Skip to content

Spring 中文文档社区
Spring 中文文档社区

天不歪 / Spring 中文文档社区
与 Fork 源项目一致

Fork自 开发云 / Spring 中文文档社区

通知 1
Star 0
Fork 0
Spring 中文文档社区
Spring 中文文档社区

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
servlet-authentication-architecture.html 102.4 KB
Newer Older
茶陵後's avatar
#1 添加本地编译文件  
茶陵後 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 
<!DOCTYPE html>
<html lang="en-US">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>Servlet Authentication Architecture | Spring Docs</title>
    <meta name="generator" content="VuePress 1.9.7">
    <link rel="icon" type="image/png" sizes="16x16" href="/images/icons/favicon.ico">
    <link rel="icon" type="image/png" sizes="48x48" href="/images/icons/icon-48x48.png">
    <link rel="icon" type="image/png" sizes="72x72" href="/images/icons/icon-72x72.png">
    <link rel="manifest" href="/manifest.webmanifest">
    <link rel="apple-touch-icon" href="/images/icons/icon_48x48.png">
    <link rel="mask-icon" href="/images/icons/favicon.ico" color="#5dac38">
    <script>
    var _hmt = _hmt || [];
    (function () {
      var hm = document.createElement("script");
      hm.src = "https://hm.baidu.com/hm.js?8eefd6b163dcb3f5762af6b0825e2dd1";
      var s = document.getElementsByTagName("script")[0];
      s.parentNode.insertBefore(hm, s);
    })();
    </script>
    <meta name="description" content="This discussion expands on Servlet Security: The Big Picture to describe the main architectural components of Spring Security’s used in Servlet authentication.
If you need concrete flows that explain how these pieces fit together, look at the Authentication Mechanism specific sections.">
    <meta name="image" content="https://docs.spring.io/spring-security/reference/_images/servlet/authentication/architecture/securitycontextholder.png">
    <meta name="twitter:title" content="Servlet Authentication Architecture">
    <meta name="twitter:description" content="This discussion expands on Servlet Security: The Big Picture to describe the main architectural components of Spring Security’s used in Servlet authentication.
If you need concrete flows that explain how these pieces fit together, look at the Authentication Mechanism specific sections.">
    <meta name="twitter:card" content="summary_large_image">
    <meta name="twitter:image" content="https://docs.spring.io/spring-security/reference/_images/servlet/authentication/architecture/securitycontextholder.png">
    <meta name="twitter:url" content="https://spring.gitcode.net/en/spring-security/servlet-authentication-architecture.html">
    <meta property="og:type" content="article">
    <meta property="og:title" content="Servlet Authentication Architecture">
    <meta property="og:description" content="This discussion expands on Servlet Security: The Big Picture to describe the main architectural components of Spring Security’s used in Servlet authentication.
If you need concrete flows that explain how these pieces fit together, look at the Authentication Mechanism specific sections.">
    <meta property="og:image" content="https://docs.spring.io/spring-security/reference/_images/servlet/authentication/architecture/securitycontextholder.png">
    <meta property="og:url" content="https://spring.gitcode.net/en/spring-security/servlet-authentication-architecture.html">
    <meta property="og:site_name" content="Spring 中文文档社区">
    <meta itemprop="name" content="Servlet Authentication Architecture">
    <meta itemprop="description" content="This discussion expands on Servlet Security: The Big Picture to describe the main architectural components of Spring Security’s used in Servlet authentication.
If you need concrete flows that explain how these pieces fit together, look at the Authentication Mechanism specific sections.">
    <meta itemprop="image" content="https://docs.spring.io/spring-security/reference/_images/servlet/authentication/architecture/securitycontextholder.png">
    <meta name="application-name" content="Spring 中文文档社区">
    <meta name="apple-mobile-web-app-title" content="Spring 中文社区">
    <meta name="apple-mobile-web-app-status-bar-style" content="black">
    <meta name="msapplication-TileColor" content="#5dac38">
    <meta name="theme-color" content="#5dac38">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="baidu-site-verification" content="code-tApgxyb9G8">
    
    <link rel="preload" href="/assets/css/0.styles.af3770e9.css" as="style"><link rel="preload" href="/assets/js/app.cf11b18e.js" as="script"><link rel="preload" href="/assets/js/3.50918073.js" as="script"><link rel="preload" href="/assets/js/4.cd4c3ff4.js" as="script"><link rel="preload" href="/assets/js/229.560ccb5c.js" as="script"><link rel="prefetch" href="/assets/js/10.675f4d7e.js"><link rel="prefetch" href="/assets/js/100.89ddf0f9.js"><link rel="prefetch" href="/assets/js/101.a2584c55.js"><link rel="prefetch" href="/assets/js/102.53225958.js"><link rel="prefetch" href="/assets/js/103.be06048d.js"><link rel="prefetch" href="/assets/js/104.a2328e06.js"><link rel="prefetch" href="/assets/js/105.78529341.js"><link rel="prefetch" href="/assets/js/106.fc779386.js"><link rel="prefetch" href="/assets/js/107.375c8dec.js"><link rel="prefetch" href="/assets/js/108.cf4ca7e2.js"><link rel="prefetch" href="/assets/js/109.f4d3964d.js"><link