Using Custom Authentication Provider Spring Security


Using Custom Authentication Provider Spring Security

In this post we are going to find out why we need Custom Authentication Provider in Spring Security . Why do we need to implement this .

If You have  followed previous post about Flow of Authentication in Spring Security .

Spring Security has several areas where patterns you have defined are tested against incoming requests in order to decide how the request should be handled. This occurs when the FilterChainProxy decides which filter chain a request should be passed through and also when the FilterSecurityInterceptor decides which security constraints apply to a request.

Once it reaches the right authentication filter based on the authentication mechanism used ,  it extract the given credentials  from the request and then using the supplied values it creates the authentication object. The it calls 'authenticate' method of the AuthenticationManager. Now once Authentication manager tries to authenticate the request it  passes through the authentication providers to authenticate the user.

User Cases Where You Need Custom Authentication Provider :-

Lets say you are using authentication services provided by some third party in the form of Jar or an API.

In that case you can use the Spring Security Custom Authentication Provider to validate the username and password using the API . Once the validation is successful  we create the Authentication object and return to Spring Security framework.

Lets Implement a Custom Authentication Provider In Spring Security .


Please enter your comment!
Please enter your name here