Part 2 : Three main pillars in the Spring Security Authentication Mechanism–AuthenticationManager

AuthenticationManager

It’s an interface in org.springframework.security.authentication package and has only one method authenticate().
  1. authenticate(Authentication authentication) which returns a reference to the class implementing Authentication interface.
The following is what the documentation says about Authentication interface .
“Represents the token for an authentication request or for an authenticated principal once the been request has been processed by the AuthenticationManager.authenticate(Authentication) method.
Once the request has been authenticated, the Authentication will usually be stored in a thread-local SecurtyContext managed by the SecurtyContextHolderby the authentication mechanism which is being used. An explicit authentication can be achieved, without instance and using the code”.
SecurityContextHolder.getContext().setAuthentication(anAuthentication);
You can manually get the AuthenticationManager to be used in your controller to authenticate the request by configuring the bean in the spring security context like below.
From the docs:
  1. <authentication-manager alias="authenticationManager">
  2. <authentication-provider>
  3. <jdbc-user-service data-source-ref="someDataSource"/>
  4. <password-encoder hash="sha"/>
  5. <user-service>
  6. <user-name="jimi" password="343m4sdlskldkskdllsdkdskldklskdo3i433434" authorities="ROLE_USER,USER_ADMIN" />
  7. <user-name="bob" password="343m4sdl34skldkskdllsdkdskldklskd75o3i433434" authorities="ROLE_USER" />
  8. </user-service>
  9. </authentication-provider>
  10. </authentication-manager>
Here you can authenticate the request using a data -source containing the standard Spring Security user data tables and a password encoder is being used to encode the password.
In the Java file you can call it like below:

  1. @Autowired
  3. @Qualifier("authenticationManager");
  5. protected AuthenticationManager authenticationManager;
The summary of this note being AuthenticationManager passes an AuthenticationToken to the Authenticationprovider implementation and they try to authenticate the user, setting the isAuthenticated flag to true or false.

Comments

Post a Comment

Popular posts from this blog

Java Interview : Threads

Java came up with multi threading long time back, still the kind of response it invokes when this topic raises its head during interviews is not very encouraging. If you have attended an java interview, a couple of suppose to be very smart guys also know as lead developers will shower you with questions on multi threading, grilling you down to make sure what you are talking about, even asking you to write fork-join snippets to solve hadoop use cases. But if you are hired and you write a piece code using executor framework, you will be seen with suspicion generally reserved for people with casual shoes at cocktail parties. So here is post to start out thinking about threads. So a path of execution in java is known as a thread, appropriately an instance of Thread class. The main method runs in its own thread and starts up the program execution. If you implement the Runnable interface, you can run in a thread of you own. The Runnable interface has a run() method you implement your...
Read more

Spring Framework Interview Notes : Part Two Wiring

Image
The Spring container is the guy responsible to get the train moving when working with the Spring framework.  The dependency magic gets the things working by somehow getting all the stuff up and running. Now somehow we need to indicate to the spring container as to where and how to “wire” these beans. Remember these beans are also known as components. Components combine to form the structure and thus make the functionality. The concept of component scanning or component finding comes into the picture, literally searching the applications to find the beans required to create these beans. @ComponentScan is the annotation used by giving the the base packages where these components are defined using annotation or xml . Spring Framework Interview Wiring You can also use Autowiring with its attributes, which finds the beans by-name or by-type and injects them appropriately. @Component, @ComponentScan, @Autowired, @Named,  @Bean  with requires and quali...
Read more

Card Dealer In Java in Less than 5 minutes

Image
Code: package design; import java.util.Collections; import java.util.Stack; public class CardDealer { private int totalPlayers; private static Stack<Card> deck; CardDealer(int players){ totalPlayers=players; deck =  Deck.getCardDeck(); } public static void main(String[] args) { CardDealer cardDealer = new CardDealer(5); cardDealer.dealCards(); } public void dealCards(){ int cardsToPlayer = deck.size()/totalPlayers; for(int i=0;i<cardsToPlayer;i++){ for(int j=1;j<=totalPlayers;j++){ System.out.println("Player:"+j+ " gets "+deck.pop()); } } } private int getPlayers() { return totalPlayers; } }  class Deck{ static Stack<Card> deck = new Stack<Card>(); static Deck d=null; static { d = new Deck(); } public static Stack<Card> getCardDeck(){ return deck; } private Deck(){ populateDeckWithcards(); shuffle(); } pr...
Read more