rel="prefetch" href="/assets/js/11.b58e279a.js"><link rel="prefetch" href="/assets/js/110.4ae56c4d.js"><link rel="prefetch" href="/assets/js/111.baf7121d.js"><link rel="prefetch" href="/assets/js/112.a963ade8.js"><link rel="prefetch" href="/assets/js/113.edbb458c.js"><link rel="prefetch" href="/assets/js/114.7e2b354f.js"><link rel="prefetch" href="/assets/js/115.4e41285c.js"><link rel="prefetch" href="/assets/js/116.1ee84ed6.js"><link rel="prefetch" href="/assets/js/117.4952cce2.js"><link rel="prefetch" href="/assets/js/118.306eabfa.js"><link rel="prefetch" href="/assets/js/119.5a4712e9.js"><link rel="prefetch" href="/assets/js/12.c41ab7bc.js"><link rel="prefetch" href="/assets/js/120.496c9660.js"><link rel="prefetch" href="/assets/js/121.e4a22135.js"><link rel="prefetch" href="/assets/js/122.02f82a94.js"><link rel="prefetch" href="/assets/js/123.53c5a24e.js"><link rel="prefetch" href="/assets/js/124.11d8be3e.js"><link rel="prefetch" href="/assets/js/125.c0740874.js"><link rel="prefetch" href="/assets/js/126.9cb2911c.js"><link rel="prefetch" href="/assets/js/127.6f87a638.js"><link rel="prefetch" href="/assets/js/128.456206df.js"><link rel="prefetch" href="/assets/js/129.ce51dc7d.js"><link rel="prefetch" href="/assets/js/13.1147a447.js"><link rel="prefetch" href="/assets/js/130.66718f4c.js"><link rel="prefetch" href="/assets/js/131.713226b7.js"><link rel="prefetch" href="/assets/js/132.6e2b68e3.js"><link rel="prefetch" href="/assets/js/133.11148e38.js"><link rel="prefetch" href="/assets/js/134.8de25763.js"><link rel="prefetch" href="/assets/js/135.961f6693.js"><link rel="prefetch" href="/assets/js/136.8abc4532.js"><link rel="prefetch" href="/assets/js/137.331bfb6b.js"><link rel="prefetch" href="/assets/js/138.f76ee7b9.js"><link rel="prefetch" href="/assets/js/139.578aa70e.js"><link rel="prefetch" href="/assets/js/14.1c437f54.js"><link rel="prefetch" href="/assets/js/140.9f1f28a0.js"><link rel="prefetch" href="/assets/js/141.b08ac1ec.js"><link rel="prefetch" href="/assets/js/142.e5c934cf.js"><link rel="prefetch" href="/assets/js/143.2a9d47c6.js"><link rel="prefetch" href="/assets/js/144.76090f65.js"><link rel="prefetch" href="/assets/js/145.41a54d41.js"><link rel="prefetch" href="/assets/js/146.979b34c1.js"><link rel="prefetch" href="/assets/js/147.46e366af.js"><link rel="prefetch" href="/assets/js/148.efcd2b17.js"><link rel="prefetch" href="/assets/js/149.04135c0b.js"><link rel="prefetch" href="/assets/js/15.cbd21f6a.js"><link rel="prefetch" href="/assets/js/150.679d76bf.js"><link rel="prefetch" href="/assets/js/151.2b0748da.js"><link rel="prefetch" href="/assets/js/152.cee5bbcd.js"><link rel="prefetch" href="/assets/js/153.680b4156.js"><link rel="prefetch" href="/assets/js/154.0c6972fe.js"><link rel="prefetch" href="/assets/js/155.35a3e5ab.js"><link rel="prefetch" href="/assets/js/156.6782d874.js"><link rel="prefetch" href="/assets/js/157.b9fe2583.js"><link rel="prefetch" href="/assets/js/158.96656194.js"><link rel="prefetch" href="/assets/js/159.2a0f7744.js"><link rel="prefetch" href="/assets/js/16.0cc4679e.js"><link rel="prefetch" href="/assets/js/160.c26bf909.js"><link rel="prefetch" href="/assets/js/161.45a3950a.js"><link rel="prefetch" href="/assets/js/162.4a08c069.js"><link rel="prefetch" href="/assets/js/163.a540d00c.js"><link rel="prefetch" href="/assets/js/164.117eb7b8.js"><link rel="prefetch" href="/assets/js/165.4fabe2ea.js"><link rel="prefetch" href="/assets/js/166.27d3bfe9.js"><link rel="prefetch" href="/assets/js/167.c8a74627.js"><link rel="prefetch" href="/assets/js/168.e16111b9.js"><link rel="prefetch" href="/assets/js/169.458ea1d8.js"><link rel="prefetch" href="/assets/js/17.d3f5977b.js"><link rel="prefetch" href="/assets/js/170.4b38adcf.js"><link rel="prefetch" href="/assets/js/171.98cb45b7.js"><link rel="prefetch" href="/assets/js/172.9ca2eb1a.js"><link rel="prefetch" href="/assets/js/173.14074c7f.js"><link rel="prefetch" href="/assets/js/174.8e1f9887.js"><link rel="prefetch" href="/assets/js/175.5989a4ca.js"><link rel="prefetch" href="/assets/js/176.89b35f24.js"><link rel="prefetch" href="/assets/js/177.8ca04666.js"><link rel="prefetch" href="/assets/js/178.f1f78ad5.js"><link rel="prefetch" href="/assets/js/179.a1faadfe.js"><link rel="prefetch" href="/assets/js/18.1a2bbade.js"><link rel="prefetch" href="/assets/js/180.33be0a0d.js"><link rel="prefetch" href="/assets/js/181.074198fc.js"><link rel="prefetch" href="/assets/js/182.2ea92f58.js"><link rel="prefetch" href="/assets/js/183.316f0529.js"><link rel="prefetch" href="/assets/js/184.f6dd5f36.js"><link rel="prefetch" href="/assets/js/185.134f1457.js"><link rel="prefetch" href="/assets/js/186.2aa74077.js"><link rel="prefetch" href="/assets/js/187.3a956aba.js"><link rel="prefetch" href="/assets/js/188.01a6573f.js"><link rel="prefetch" href="/assets/js/189.a8d65b4d.js"><link rel="prefetch" href="/assets/js/19.e062ea88.js"><link rel="prefetch" href="/assets/js/190.c753d8e3.js"><link rel="prefetch" href="/assets/js/191.280fe1e2.js"><link rel="prefetch" href="/assets/js/192.bbc94e32.js"><link rel="prefetch" href="/assets/js/193.41421d14.js"><link rel="prefetch" href="/assets/js/194.15f508e4.js"><link rel="prefetch" href="/assets/js/195.a17f3877.js"><link rel="prefetch" href="/assets/js/196.d17bfcdf.js"><link