Boot Strap
Spring Security is not call api or anything . it works as Filter
if we are not using SpringBoot
we need to add this in configure xml.
how Authenticate works?
Authentication is internal spring security interface. it's object acts like DTO
for example it holds credenitals before authentication whe jobs is done it will hold Principal.
inside AuthenticaitonProvider class autheticate method takes Authentication input with credential and validate it
and return another Authentication object with Principal.
we can have lot of way to authenticate and have all of them in one app
AuthenticaitonManager calls AuthenticationProvider's supports() method and checks whether it supports given specific Authentication.
it works like Controller in Web MVC
every Provider needs to check some Database and get User object and every thing will be done by Authentication Provider.
With UserDetailsService we can check User Object more easily
After all the process Principal is saved it ThreadLocal so that we don't need to provide credentials for every url during given session.
'WEB > Security' 카테고리의 다른 글
| [java brains] JWT+ Spring Security (0) | 2021.04.18 |
|---|---|
| [java brains] JWT (0) | 2021.04.15 |
| [java brains] JPA authentication (0) | 2021.04.14 |
| [java brains] Filters , Configure (0) | 2021.04.12 |
| [java brains] Spring security basic (0) | 2021.04.01 |