if authentication is not done by username and password we won't need UserDetailService and PasswordEncoder
but we always need implementation of Authentication Provider
3cases
1. if request is for authentication -> return fully authenticated Authentication isntance
2. if authenticate fail -> throw any kind of AuthenitcationException
3. if request's authentication object is not supported by this method -> return null , cannot decide and shoudl find another AuthenticationProvider
support method is for before calling actual authenticate method -> authentication manager can check
UsernamePasswordAuthenticationToken is class that implement Authentication class and used for basic Auth(Postman).
after succsessful authentication we give newly authenticated UsernamePasswordAuthenticationToken which is authentication
Authentication is container , before authenticate boolean will be false
getCredenitals = password , it is not always String so it is Object
getDetails = oauth thing
getPrincipal = consider as user it self
if we want to add more we just keep calling auth.authenticationProvider(something1).authenticationProvider(soemthing2)
'WEB > Security' 카테고리의 다른 글
| Lesson 6 - Multiple Authentication Providers Part 1 ,2 (0) | 2022.05.05 |
|---|---|
| Lesson 5 - The filter chain (0) | 2022.05.05 |
| Lesson 3 - UserDetailsManager and PasswordEncoder (0) | 2022.05.05 |
| Lesson 2 - Implementing the UserDetailsService (0) | 2022.05.05 |
| Lesson 1 - The basic contracts in Spring Security architecture (0) | 2022.05.05 |