rel="prefetch" href="/assets/js/197.65791a5a.js"><link rel="prefetch" href="/assets/js/198.0441041e.js"><link rel="prefetch" href="/assets/js/199.538f2285.js"><link rel="prefetch" href="/assets/js/20.6c49f026.js"><link rel="prefetch" href="/assets/js/200.4ff8dbc4.js"><link rel="prefetch" href="/assets/js/201.088ccf86.js"><link rel="prefetch" href="/assets/js/202.8bdad311.js"><link rel="prefetch" href="/assets/js/203.45d3ecc5.js"><link rel="prefetch" href="/assets/js/204.c403aa39.js"><link rel="prefetch" href="/assets/js/205.e992b689.js"><link rel="prefetch" href="/assets/js/206.eed8bd42.js"><link rel="prefetch" href="/assets/js/207.3db1fc87.js"><link rel="prefetch" href="/assets/js/208.27399a7b.js"><link rel="prefetch" href="/assets/js/209.829f007c.js"><link rel="prefetch" href="/assets/js/21.0ed0e55b.js"><link rel="prefetch" href="/assets/js/210.35079683.js"><link rel="prefetch" href="/assets/js/211.94056191.js"><link rel="prefetch" href="/assets/js/212.431059ab.js"><link rel="prefetch" href="/assets/js/213.4d25e21f.js"><link rel="prefetch" href="/assets/js/214.e62f8fc5.js"><link rel="prefetch" href="/assets/js/215.433d7113.js"><link rel="prefetch" href="/assets/js/216.6de56c4d.js"><link rel="prefetch" href="/assets/js/217.ad3e1cd0.js"><link rel="prefetch" href="/assets/js/218.c225521d.js"><link rel="prefetch" href="/assets/js/219.f4241738.js"><link rel="prefetch" href="/assets/js/22.3563c6e0.js"><link rel="prefetch" href="/assets/js/220.ac9c6899.js"><link rel="prefetch" href="/assets/js/221.ff4ee0d2.js"><link rel="prefetch" href="/assets/js/222.20629300.js"><link rel="prefetch" href="/assets/js/223.a5fa0166.js"><link rel="prefetch" href="/assets/js/224.65290c4f.js"><link rel="prefetch" href="/assets/js/225.e698f717.js"><link rel="prefetch" href="/assets/js/226.4b28f10d.js"><link rel="prefetch" href="/assets/js/227.f44065ae.js"><link rel="prefetch" href="/assets/js/228.0b254d68.js"><link rel="prefetch" href="/assets/js/23.2bc6a9e3.js"><link rel="prefetch" href="/assets/js/230.2e09449c.js"><link rel="prefetch" href="/assets/js/231.b09e3f00.js"><link rel="prefetch" href="/assets/js/232.eaa54385.js"><link rel="prefetch" href="/assets/js/233.36843a48.js"><link rel="prefetch" href="/assets/js/234.1e3e41c7.js"><link rel="prefetch" href="/assets/js/235.2dff4846.js"><link rel="prefetch" href="/assets/js/236.bb6fd980.js"><link rel="prefetch" href="/assets/js/237.e97364da.js"><link rel="prefetch" href="/assets/js/238.d8ce22f3.js"><link rel="prefetch" href="/assets/js/239.be791e5e.js"><link rel="prefetch" href="/assets/js/24.4b60795e.js"><link rel="prefetch" href="/assets/js/240.3927116f.js"><link rel="prefetch" href="/assets/js/241.6539a7f9.js"><link rel="prefetch" href="/assets/js/242.1241e424.js"><link rel="prefetch" href="/assets/js/243.a07d3be3.js"><link rel="prefetch" href="/assets/js/244.f98f98a1.js"><link rel="prefetch" href="/assets/js/245.ecb7c922.js"><link rel="prefetch" href="/assets/js/246.95ed23ce.js"><link rel="prefetch" href="/assets/js/247.fb5d42c6.js"><link rel="prefetch" href="/assets/js/248.f7b4f364.js"><link rel="prefetch" href="/assets/js/249.ac22d922.js"><link rel="prefetch" href="/assets/js/25.ef18cc01.js"><link rel="prefetch" href="/assets/js/250.01fbf76b.js"><link rel="prefetch" href="/assets/js/251.08f19bbd.js"><link rel="prefetch" href="/assets/js/252.9f11061d.js"><link rel="prefetch" href="/assets/js/253.cd7f85b9.js"><link rel="prefetch" href="/assets/js/254.2493e550.js"><link rel="prefetch" href="/assets/js/255.ac6d41ee.js"><link rel="prefetch" href="/assets/js/256.068eb5a6.js"><link rel="prefetch" href="/assets/js/257.b108c715.js"><link rel="prefetch" href="/assets/js/258.d614b5d4.js"><link rel="prefetch" href="/assets/js/259.87ba5ef3.js"><link rel="prefetch" href="/assets/js/26.5baa4d2c.js"><link rel="prefetch" href="/assets/js/260.c771e39d.js"><link rel="prefetch" href="/assets/js/261.0dbaf460.js"><link rel="prefetch" href="/assets/js/262.35e64a26.js"><link rel="prefetch" href="/assets/js/263.c16fca32.js"><link rel="prefetch" href="/assets/js/264.ea414912.js"><link rel="prefetch" href="/assets/js/265.f2e0d5bb.js"><link rel="prefetch" href="/assets/js/266.629a2d15.js"><link rel="prefetch" href="/assets/js/267.c7332e80.js"><link rel="prefetch" href="/assets/js/268.8be99f76.js"><link rel="prefetch" href="/assets/js/269.452ff2d4.js"><link rel="prefetch" href="/assets/js/27.2a2950d8.js"><link rel="prefetch" href="/assets/js/270.a5c429cb.js"><link rel="prefetch" href="/assets/js/271.1ad3cd83.js"><link rel="prefetch" href="/assets/js/272.354cef59.js"><link rel="prefetch" href="/assets/js/273.681156b7.js"><link rel="prefetch" href="/assets/js/274.6c51e7ae.js"><link rel="prefetch" href="/assets/js/275.24ef01b4.js"><link rel="prefetch" href="/assets/js/276.afeb2acd.js"><link rel="prefetch" href="/assets/js/277.6472c22d.js"><link rel="prefetch" href="/assets/js/278.416d9788.js"><link rel="prefetch" href="/assets/js/279.c190fbc9.js"><link rel="prefetch" href="/assets/js/28.6320d8c1.js"><link rel="prefetch" href="/assets/js/280.28b1b955.js"><link rel="prefetch" href="/assets/js/281.77afd7c5.js"><link rel="prefetch" href="/assets/js/282.eee0e9c0.js"><link rel="prefetch" href="/assets/js/283.e59fb0e5.js"><link rel="prefetch" href="/assets/js/284.9c6ff275.js"><link