AuthenticationManager, Providermanager and Authenticationprovider

AuthenticationManager is an interface:

 Public Interface AuthenticationManager {    authentication Authenticate (authentication authentication)            throws  authenticationexception;}

Providermanager is the implementation class for AuthenticationManager:

 Public class Implements AuthenticationManager, Messagesourceaware,        Initializingbean {    ...     Private list<authenticationprovider> providers = collections.emptylist ();    ......       Public Authentication Authenticate (authentication authentication)             throws authenticationexception {        ...         }}

From the code above you can see that Providermanager has a list<authenticationprovider> providers member variable. Authenticationprovider is also an interface:

 Public Interface Authenticationprovider {    authenticate(authentication authentication)            throws authenticationexception;     Boolean supports (class<?> authentication);}

You can see that the two member functions authenticate and supports are included.

Next we look at the entire certification process:

Authentication is accomplished by AuthenticationManager's authenticate function. That is, through AuthenticationManager implementation of class Providermanager authenticate function authentication, The authenticate function of Providermanager will rotation the List<authenticationprovider> providers member variable of Providermanager. If there is a authenticationprovider supports function in the providers that returns True, then the Authenticate function authentication of the Authenticationprovider is called, If the certification is successful, the entire certification process is completed. If unsuccessful, continue with the next appropriate authenticationprovider for certification, as long as a successful certification is successful.

If the above procedure is not authenticated successfully and the member variable AuthenticationManager parent of the Providermanager is not NULL, then the parent is used to continue the authentication. Generally do not use the AuthenticationManager parent, a little attention to the following can be.

Another: Authentication

You can see that the Authenticate function returns Authentication,authentication is an interface through which you can get user-trusted information, code:

 Public Interface extends Principal, Serializable {    Collectionextends grantedauthority> getauthorities ();    Object getcredentials ();    Object getdetails ();    Object Getprincipal ();     Boolean isauthenticated ();     void setauthenticated (booleanthrows  illegalargumentexception;}

Another: Daoauthenticationprovider

<authentication-provider> One implementation of the default instantiation of Authenticationprovider: Daoauthenticationprovider. Daoauthenticationprovider obtains user information from memory or DB through the implementation class of the interface Userdetailsservice Userdetails (Userdetails is very similar to authentication, is also an interface, but unlike the authentication use, do not confuse). Daoauthenticationprovider the authenticate to determine whether the user can log in by comparing the authentication with the Userdetails by the function. If it does, the information in the obtained userdetails will be complete to a authentication implementation class, and the implementation class will be returned as an authentication entity. The current logged-on user's information can be obtained later through the authentication entity authentication of the current context.

Userdetails Code:

 Public Interface extends Serializable {    Collectionextends grantedauthority> getauthorities ();    String GetPassword ();    String GetUserName ();     Boolean isaccountnonexpired ();     Boolean isaccountnonlocked ();     Boolean iscredentialsnonexpired ();     Boolean isenabled ();}

Userdetails and Authentication differences:

Interface	Objective
Authentication	It stores identities, passwords, and authentication requests for security entities The context information. It also contains user-authenticated information (May contain an instance of a userdetails) 。 Usually will not be extended unless it is to support a particular type of The certification.
Userdetails	To store an overview of a security entity, including the name Words, e-mail, phone numbers, etc. are often extended to support Business needs.

AuthenticationManager, Providermanager and Authenticationprovider