Understanding authentication providers in Spring security
I am trying to understand authentication providers in Spring (3.1) and I have a question to what is really happening here. I know that I use the namespace that gives easier access to functionality and configuration in the security module.
When I have the following tags I get a provider manager which have a list of authentication providers. Now as I look at the AuthenticationProvider interface I wonder what kind of providers I get? Am I right that I get a DaoAuthenticationProvider? Do I get other providers and how is it able to find out which providers to register (if this is how it is done)?
<security:authentication-manager> <security:authentication-provider> <security:jdbc-user-service data-source-ref="dataSource" /> </security:authentication-provider> </security:authentication-manager>
That's right you are going to get a DaoAuthenticationProvider with the above config. The documentation for <authentication-provider> clearly states:
Unless used with a ref attribute, this element is shorthand for configuring a DaoAuthenticationProvider.
The <authentication-provider> tag is parsed by AuthenticationProviderBeanDefinitionParser which invariably registers a DaoAuthenticationProvider injected with the specified UserDetailsService and other collaborators (passwordEncoder, saltSource, etc.).