rel="prefetch" href="/assets/js/285.3e2d030a.js"><link rel="prefetch" href="/assets/js/286.d7562f9b.js"><link rel="prefetch" href="/assets/js/287.9e228e80.js"><link rel="prefetch" href="/assets/js/288.f9448d7d.js"><link rel="prefetch" href="/assets/js/289.30726f95.js"><link rel="prefetch" href="/assets/js/29.a420635f.js"><link rel="prefetch" href="/assets/js/290.f79765e2.js"><link rel="prefetch" href="/assets/js/291.0943618c.js"><link rel="prefetch" href="/assets/js/292.bd04f6db.js"><link rel="prefetch" href="/assets/js/293.776f4c0d.js"><link rel="prefetch" href="/assets/js/294.54e52863.js"><link rel="prefetch" href="/assets/js/295.bd033d69.js"><link rel="prefetch" href="/assets/js/296.1090c539.js"><link rel="prefetch" href="/assets/js/297.ec37f6e8.js"><link rel="prefetch" href="/assets/js/298.fa434214.js"><link rel="prefetch" href="/assets/js/299.50bd7c87.js"><link rel="prefetch" href="/assets/js/30.6c81ca7b.js"><link rel="prefetch" href="/assets/js/300.7a2c6632.js"><link rel="prefetch" href="/assets/js/301.4ae4e645.js"><link rel="prefetch" href="/assets/js/302.e1ef7459.js"><link rel="prefetch" href="/assets/js/303.3894068b.js"><link rel="prefetch" href="/assets/js/304.840b09e3.js"><link rel="prefetch" href="/assets/js/305.40ec0bf6.js"><link rel="prefetch" href="/assets/js/306.9fa4d8aa.js"><link rel="prefetch" href="/assets/js/307.33656e76.js"><link rel="prefetch" href="/assets/js/308.19398f71.js"><link rel="prefetch" href="/assets/js/309.bde6f12f.js"><link rel="prefetch" href="/assets/js/31.2b4f2752.js"><link rel="prefetch" href="/assets/js/310.69ced632.js"><link rel="prefetch" href="/assets/js/311.c8e57d0e.js"><link rel="prefetch" href="/assets/js/312.80c4d6a7.js"><link rel="prefetch" href="/assets/js/313.14060a06.js"><link rel="prefetch" href="/assets/js/314.29165d83.js"><link rel="prefetch" href="/assets/js/315.901aabf1.js"><link rel="prefetch" href="/assets/js/316.7f0d18e3.js"><link rel="prefetch" href="/assets/js/317.112de6ec.js"><link rel="prefetch" href="/assets/js/318.091ea533.js"><link rel="prefetch" href="/assets/js/319.25ca175e.js"><link rel="prefetch" href="/assets/js/32.ab03e16f.js"><link rel="prefetch" href="/assets/js/320.b89e85c9.js"><link rel="prefetch" href="/assets/js/321.69316136.js"><link rel="prefetch" href="/assets/js/322.567512f0.js"><link rel="prefetch" href="/assets/js/323.2d67bb75.js"><link rel="prefetch" href="/assets/js/324.c41411db.js"><link rel="prefetch" href="/assets/js/325.a412ca77.js"><link rel="prefetch" href="/assets/js/326.22408ce6.js"><link rel="prefetch" href="/assets/js/327.33524443.js"><link rel="prefetch" href="/assets/js/328.561ebeb1.js"><link rel="prefetch" href="/assets/js/329.d7a280e4.js"><link rel="prefetch" href="/assets/js/33.199f45ed.js"><link rel="prefetch" href="/assets/js/330.d01a7e1b.js"><link rel="prefetch" href="/assets/js/331.a3ad2556.js"><link rel="prefetch" href="/assets/js/332.36ad912a.js"><link rel="prefetch" href="/assets/js/333.2fb229c4.js"><link rel="prefetch" href="/assets/js/334.d170f507.js"><link rel="prefetch" href="/assets/js/335.90ca0539.js"><link rel="prefetch" href="/assets/js/336.454d4374.js"><link rel="prefetch" href="/assets/js/337.dba45eb4.js"><link rel="prefetch" href="/assets/js/338.c8e4ba66.js"><link rel="prefetch" href="/assets/js/339.ae85118e.js"><link rel="prefetch" href="/assets/js/34.d0c7a02e.js"><link rel="prefetch" href="/assets/js/340.7033b85b.js"><link rel="prefetch" href="/assets/js/341.13cfe1aa.js"><link rel="prefetch" href="/assets/js/342.b33302b5.js"><link rel="prefetch" href="/assets/js/343.946f30dc.js"><link rel="prefetch" href="/assets/js/344.b2add405.js"><link rel="prefetch" href="/assets/js/345.12433fa3.js"><link rel="prefetch" href="/assets/js/346.b1bdfeba.js"><link rel="prefetch" href="/assets/js/347.53530bff.js"><link rel="prefetch" href="/assets/js/348.48aa580e.js"><link rel="prefetch" href="/assets/js/349.53c4baca.js"><link rel="prefetch" href="/assets/js/35.5512348f.js"><link rel="prefetch" href="/assets/js/350.e4b2d6e6.js"><link rel="prefetch" href="/assets/js/351.d41b01c1.js"><link rel="prefetch" href="/assets/js/352.1c4d1250.js"><link rel="prefetch" href="/assets/js/353.7fd27c0f.js"><link rel="prefetch" href="/assets/js/354.47199c90.js"><link rel="prefetch" href="/assets/js/355.68bccab4.js"><link rel="prefetch" href="/assets/js/356.e3602eb5.js"><link rel="prefetch" href="/assets/js/357.cd5ce764.js"><link rel="prefetch" href="/assets/js/358.bee621d4.js"><link rel="prefetch" href="/assets/js/359.648aa4f0.js"><link rel="prefetch" href="/assets/js/36.bdebdf29.js"><link rel="prefetch" href="/assets/js/360.439f5fae.js"><link rel="prefetch" href="/assets/js/361.39f782b4.js"><link rel="prefetch" href="/assets/js/362.106acf4c.js"><link rel="prefetch" href="/assets/js/363.562a4e1e.js"><link rel="prefetch" href="/assets/js/364.5940b069.js"><link rel="prefetch" href="/assets/js/365.e429c365.js"><link rel="prefetch" href="/assets/js/366.cc650df8.js"><link rel="prefetch" href="/assets/js/367.347592c9.js"><link rel="prefetch" href="/assets/js/368.d68ce88d.js"><link rel="prefetch" href="/assets/js/369.034e7f1e.js"><link rel="prefetch" href="/assets/js/37.9d026956.js"><link rel="prefetch" href="/assets/js/370.ac6fc7a5.js"><link rel="prefetch" href="/assets/js/371.e70219a6.js"><link