Spring Security Authentication

-
Spring Security  provides comprehensive support for Authentication. Spring security Authentication has various section like,


SecurityContextHolder and SecurityContext Understanding
SecurityContextHolder Object Overview

  • SecurityContextHolder: Spring Security Stores the details of who is authenticated. SecurityContextHolder uses a ThreadLocal to store authenticated user and authenticated principal. SecurityContextHolder uses ThreadLocal. Hence, We can access its details across the method.
  • SecurityContext: It contains the Authentication of the currently authenticated user. Spring Security does not care how the securityContextHolder is populated. If it contains a value, then it is used as the currently authenticated user. The SecurityContext is obtained from the SecurityContextHolder.
  • Authetication: Can be put input to AuthenicationManager to provide the credentials a user has provided to authenticate or the current user from the SecurityContext.

    The Authentication contains: principal, credentials and authorities.Principal identifies the user. When authenticating with userName/Passsword, it is an instance of UserDetails. Credentials means often a password. Authrorities means the GrantedAuthority are high level permission that user is granted.
  • GrantedAuthority: An authority that is granted to the principal on the authentication.



    Authentication Manager and behavior in Spring Security
    Authentication Manager relevancy 
  • AuthenticationManager: the API that defines how Spring Security's Filter perform authentication. The authentication that is returned set on SecuritContextHolder.
  • ProviderManager: It is the most common implementation of AutheticationManager. ProviderManager delegates to a List of Authenticationprovider. Each AuthenticionProvider has an opportunity to indicate that authentication should be successful, fail or indicate it cannot make a decision and allow a downstream AuthenticationProvider to decide.
  • AuthenticationProvider: It is used by ProviderManager to perform a specificType of authentication. Multiple AuthenticationProvider can be injected into ProviderManager. Each AuthenticationProvider perform a specific type of authentication.
  • Request Credential with AuthenticationEntryPoint: It is used for requesting credentials from a client. AuthenticationEntryPoint  is used to send an HTTP response that requests credentials from a client. Sometime a client will proactively include credentials such as a UserName/Password to request a resource. 

Comments

Post a Comment

Popular posts from this blog

Maven Setting Mirror

-
Maven Mirror specify from where dependencies should be downloaded. There is already repository tag is available but maven mirror used in specific condition. Let's see that. Geographically closer mirror to get dependencies You want to represent repository which have better control of dependencies Need to provide local cache to repository manager In the organisation, to avoid external traffic we can use mirror. Let's see the working of mirror. The scenario is like, we have two repository first, Maven Central and second, Custom We have declared dependencies to an  artifact. Maven will look into Custom repository. Dependencies is not found into the Custom repository.  Maven will go to central repository. Maven will notice that mirror was configured for that repository. Maven will not go to central but it will go to mirror URL. Following way we can declare, Mirror in settings.xml <settings> ... <mirrors> <mirror> <id&
Read more

Spring Session

-
Spring Session provides an API and implementation for managing a user's session information. It also support clustered sessions without being tied to an application container-specific solution. Spring session support  integration with the HttpSession, WebSocket and WebSession. HttpSession : HttpSession replace HttpSession in application container with support of providing sessionId in header to work with RESTFUL APIS . WebSocket : It keeps alive HttpSession when receiving webSocket message. WebSession : WebSession replace Spring WebFlux's WebSession in an application container neutral way. Above thing can be  achieved using Spring Session Core, Spring Session Data Redis, Spring Session JDBC, Spring Session HazelCast. Spring Session Core provides core Spring Session functionality and API. Spring Session Data Redis provides SessionRepository and ReactiveSesssionRepository implementation backed by Redis and Configuration support. Spring Session JDBC provides Sess
Read more

Hibernate Version 5.0

-
Date/Time API Hibernate supports the classes of the Date and Time API as BasicTypes. This provides the main advantage, that you don’t have to provide any additional annotations. Not even the @Temporal annotation which you currently add to each java.util.Date attribute. Hibernate 5 is the first version which supports the Java 8 Date/Time API. Developers can use Java8 Date/Time in the program and persistence will be handled well by the ORM. It means in persistence Process below thing is taken care by ORM. @ Repetable annotations It is actually used to annotate the same annotation multiple times. For example, you can define multiple named queries under  @NamedQueries  annotation. Load Object by Multiple IDS Method  byMultipleIds(),  which is part of the session class and this is used to load multiple objects at a time by providing the primary key in  multiLoad()  function. This is very useful when we know about the primary key and want to load all at a time in th
Read more