Spring Security

AuthenticationEntryPoint

public interface AuthenticationEntryPoint {
	void commence(
        HttpServletRequest request,
        HttpServletResponse response,
        AuthenticationException authException
    ) throws IOException, ServletException;
}

AuthenticationManager

• Processes an Authentication request.

public interface AuthenticationManager {
    Authentication authenticate(Authentication authentication) throws AuthenticationException;
}

Authentication

• Represents the token for an authentication request or for an authenticated principal once the request has been processed by the AuthenticationManager.authenticate(Authentication) method.

public interface Authentication extends Principal, Serializable {
    Collection<? extends GrantedAuthority> getAuthorities();
    Object getCredentials();
    Object getDetails();
    Object getPrincipal();
    boolean isAuthenticated();
    void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException;
}

• https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/core/Authentication.html

1. AuthenticationFilter

2. AuthenticationToken

3. AuthenticationManager

   1. Failure: AuthenticationFailureHandler

   2. Success: AuthenticationSuccessHandler

ExceptionTranslationFilter saves request when redirected to login page.

Ant Matcher

• ? matches one character

• * matched zero or more characters

• ** matched zero or more directories in a path

Role vs Authority

@EnableMethodSecurity

• jsr250Enabled

• prePostEnabled

• securedEnabled