CODEWITHSUNDEEP
springspring-security
Dreamer
Dreamer

Reputation: 7549

How spring security authenticate the password(credential)?

I get this work but don't quite understand the process behind:

<!-- Authentication Manager -->
<sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider user-service-ref="customUserDetailsService">
        <sec:password-encoder ref="encoder"/>
    </sec:authentication-provider>
</sec:authentication-manager>

    <bean id="encoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder">

And in customUserDetailsService:

@Component("customUserDetailsService")
public class CustomUserDetailsService implements UserDetailsService {

............

    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {

        User user = userService.findByUsername(username);

        if (user == null) {
            throw new UsernameNotFoundException("User '"+username+"' not found !");
        }

        return user;
    }

}

The user service basically just validate user with his or her name, but without validate it's password. But password-encoder does actually validate the password, so how Spring relate the encoder with User entity's password column? Where is the process to validate the user password?

Question2

How to customize the password validation process to intercept the decrypted password?

Upvotes: 0

Views: 202

Answers (2)

Alex R
Alex R

Reputation: 11891

Accepted answer didn't work for me, I had to create a custom implementation of org.springframework.security.authentication.AuthenticationProvider

Upvotes: 0

utluiz
utluiz

Reputation: 299

Your User class should have implemented UserDetails that has the method getPassword(). As it's a Spring interface, they call this method when needed.

Upvotes: 2

Related Questions