rel="prefetch" href="/assets/js/372.c449fc49.js"><link rel="prefetch" href="/assets/js/373.f07bea72.js"><link rel="prefetch" href="/assets/js/374.8152408f.js"><link rel="prefetch" href="/assets/js/375.63c70dab.js"><link rel="prefetch" href="/assets/js/376.06de19db.js"><link rel="prefetch" href="/assets/js/377.2319ddb1.js"><link rel="prefetch" href="/assets/js/378.4821e23c.js"><link rel="prefetch" href="/assets/js/379.54a13769.js"><link rel="prefetch" href="/assets/js/38.23e83578.js"><link rel="prefetch" href="/assets/js/380.dac4cd46.js"><link rel="prefetch" href="/assets/js/381.8f83d1d7.js"><link rel="prefetch" href="/assets/js/382.e76e7d88.js"><link rel="prefetch" href="/assets/js/383.df731ee4.js"><link rel="prefetch" href="/assets/js/384.5093369e.js"><link rel="prefetch" href="/assets/js/385.ee576341.js"><link rel="prefetch" href="/assets/js/386.087a29a9.js"><link rel="prefetch" href="/assets/js/387.9f44d03b.js"><link rel="prefetch" href="/assets/js/388.a3f70992.js"><link rel="prefetch" href="/assets/js/389.df6e2ced.js"><link rel="prefetch" href="/assets/js/39.e9699d7f.js"><link rel="prefetch" href="/assets/js/390.c377efca.js"><link rel="prefetch" href="/assets/js/391.d7747385.js"><link rel="prefetch" href="/assets/js/392.bf8e8c1a.js"><link rel="prefetch" href="/assets/js/393.b4ed3be0.js"><link rel="prefetch" href="/assets/js/394.48eb505a.js"><link rel="prefetch" href="/assets/js/395.d9cd4812.js"><link rel="prefetch" href="/assets/js/396.b386a6b5.js"><link rel="prefetch" href="/assets/js/397.d19960fa.js"><link rel="prefetch" href="/assets/js/398.15f66e2a.js"><link rel="prefetch" href="/assets/js/399.cc4af83b.js"><link rel="prefetch" href="/assets/js/40.3a541653.js"><link rel="prefetch" href="/assets/js/400.d99e4b93.js"><link rel="prefetch" href="/assets/js/401.13fa06dd.js"><link rel="prefetch" href="/assets/js/402.3629b866.js"><link rel="prefetch" href="/assets/js/403.5826b040.js"><link rel="prefetch" href="/assets/js/404.d4b35549.js"><link rel="prefetch" href="/assets/js/405.9142a002.js"><link rel="prefetch" href="/assets/js/406.ba50e04d.js"><link rel="prefetch" href="/assets/js/407.b5271c6f.js"><link rel="prefetch" href="/assets/js/408.18baa241.js"><link rel="prefetch" href="/assets/js/409.6151d46b.js"><link rel="prefetch" href="/assets/js/41.b10ef41f.js"><link rel="prefetch" href="/assets/js/410.bb1fd058.js"><link rel="prefetch" href="/assets/js/411.9273fd47.js"><link rel="prefetch" href="/assets/js/412.d6b790c1.js"><link rel="prefetch" href="/assets/js/413.4c5a30bb.js"><link rel="prefetch" href="/assets/js/414.01aa0e0a.js"><link rel="prefetch" href="/assets/js/415.2633ad61.js"><link rel="prefetch" href="/assets/js/416.7a2263a9.js"><link rel="prefetch" href="/assets/js/417.98368241.js"><link rel="prefetch" href="/assets/js/418.ffeb9c9c.js"><link rel="prefetch" href="/assets/js/419.633f9efe.js"><link rel="prefetch" href="/assets/js/42.aa8b7c99.js"><link rel="prefetch" href="/assets/js/420.69868f4a.js"><link rel="prefetch" href="/assets/js/421.937d87cc.js"><link rel="prefetch" href="/assets/js/422.375fe09b.js"><link rel="prefetch" href="/assets/js/423.8d335fd6.js"><link rel="prefetch" href="/assets/js/424.d5b181d7.js"><link rel="prefetch" href="/assets/js/425.e06749ea.js"><link rel="prefetch" href="/assets/js/426.d7a23361.js"><link rel="prefetch" href="/assets/js/427.c26079c3.js"><link rel="prefetch" href="/assets/js/428.788e60b3.js"><link rel="prefetch" href="/assets/js/429.212c3091.js"><link rel="prefetch" href="/assets/js/43.bbf1f09a.js"><link rel="prefetch" href="/assets/js/430.e156b1fa.js"><link rel="prefetch" href="/assets/js/431.b41e44c6.js"><link rel="prefetch" href="/assets/js/432.7534e280.js"><link rel="prefetch" href="/assets/js/433.3d203e2b.js"><link rel="prefetch" href="/assets/js/434.41bb5350.js"><link rel="prefetch" href="/assets/js/435.a5c93fd3.js"><link rel="prefetch" href="/assets/js/436.60910866.js"><link rel="prefetch" href="/assets/js/437.7ae74f40.js"><link rel="prefetch" href="/assets/js/438.dc802af3.js"><link rel="prefetch" href="/assets/js/439.0de7c2a4.js"><link rel="prefetch" href="/assets/js/44.c0079627.js"><link rel="prefetch" href="/assets/js/440.43bc725f.js"><link rel="prefetch" href="/assets/js/441.1402dd2a.js"><link rel="prefetch" href="/assets/js/442.6106e1be.js"><link rel="prefetch" href="/assets/js/443.40909ac7.js"><link rel="prefetch" href="/assets/js/444.e506898d.js"><link rel="prefetch" href="/assets/js/445.8636f7a3.js"><link rel="prefetch" href="/assets/js/446.de915ed4.js"><link rel="prefetch" href="/assets/js/447.c7ac8e6e.js"><link rel="prefetch" href="/assets/js/448.9797a750.js"><link rel="prefetch" href="/assets/js/449.5d1f4748.js"><link rel="prefetch" href="/assets/js/45.2a09d581.js"><link rel="prefetch" href="/assets/js/450.42babefe.js"><link rel="prefetch" href="/assets/js/451.ee1b8ff8.js"><link rel="prefetch" href="/assets/js/452.7536e7c2.js"><link rel="prefetch" href="/assets/js/453.39a21d52.js"><link rel="prefetch" href="/assets/js/454.6511d1e1.js"><link rel="prefetch" href="/assets/js/455.2abb8ea0.js"><link rel="prefetch" href="/assets/js/456.5724d799.js"><link rel="prefetch" href="/assets/js/457.c32c0755.js"><link rel="prefetch" href="/assets/js/458.f67c539b.js"><link rel="prefetch" href="/assets/js/459.1634e8da.js"><link