/spring-security-demo

Primary LanguageJavaApache License 2.0Apache-2.0

spring-security-demo

This is spring boot application to demonstrate spring-security usages

Further reference documentations

Notes

  • spring-security generates default login page at using default filter : DefaultLoginPageGeneratingFilter.java through method : generateLoginPageHtml
  • Useful classes:
    • UsernamePasswordAuthenticationFilter : provides Authentication object from username and password
    • UsernamePasswordAuthenticationToken : implements Authentication
    • AuthenticationManager : interface
    • ProviderManager : implementation of AuthenticationManager provided by spring framework
      • ProviderManager has method authenticate which iterates through all the providers available in spring-security context and returns Authentication object
    • DaoAuthenticationProvider : it is default AuthenticationProvider to perform authentication.
    • InMemoryUserDetailsManager : default manager used by spring framework for in-memory user details

Spring Security Internal Flow

Spring Security internal flow

Notes Section 2:

  • By default, Spring Security Framework protects all the paths present inside the web application. This behaviour is due to : SpringBootWebSecurityConfiguration#defaultSecurityFilterChain(HttpSecurity http) method.