|
This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Security 6.4.1! |
DaoAuthenticationProvider
DaoAuthenticationProvider is an AuthenticationProvider implementation that leverages a UserDetailsService and PasswordEncoder to authenticate a username and password.
Let’s take a look at how DaoAuthenticationProvider works within Spring Security.
The figure explains details of how the AuthenticationManager in figures from Reading the Username & Password works.
DaoAuthenticationProvider Usage
The authentication Filter from Reading the Username & Password passes a UsernamePasswordAuthenticationToken to the AuthenticationManager which is implemented by ProviderManager.
The ProviderManager is configured to use an AuthenticationProvider of type DaoAuthenticationProvider.
DaoAuthenticationProvider looks up the UserDetails from the UserDetailsService.
DaoAuthenticationProvider then uses the PasswordEncoder to validate the password on the UserDetails returned in the previous step.
When authentication is successful, the Authentication that is returned is of type UsernamePasswordAuthenticationToken and has a principal that is the UserDetails returned by the configured UserDetailsService.
Ultimately, the returned UsernamePasswordAuthenticationToken will be set on the SecurityContextHolder by the authentication Filter.