Using Custom Authentication Provider Spring Security
In this post we are going to find out why we need Custom Authentication Provider in Spring Security . Why do we need to implement this .
If You have followed previous post about Flow of Authentication in Spring Security .
Spring Security has several areas where patterns you have defined are tested against incoming requests in order to decide how the request should be handled. This occurs when the FilterChainProxy decides which filter chain a request should be passed through and also when the FilterSecurityInterceptor decides which security constraints apply to a request.
Once it reaches the right authentication filter based on the authentication mechanism used , it extract the given credentials from the request and then using the supplied values it creates the authentication object. The it calls
'authenticate' method of the
AuthenticationManager. Now once Authentication manager tries to authenticate the request it passes through the authentication providers to authenticate the user.
User Cases Where You Need Custom Authentication Provider :-
Lets say you are using authentication services provided by some third party in the form of Jar or an API.
In that case you can use the Spring Security Custom Authentication Provider to validate the username and password using the API . Once the validation is successful we create the Authentication object and return to Spring Security framework.
Lets Implement a Custom Authentication Provider In Spring Security .