Spring Security#
AuthenticationEntryPoint
public interface AuthenticationEntryPoint {
void commence(
HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException
) throws IOException, ServletException;
}
AuthenticationManager
Processes an
Authentication
request.
public interface AuthenticationManager {
Authentication authenticate(Authentication authentication) throws AuthenticationException;
}
Authentication
Represents the token for an authentication request or for an authenticated principal once the request has been processed by the
AuthenticationManager.authenticate(Authentication)
method.
public interface Authentication extends Principal, Serializable {
Collection<? extends GrantedAuthority> getAuthorities();
Object getCredentials();
Object getDetails();
Object getPrincipal();
boolean isAuthenticated();
void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException;
}
https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/core/Authentication.html
AuthenticationFilter
AuthenticationToken
AuthenticationManager
Failure: AuthenticationFailureHandler
Success: AuthenticationSuccessHandler
ExceptionTranslationFilter
saves request when redirected to login page.
Ant Matcher
?
matches one character*
matched zero or more characters**
matched zero or more directories in a path
Role vs Authority
@EnableMethodSecurity
jsr250Enabled
prePostEnabled
securedEnabled