For the latest stable version, please use Spring Security 6.4.1! |
DaoAuthenticationProvider
DaoAuthenticationProvider
is an AuthenticationProvider
implementation that leverages a UserDetailsService
and PasswordEncoder
to authenticate a username and password.
Let’s take a look at how DaoAuthenticationProvider
works within Spring Security.
The figure explains details of how the AuthenticationManager
in figures from Reading the Username & Password works.
DaoAuthenticationProvider
Usage The authentication Filter
from Reading the Username & Password passes a UsernamePasswordAuthenticationToken
to the AuthenticationManager
which is implemented by ProviderManager
.
The ProviderManager
is configured to use an AuthenticationProvider of type DaoAuthenticationProvider
.
DaoAuthenticationProvider
looks up the UserDetails
from the UserDetailsService
.
DaoAuthenticationProvider
then uses the PasswordEncoder
to validate the password on the UserDetails
returned in the previous step.
When authentication is successful, the Authentication
that is returned is of type UsernamePasswordAuthenticationToken
and has a principal that is the UserDetails
returned by the configured UserDetailsService
.
Ultimately, the returned UsernamePasswordAuthenticationToken
will be set on the SecurityContextHolder
by the authentication Filter
.