Authentication

Authentication is the process that identifies a user or client based on their username and password. It helps a user to get the access protected system objects based on their identity. For the authentication procedure, spring security gives us the AuthenticationManager interface. This interface has just a single capacity, named validate().

The accompanying snippet of code is an example of the AuthenticationManager interface:

interface AuthenticationManager {
    @Throws(AuthenticationException::class)
    fun authenticate(authentication: Authentication): Authentication
}

Three tasks are completed by the authenticate() in this AuthenticationManager interface:

  • authenticate() returnsAuthentication on the off-chance that its capacity can check that the input represents a valid principle. The previously-mentioned code generally returns authenticated=true.
  • In the event that the capacity finds that the input doesn't speak to a substantial rule, it tosses AuthenticationException.
  • In the event that the capacity can't choose anything, it will return null.

AuthenticationException is a runtime exception. An application handles this exception in a conventional way

ProviderManager is often used to implement AuthenticationManager, and represents a chain of AuthenticationProvider objects. If there's no parent accessible, it throws AuthenticationException.

AuthenticationProvider resembles AuthenticationManager, but has an additional function. This additional function enables the client to query on the off-chance that it supports a given Authentication type.

Here's some code of the AuthenticationProvider interface:

interface AuthenticationProvider {
   @Throws(AuthenticationException::class)
    fun authenticate(authentication:Authentication):Authentication
    fun supports(authentication: Class<*>): Boolean
}

This interface has two functions—authenticate() returns the user's authentication details and supports() returns a Boolean if the authentication and given username-password pair matches, or doesn't.

Here is a diagram of the AuthenticationManager hierarchy utilizing ProviderManager:

According to this diagram, in an application, ProviderManager may have a group of other ProviderManager instances but the first one will behave as a parent. Every ProviderManager may have multiple AuthenticationManager. For example, if all web resources are under the same path, every group will have its own dedicated AuthenticationManager. However, there will be only one common parent, which will act as a global resource and will be shared by these dedicated AuthenticationManager instances. Now, let's see how to modify the authentication manager.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.188.178.181