Spring Security (Series) - Overview #2
Take a step back and see the forest for the trees!
So, in the previous post we went straight into Spring Security's workings.
Now, let's take a step back. We're going to go through its architecture and understand the role of each component .
- Client sends a request.
- AuthenticationFilter intercepts the request and delegates the responsibility to the Authentication Manager using its
3. The Authentication Manager iterates through the Authentication Providers defined in Spring's context. It first calls their
supports(Class<?>):boolean method and if the result is true, goes on to call
4. The Authentication Provider will, in turn, make use of a
UserDetailsService and a
PasswordEncoder, to query the database for a user by username and match its password.
5. If a user is found and the password matches, an Authentication object (containing details about the user) is returned by the AuthenticationProvider all to way to the AuthenticationFilter and then it is added in the SecurityContext:
In the next post, we'll create our own
UserDetailsService which will integrate with a SQL database where we store the users and their passwords.
Find the full repository here: https://github.com/andreiszu/spring-security
Stay tuned! 🚀