Part 3 : Three main pillars in the Spring Security Authentication Mechanism–AuthenticationProvider

AuthenticationProvider

Interface AuthenticationProvider  indicates a class can process a specific Authenticatiom implementation like LDAP, databases,SSO etc.
From the docs
The default implementation in Spring Security is called ProviderManager and rather than handling the authentication request itself, it delegates to a list of configured AuthenticationProviders, each of which is queried n turn to see if it can perform the authentication. Each provider will either throw an exception or return a fully populated Authentication object.
When we write:
  1. <authentication-provider>
  2. <user-service>
  3. <user authorities=”ROLE_USER” name=”guest” password=”guest” />
  4. </authentication-provider>
In the spring security config file, a InMemoryDaoImpl implementation of theUserDetailService is configured by Spring security.
The authenticate() method of the class implementing AuthenticationProvider must return an UsernamePasswordAuthenticationToken instance if the authentication is successful, if not it will return null.
For custom authentication provider we need to provide a similar entry in the security-config.xml
  1. <authentication-manager>
  2. <authentication-provider ref=”myAthenticationProvider”/>
  3. </authentication-manager>
And the template for the Provider class will be like below:
  1. Public class MyAuthenticationProvider implements AuthenticationProvider {
  2. @Override
  3. Public Authentication authenticate(Authentication authentication) throws AuthenticationException{
  4. //get crediantials from the authentication
  5. //check them for validity and assign grantedauths
  6. //return Authentication or null
  7. }
  8. @Override
  9. Public Boolean supports(Class<?> authentication){
  10. //code to return whether the authentication type is supported
  11. }
This is all you need usually to provide a custom provider to check on the supplied credentials of the user in Spring Security.

Comments

Post a Comment

Popular posts from this blog

Java Interview : Threads

Java came up with multi threading long time back, still the kind of response it invokes when this topic raises its head during interviews is not very encouraging. If you have attended an java interview, a couple of suppose to be very smart guys also know as lead developers will shower you with questions on multi threading, grilling you down to make sure what you are talking about, even asking you to write fork-join snippets to solve hadoop use cases. But if you are hired and you write a piece code using executor framework, you will be seen with suspicion generally reserved for people with casual shoes at cocktail parties. So here is post to start out thinking about threads. So a path of execution in java is known as a thread, appropriately an instance of Thread class. The main method runs in its own thread and starts up the program execution. If you implement the Runnable interface, you can run in a thread of you own. The Runnable interface has a run() method you implement your...
Read more

Spring Framework Interview Notes : Part Two Wiring

Image
The Spring container is the guy responsible to get the train moving when working with the Spring framework.  The dependency magic gets the things working by somehow getting all the stuff up and running. Now somehow we need to indicate to the spring container as to where and how to “wire” these beans. Remember these beans are also known as components. Components combine to form the structure and thus make the functionality. The concept of component scanning or component finding comes into the picture, literally searching the applications to find the beans required to create these beans. @ComponentScan is the annotation used by giving the the base packages where these components are defined using annotation or xml . Spring Framework Interview Wiring You can also use Autowiring with its attributes, which finds the beans by-name or by-type and injects them appropriately. @Component, @ComponentScan, @Autowired, @Named,  @Bean  with requires and quali...
Read more

Card Dealer In Java in Less than 5 minutes

Image
Code: package design; import java.util.Collections; import java.util.Stack; public class CardDealer { private int totalPlayers; private static Stack<Card> deck; CardDealer(int players){ totalPlayers=players; deck =  Deck.getCardDeck(); } public static void main(String[] args) { CardDealer cardDealer = new CardDealer(5); cardDealer.dealCards(); } public void dealCards(){ int cardsToPlayer = deck.size()/totalPlayers; for(int i=0;i<cardsToPlayer;i++){ for(int j=1;j<=totalPlayers;j++){ System.out.println("Player:"+j+ " gets "+deck.pop()); } } } private int getPlayers() { return totalPlayers; } }  class Deck{ static Stack<Card> deck = new Stack<Card>(); static Deck d=null; static { d = new Deck(); } public static Stack<Card> getCardDeck(){ return deck; } private Deck(){ populateDeckWithcards(); shuffle(); } pr...
Read more