Here is the action process divided into small parts.
HTTP Request
Security has a chain of filters.
So, when a request comes in from a client, it goes through a series of filters for authentication and authorization purposes.
Among those filters, it reaches the filter called Authentication Filter.
There, the UsernamePasswordAuthentication filter performs form-based authentication using the username and password.
In general, if you use form-based authentication, it will move on to the Application Filter.
** But if you use other authentication methods like OAuth2.0 or JWT, it will move on to another filter that I will explain about later.
When a request arrives at UsernamePasswordAuthenticationFilter, the AttempAuthentication(request, response) method operates.
This method creates a UsernamePasswordAuthenticationToken (Authentication) based on the user cridentials.
The token is then given to the AuthenticationManager that proceeds with the authentication.
** All access subjects create Authentication. This is finally stored and used in the SecurityContext.
** UsernamePasswordAuthenticationToken is an implementation of the Authentication interface.
UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken, and AbstractAuthenticationToken implements Authentication.
Top comments (0)