rel="prefetch" href="/assets/js/46.58b302e4.js"><link rel="prefetch" href="/assets/js/460.a22ac002.js"><link rel="prefetch" href="/assets/js/461.2c152148.js"><link rel="prefetch" href="/assets/js/462.14b038cf.js"><link rel="prefetch" href="/assets/js/463.dd0a3a00.js"><link rel="prefetch" href="/assets/js/464.f22ba288.js"><link rel="prefetch" href="/assets/js/465.9c187041.js"><link rel="prefetch" href="/assets/js/466.9957dd67.js"><link rel="prefetch" href="/assets/js/467.047041e8.js"><link rel="prefetch" href="/assets/js/468.425b6f20.js"><link rel="prefetch" href="/assets/js/469.2f70ecf7.js"><link rel="prefetch" href="/assets/js/47.987d79be.js"><link rel="prefetch" href="/assets/js/470.602b7d98.js"><link rel="prefetch" href="/assets/js/471.ddabe1b6.js"><link rel="prefetch" href="/assets/js/472.3a1ad521.js"><link rel="prefetch" href="/assets/js/473.2be352ab.js"><link rel="prefetch" href="/assets/js/474.e9c805de.js"><link rel="prefetch" href="/assets/js/475.93cab6cb.js"><link rel="prefetch" href="/assets/js/476.89384fa4.js"><link rel="prefetch" href="/assets/js/477.2b282ee8.js"><link rel="prefetch" href="/assets/js/478.27790491.js"><link rel="prefetch" href="/assets/js/479.2b728ba6.js"><link rel="prefetch" href="/assets/js/48.0e76d761.js"><link rel="prefetch" href="/assets/js/480.bd0beea9.js"><link rel="prefetch" href="/assets/js/481.004a0005.js"><link rel="prefetch" href="/assets/js/482.d9c6dc45.js"><link rel="prefetch" href="/assets/js/483.e7842361.js"><link rel="prefetch" href="/assets/js/484.702ac9a3.js"><link rel="prefetch" href="/assets/js/485.d38ba4c2.js"><link rel="prefetch" href="/assets/js/486.8a0cd211.js"><link rel="prefetch" href="/assets/js/487.18e243bb.js"><link rel="prefetch" href="/assets/js/488.cb0ad1bf.js"><link rel="prefetch" href="/assets/js/489.7c7adc5c.js"><link rel="prefetch" href="/assets/js/49.83e0619b.js"><link rel="prefetch" href="/assets/js/490.3f86a6a4.js"><link rel="prefetch" href="/assets/js/491.c1c90b4f.js"><link rel="prefetch" href="/assets/js/492.5658313d.js"><link rel="prefetch" href="/assets/js/493.9b953b18.js"><link rel="prefetch" href="/assets/js/494.80e3d4f4.js"><link rel="prefetch" href="/assets/js/495.66650a67.js"><link rel="prefetch" href="/assets/js/496.4e0d753b.js"><link rel="prefetch" href="/assets/js/497.1837b7c2.js"><link rel="prefetch" href="/assets/js/498.e2dcd450.js"><link rel="prefetch" href="/assets/js/499.4d5022f2.js"><link rel="prefetch" href="/assets/js/5.f343fd5d.js"><link rel="prefetch" href="/assets/js/50.6716fe91.js"><link rel="prefetch" href="/assets/js/500.10c0ee69.js"><link rel="prefetch" href="/assets/js/501.be3f9599.js"><link rel="prefetch" href="/assets/js/502.27844894.js"><link rel="prefetch" href="/assets/js/503.15f84a9b.js"><link rel="prefetch" href="/assets/js/504.60780a8e.js"><link rel="prefetch" href="/assets/js/505.6f9bed41.js"><link rel="prefetch" href="/assets/js/506.3e19b413.js"><link rel="prefetch" href="/assets/js/507.a12a02cb.js"><link rel="prefetch" href="/assets/js/508.b1384524.js"><link rel="prefetch" href="/assets/js/509.c74ef6c0.js"><link rel="prefetch" href="/assets/js/51.bc8d5aaf.js"><link rel="prefetch" href="/assets/js/510.266a6048.js"><link rel="prefetch" href="/assets/js/511.be98a2ef.js"><link rel="prefetch" href="/assets/js/512.e033e89e.js"><link rel="prefetch" href="/assets/js/513.837b9052.js"><link rel="prefetch" href="/assets/js/514.38271d19.js"><link rel="prefetch" href="/assets/js/515.c08327b5.js"><link rel="prefetch" href="/assets/js/516.3d573fdf.js"><link rel="prefetch" href="/assets/js/517.5406a8bd.js"><link rel="prefetch" href="/assets/js/518.543bea6f.js"><link rel="prefetch" href="/assets/js/519.e4967ce6.js"><link rel="prefetch" href="/assets/js/52.20603f07.js"><link rel="prefetch" href="/assets/js/520.0a863135.js"><link rel="prefetch" href="/assets/js/521.80c26149.js"><link rel="prefetch" href="/assets/js/522.5d0549ee.js"><link rel="prefetch" href="/assets/js/523.4b5d705c.js"><link rel="prefetch" href="/assets/js/524.24354cd8.js"><link rel="prefetch" href="/assets/js/525.d201b688.js"><link rel="prefetch" href="/assets/js/526.f405c35a.js"><link rel="prefetch" href="/assets/js/527.921d252f.js"><link rel="prefetch" href="/assets/js/528.cb45a5dd.js"><link rel="prefetch" href="/assets/js/529.aeec69e2.js"><link rel="prefetch" href="/assets/js/53.9604c447.js"><link rel="prefetch" href="/assets/js/530.7d5514c0.js"><link rel="prefetch" href="/assets/js/531.de381ab2.js"><link rel="prefetch" href="/assets/js/532.31b6e993.js"><link rel="prefetch" href="/assets/js/533.23335bff.js"><link rel="prefetch" href="/assets/js/534.131d260d.js"><link rel="prefetch" href="/assets/js/535.3057e7f2.js"><link rel="prefetch" href="/assets/js/536.1df4cc6e.js"><link rel="prefetch" href="/assets/js/537.c23a3391.js"><link rel="prefetch" href="/assets/js/538.ac3546d3.js"><link rel="prefetch" href="/assets/js/539.36137525.js"><link rel="prefetch" href="/assets/js/54.841e8e8f.js"><link rel="prefetch" href="/assets/js/540.f9171241.js"><link rel="prefetch" href="/assets/js/541.00a9732f.js"><link rel="prefetch" href="/assets/js/542.d981dcf7.js"><link rel="prefetch" href="/assets/js/543.0016cdef.js"><link rel="prefetch" href="/assets/js/544.b24fa17d.js"><link rel="prefetch" href="/assets/js/545.8adcd15c.js"><link