dotted line means not always needed
without spring boot security depdency we will not get default Authentication Filter
we need to implement one
using OncePerRequestFilter removes some boilerplate , better than impelmenting Filter directly
CustomAuthentication is Authentication (container). -> authenticate and result will be fully authenticated authentication in general -> authenticate will throw exception so checking isAuthenticated not needed
and then we add to SecurityContext then we pass it to other filter
if autenticate fails catch exception and throw 401(FORBIDDEN)
we dont have UserDetailsService and PasswordEncoder because we don't have username and password
authenticationManager will authenticate with this class
addFilterAt will set filter at exact same palce as given argument in this case BasicAuthenticationFilter.class
'WEB > Security' 카테고리의 다른 글
| Lesson 8 - The Security Context (0) | 2022.05.06 |
|---|---|
| Lesson 6 - Multiple Authentication Providers Part 1 ,2 (0) | 2022.05.05 |
| Lesson 4 - The AuthenticationProvider (0) | 2022.05.05 |
| Lesson 3 - UserDetailsManager and PasswordEncoder (0) | 2022.05.05 |
| Lesson 2 - Implementing the UserDetailsService (0) | 2022.05.05 |