☰ See All Chapters |
Spring Security Architecture
The incoming request undergoes interception by the authentication filter, a critical component tasked with scrutinizing and validating the requester's credentials and permissions. This pivotal step ensures that only authenticated and authorized entities proceed further, bolstering the security and integrity of the system or application.
Details about the authenticated entity are stored in the security context. Authentication filter examines the security context to determine whether the requested entity requires additional authentication. If the entity requires no authentication, the response is sent directly to the client from the entity/controller, ensuring a streamlined and efficient process.
Authentication responsibility is delegated to the authentication manager.
The authentication manager depends on the authentication provider to effectively execute the intricacies of the authentication logic, ensuring a robust and secure verification process.
The authentication provider interfaces with a user details service to locate the user and employs a password encoder to validate the provided password, ensuring a thorough and secure authentication process. A default implementation of the Authentication Provider uses the default implementations of UserDetailsService and PasswordEncoder.
The authentication outcome is conveyed back to the filter. In case of valid credentials, a response is crafted from the entity/controller and sent to the client. On the contrary, if the credentials are invalid, a 401 Unauthorized error is issued to the client, maintaining a secure and controlled access mechanism.
All Chapters