Difference between AuthenticationProvider and AbstractUserDetailsAuthenticationProvider

Question

Can anybody please help me explain scenarios/use cases where we should use AuthenticationProvider and where we should use AbstractUserDetailsAuthenticationProvider.

Answer 1

AbstractUserDetailsAuthenticationProvider is an abstract class and implements the AuthenticationProvider. As such it already provides a lot of functionality out of the box where as you have to implement the functionality of AuthenticationProvider all by yourself.

The abstract class is interesting when you have a repository with user information, then it allows you to obtain this information from this class. Suppose on the other hand that you need something very different than this with a very different logic, than you will need to implement the AuthenticationProvider.

You can find the javadocs here http://docs.spring.io/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.html and http://docs.spring.io/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/authentication/AuthenticationProvider.html

Answer 2

AuthenticationProvider is just the interface. AbstractUserDetailsAuthenticationProvider is a base class for working with UsernamePaswordAuthenticationToken instances, which is a common usecase.

Answer 3

You cannot instantiate an instance of an abstract class. Abstract classes are just that - abstract. AuthenticationProvider is an interface which AbstractUserDetailsAuthenticationProvider implements.

The class you are most likely looking for is - http://docs.spring.io/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/authentication/dao/DaoAuthenticationProvider.html

For more info on interfaces and abstract classes in Java check out - http://docs.oracle.com/javase/tutorial/java/concepts/interface.html http://docs.oracle.com/javase/tutorial/java/IandI/abstract.html