For the latest stable version, please use Spring Security 6.1.12! |
DaoAuthenticationProvider
DaoAuthenticationProvider
is an AuthenticationProvider
implementation that uses a UserDetailsService
and PasswordEncoder
to authenticate a username and password.
This section examines how DaoAuthenticationProvider
works within Spring Security.
The following figure explains the workings of the AuthenticationManager
in figures from the Reading the Username & Password section.
DaoAuthenticationProvider
Usage The authentication Filter
from the Reading the Username & Password section passes a UsernamePasswordAuthenticationToken
to the AuthenticationManager
, which is implemented by ProviderManager
.
The ProviderManager
is configured to use an AuthenticationProvider of type DaoAuthenticationProvider
.
DaoAuthenticationProvider
looks up the UserDetails
from the UserDetailsService
.
DaoAuthenticationProvider
uses the PasswordEncoder
to validate the password on the UserDetails
returned in the previous step.
When authentication is successful, the Authentication
that is returned is of type UsernamePasswordAuthenticationToken
and has a principal that is the UserDetails
returned by the configured UserDetailsService
.
Ultimately, the returned UsernamePasswordAuthenticationToken
is set on the SecurityContextHolder
by the authentication Filter
.