tags:

views:

816

answers:

1
+1  Q: 

spring security AuthenticationManager vs AuthenticationProvider?

Can someone tell me different between an AuthenticationManager and an AuthenticationProvider in spring security?

How are they used and how are they called. It is my understanding that a SecurityFilter will call the AuthenticationManager to authentication an Authentication object? But then where does the AuthenticationProvider come into play?

Thanks!

+1  A: 

I think the AuthenticationManager delegates the fetching of persistent user information to one or more AuthenticationProviders. The authentication-providers (DaoAuthenticationProvider, JaasAuthenticationProvider, LdapAuthenticationProvider, OpenIDAuthenticationProvider for example) specialize in accessing specific user-info repositories. Something else is mentioned in this part of the reference manual. It says:

You may want to register additional AuthenticationProvider beans with the ProviderManager and you can do this using the element with the ref attribute, where the value of the attribute is the name of the provider bean you want to add.

In other words, you can specify multiple AuthenticationProviders, for example one that looks for users in an LDAP database and another that looks in an SQL database.

Hans Westerbeek  2010-02-24 21:30:32
So, you would very rarely need to implement a AuthenticationManager, but rather you would just implement AuthenticationProviders to fetch the user details from wherever you want to obtain them from?
jr  2010-02-25 22:18:20
Most of the AuthenticationProviders that you could need have already been written by the guys that write Spring Security, and are right there in the API documentation so you can configure them. If the one you need is not in the framework yet, it's probably trivial to implement the AuthenticationProvider interface for your purposes.
Hans Westerbeek  2010-02-25 23:37:21

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication