWJGL project error in pom.xml: Missing artifact org.lwjgl:lwjgl-platform:jar:natives-windows:${lwjgl.version}
- DateTimeFormatter with "yyyy-MM-dd HH:mm:ss" parses into LocalDateTime with missing seconds
- Spring boot using undefined for x-queue-type instead none
- ServerSocket.accept() fails to stop on close() in Docker
- Could not find org.springframework.cloud:spring-cloud-starter-config:
- Gradle Project: java.lang.NoClassDefFoundError: kotlin/jvm/internal/Intrinsics