Spring Security (Series) - Overview #2

Take a step back and see the forest for the trees!

Brief

So, in the previous post we went straight into Spring Security's workings.

Now, let's take a step back. We're going to go through its architecture and understand the role of each component .

Spring Security Architecture

Implementation

  1. Client sends a request.
  2. AuthenticationFilter intercepts the request and delegates the responsibility to the Authentication Manager using its authenticate method .
AuthenticationFilter.java

3.  The Authentication Manager iterates through the Authentication Providers defined in Spring's context. It first calls their supports(Class<?>):boolean method and if the result is true, goes on to call authenticate(Authentication): Authentication.

AuthenticationManager.java
AuthenticationProvider.java

4.  The Authentication Provider will, in turn, make use of a UserDetailsService and a PasswordEncoder, to query the database for a user by username and match its password.

UserDetailsService.java
PasswordEncoder.java

5.  If a user is found and the password matches, an Authentication object (containing details about the user) is returned by the AuthenticationProvider all to way to the AuthenticationFilter and then it is added in the SecurityContext:

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
	try {
		Authentication authentication = attemptAuthentication(request, response);
        	SecurityContext.getContext().setAuthentication(authentication);
            } catch (AuthenticationException ex) {
			// return a 401 HttpStatus response
            }
}
AuthenticationFilter.java

In the next post, we'll create our own UserDetailsService which will integrate with a SQL database where we store the users and their passwords.

Find the full repository here:  https://github.com/andreiszu/spring-security


💡
Don't miss out on more posts like this! Susbcribe to our free newsletter!
💡
Currently I am working on a Java Interview e-book designed to successfully get you through any Java technical interview you may take.
Stay tuned! 🚀