rel="prefetch" href="/assets/js/546.189f10ef.js"><link rel="prefetch" href="/assets/js/547.d47175ac.js"><link rel="prefetch" href="/assets/js/548.67ed7a21.js"><link rel="prefetch" href="/assets/js/549.a72c957e.js"><link rel="prefetch" href="/assets/js/55.eccc64f8.js"><link rel="prefetch" href="/assets/js/550.c127415f.js"><link rel="prefetch" href="/assets/js/551.288648b2.js"><link rel="prefetch" href="/assets/js/552.5191109c.js"><link rel="prefetch" href="/assets/js/553.a0417c79.js"><link rel="prefetch" href="/assets/js/554.05224c83.js"><link rel="prefetch" href="/assets/js/555.d95f24bd.js"><link rel="prefetch" href="/assets/js/556.42a17364.js"><link rel="prefetch" href="/assets/js/557.a066d457.js"><link rel="prefetch" href="/assets/js/558.1f4641c3.js"><link rel="prefetch" href="/assets/js/559.f85fd85a.js"><link rel="prefetch" href="/assets/js/56.9ede6cf7.js"><link rel="prefetch" href="/assets/js/560.c486ead6.js"><link rel="prefetch" href="/assets/js/561.5654ef71.js"><link rel="prefetch" href="/assets/js/562.8ac06965.js"><link rel="prefetch" href="/assets/js/563.209407dd.js"><link rel="prefetch" href="/assets/js/564.4da5848b.js"><link rel="prefetch" href="/assets/js/565.0ea0c2cb.js"><link rel="prefetch" href="/assets/js/566.fbb62b05.js"><link rel="prefetch" href="/assets/js/567.0454bee2.js"><link rel="prefetch" href="/assets/js/568.5aad57f8.js"><link rel="prefetch" href="/assets/js/569.b4b199ad.js"><link rel="prefetch" href="/assets/js/57.2e9b38e9.js"><link rel="prefetch" href="/assets/js/570.890f1d05.js"><link rel="prefetch" href="/assets/js/571.56e5f721.js"><link rel="prefetch" href="/assets/js/572.fa3418f1.js"><link rel="prefetch" href="/assets/js/573.224ada77.js"><link rel="prefetch" href="/assets/js/574.4cc85330.js"><link rel="prefetch" href="/assets/js/575.61a17f5e.js"><link rel="prefetch" href="/assets/js/576.0ec5efb8.js"><link rel="prefetch" href="/assets/js/577.6bc915dd.js"><link rel="prefetch" href="/assets/js/578.fd4e39e7.js"><link rel="prefetch" href="/assets/js/579.0238c950.js"><link rel="prefetch" href="/assets/js/58.f28ad3cc.js"><link rel="prefetch" href="/assets/js/580.a08c6c02.js"><link rel="prefetch" href="/assets/js/581.392f9c6f.js"><link rel="prefetch" href="/assets/js/582.2f59e9f2.js"><link rel="prefetch" href="/assets/js/583.2097fe85.js"><link rel="prefetch" href="/assets/js/584.f0d8c622.js"><link rel="prefetch" href="/assets/js/585.85fab1f2.js"><link rel="prefetch" href="/assets/js/586.c359098c.js"><link rel="prefetch" href="/assets/js/587.1dff90c3.js"><link rel="prefetch" href="/assets/js/588.6afc16eb.js"><link rel="prefetch" href="/assets/js/589.4337cfee.js"><link rel="prefetch" href="/assets/js/59.9079a4f5.js"><link rel="prefetch" href="/assets/js/590.f969cc18.js"><link rel="prefetch" href="/assets/js/591.dfceaca2.js"><link rel="prefetch" href="/assets/js/592.b670f7b8.js"><link rel="prefetch" href="/assets/js/593.85ff3e7e.js"><link rel="prefetch" href="/assets/js/594.87d3c73b.js"><link rel="prefetch" href="/assets/js/595.18f2a1df.js"><link rel="prefetch" href="/assets/js/596.adb07b39.js"><link rel="prefetch" href="/assets/js/597.4bfdae44.js"><link rel="prefetch" href="/assets/js/598.a4f73bf5.js"><link rel="prefetch" href="/assets/js/599.5b85b7f2.js"><link rel="prefetch" href="/assets/js/6.6f5ae702.js"><link rel="prefetch" href="/assets/js/60.3095e21a.js"><link rel="prefetch" href="/assets/js/600.98cef029.js"><link rel="prefetch" href="/assets/js/601.34cfecd2.js"><link rel="prefetch" href="/assets/js/602.afaf2e1f.js"><link rel="prefetch" href="/assets/js/603.5f081041.js"><link rel="prefetch" href="/assets/js/604.a55dc3e4.js"><link rel="prefetch" href="/assets/js/605.cc600bca.js"><link rel="prefetch" href="/assets/js/606.9e0874e1.js"><link rel="prefetch" href="/assets/js/607.bd0a2835.js"><link rel="prefetch" href="/assets/js/608.e3c0bb6d.js"><link rel="prefetch" href="/assets/js/609.968adfbe.js"><link rel="prefetch" href="/assets/js/61.cd58c0e2.js"><link rel="prefetch" href="/assets/js/610.6ddb82e2.js"><link rel="prefetch" href="/assets/js/611.f6573e33.js"><link rel="prefetch" href="/assets/js/612.cd703232.js"><link rel="prefetch" href="/assets/js/613.5ae48097.js"><link rel="prefetch" href="/assets/js/614.c9fc5628.js"><link rel="prefetch" href="/assets/js/615.5f3c1162.js"><link rel="prefetch" href="/assets/js/616.3efeed17.js"><link rel="prefetch" href="/assets/js/617.25dec672.js"><link rel="prefetch" href="/assets/js/618.b53f21b6.js"><link rel="prefetch" href="/assets/js/619.e0c2de74.js"><link rel="prefetch" href="/assets/js/62.aa4d202d.js"><link rel="prefetch" href="/assets/js/620.88136c6a.js"><link rel="prefetch" href="/assets/js/621.494122df.js"><link rel="prefetch" href="/assets/js/622.e2a6e4bd.js"><link rel="prefetch" href="/assets/js/623.20a56d61.js"><link rel="prefetch" href="/assets/js/624.602dd933.js"><link rel="prefetch" href="/assets/js/625.70f44f60.js"><link rel="prefetch" href="/assets/js/626.11524978.js"><link rel="prefetch" href="/assets/js/627.b3badb72.js"><link rel="prefetch" href="/assets/js/628.e613665e.js"><link rel="prefetch" href="/assets/js/629.20e73b43.js"><link rel="prefetch" href="/assets/js/63.f7cd40f4.js"><link rel="prefetch" href="/assets/js/630.6099312f.js"><link rel="prefetch" href="/assets/js/631.669bcda0.js"><link