spring security AuthenticationManager vs AuthenticationProvider?

前端未结

关注

 3  1718

Can someone tell me the difference between an AuthenticationManager and an AuthenticationProvider in Spring Security?

How are they used and how

3条回答

梦谈多话 (楼主)

2021-01-30 10:50

Both AuthenticationManager and AuthenticationProvider are interfaces. They have different functionalities in the Spring Security Flow.

Ref-
Spring Boot + Spring Security Architecture
AuthenticationManager - When user tries to access an application, the http request is intercepted by filter/filter chain. Using the Authentication Object created the filter will then call the authenticate method of the Authentication Manager. The Authentication Manager is only a interface and actual implementation of the authenticate method is provided by the ProviderManager.The ProviderManager has a list of AuthenticationProviders. From it's authenticate method it calls the authenticate method of the appropriate AuthenticateProvider. In response it gets the Principal Authentication Object if the authentication is successful.
AuthenticationProvider - The AuthenicationProvider is an interface with a single authenticate method. It has various implementations like CasAuthenticationProvider,DaoAuthenticationProvider. Depending on the implementation an appropriate AuthenicationProvider implementation is used. It is in the AuthenticationProvider Implementation authenticate method where all the actual authentication takes place.

0 讨论(0)