rel="prefetch" href="/assets/js/632.d33f5ec9.js"><link rel="prefetch" href="/assets/js/633.211456ee.js"><link rel="prefetch" href="/assets/js/634.ea9d07ae.js"><link rel="prefetch" href="/assets/js/635.f22368f1.js"><link rel="prefetch" href="/assets/js/636.ebe249f7.js"><link rel="prefetch" href="/assets/js/637.7b645ab3.js"><link rel="prefetch" href="/assets/js/638.4565c395.js"><link rel="prefetch" href="/assets/js/639.c5144f9c.js"><link rel="prefetch" href="/assets/js/64.8cd3aa43.js"><link rel="prefetch" href="/assets/js/640.2dc2eba9.js"><link rel="prefetch" href="/assets/js/641.70155ce7.js"><link rel="prefetch" href="/assets/js/642.c55f5ca8.js"><link rel="prefetch" href="/assets/js/643.69a5b8e5.js"><link rel="prefetch" href="/assets/js/644.84431935.js"><link rel="prefetch" href="/assets/js/645.5119ebc2.js"><link rel="prefetch" href="/assets/js/646.506fc745.js"><link rel="prefetch" href="/assets/js/647.e5f03652.js"><link rel="prefetch" href="/assets/js/648.47ae0cc5.js"><link rel="prefetch" href="/assets/js/649.b3a67529.js"><link rel="prefetch" href="/assets/js/65.14b3da5d.js"><link rel="prefetch" href="/assets/js/650.89765bb0.js"><link rel="prefetch" href="/assets/js/651.19b73cf8.js"><link rel="prefetch" href="/assets/js/652.4436725f.js"><link rel="prefetch" href="/assets/js/653.391168ff.js"><link rel="prefetch" href="/assets/js/654.8b449d07.js"><link rel="prefetch" href="/assets/js/655.27051c8c.js"><link rel="prefetch" href="/assets/js/656.7adaae31.js"><link rel="prefetch" href="/assets/js/657.4fee46d2.js"><link rel="prefetch" href="/assets/js/658.0243a6e8.js"><link rel="prefetch" href="/assets/js/659.f69398bc.js"><link rel="prefetch" href="/assets/js/66.899fc260.js"><link rel="prefetch" href="/assets/js/660.5e51ab7c.js"><link rel="prefetch" href="/assets/js/661.980d3d5a.js"><link rel="prefetch" href="/assets/js/662.79643730.js"><link rel="prefetch" href="/assets/js/663.d030bd1d.js"><link rel="prefetch" href="/assets/js/664.32b3c0e8.js"><link rel="prefetch" href="/assets/js/665.384c456b.js"><link rel="prefetch" href="/assets/js/666.2672eb36.js"><link rel="prefetch" href="/assets/js/667.2ca85ff9.js"><link rel="prefetch" href="/assets/js/668.b80ef3b4.js"><link rel="prefetch" href="/assets/js/669.41f08cb1.js"><link rel="prefetch" href="/assets/js/67.c0e799e4.js"><link rel="prefetch" href="/assets/js/670.48512f45.js"><link rel="prefetch" href="/assets/js/671.93e1cdd9.js"><link rel="prefetch" href="/assets/js/672.aa2a7e31.js"><link rel="prefetch" href="/assets/js/673.b19ed80d.js"><link rel="prefetch" href="/assets/js/674.0337bf32.js"><link rel="prefetch" href="/assets/js/675.88a9d569.js"><link rel="prefetch" href="/assets/js/676.7fd2de1c.js"><link rel="prefetch" href="/assets/js/677.1356b477.js"><link rel="prefetch" href="/assets/js/678.d99fd658.js"><link rel="prefetch" href="/assets/js/679.a2e40bc7.js"><link rel="prefetch" href="/assets/js/68.2e72dacb.js"><link rel="prefetch" href="/assets/js/680.58e5d76e.js"><link rel="prefetch" href="/assets/js/681.2e66d773.js"><link rel="prefetch" href="/assets/js/682.42526013.js"><link rel="prefetch" href="/assets/js/683.447d4972.js"><link rel="prefetch" href="/assets/js/684.19beb22a.js"><link rel="prefetch" href="/assets/js/685.cd3fd615.js"><link rel="prefetch" href="/assets/js/686.c6200f3f.js"><link rel="prefetch" href="/assets/js/687.3d6cf8bb.js"><link rel="prefetch" href="/assets/js/688.e9ddd041.js"><link rel="prefetch" href="/assets/js/689.74bb6414.js"><link rel="prefetch" href="/assets/js/69.d29a7787.js"><link rel="prefetch" href="/assets/js/690.82b51acd.js"><link rel="prefetch" href="/assets/js/691.a6edc5c3.js"><link rel="prefetch" href="/assets/js/692.c5fd2fa7.js"><link rel="prefetch" href="/assets/js/693.0c0b8126.js"><link rel="prefetch" href="/assets/js/694.551ae4d1.js"><link rel="prefetch" href="/assets/js/695.2801a2f2.js"><link rel="prefetch" href="/assets/js/696.8723006b.js"><link rel="prefetch" href="/assets/js/697.275e71c7.js"><link rel="prefetch" href="/assets/js/698.431e2bfb.js"><link rel="prefetch" href="/assets/js/699.c82907d3.js"><link rel="prefetch" href="/assets/js/7.c8b0ee6b.js"><link rel="prefetch" href="/assets/js/70.53b18677.js"><link rel="prefetch" href="/assets/js/700.9faf8917.js"><link rel="prefetch" href="/assets/js/701.5ce77f04.js"><link rel="prefetch" href="/assets/js/702.488262eb.js"><link rel="prefetch" href="/assets/js/703.8f79363d.js"><link rel="prefetch" href="/assets/js/704.a4cfe8cb.js"><link rel="prefetch" href="/assets/js/705.4f1759eb.js"><link rel="prefetch" href="/assets/js/706.baf03b10.js"><link rel="prefetch" href="/assets/js/707.48c01840.js"><link rel="prefetch" href="/assets/js/708.b3cda177.js"><link rel="prefetch" href="/assets/js/709.260cc3a8.js"><link rel="prefetch" href="/assets/js/71.b44506bc.js"><link rel="prefetch" href="/assets/js/710.e4fa6646.js"><link rel="prefetch" href="/assets/js/711.7816aba5.js"><link rel="prefetch" href="/assets/js/712.14939ffd.js"><link rel="prefetch" href="/assets/js/72.9793c1ce.js"><link rel="prefetch" href="/assets/js/73.b4d37c7e.js"><link rel="prefetch" href="/assets/js/74.b816cbc7.js"><link rel="prefetch" href="/assets/js/75.9f45a274.js"><link rel="prefetch" href="/assets/js/76.4921e235.js"><link rel="prefetch" href="/assets/js/77.f9258c97.js"><link rel="prefetch" href="/assets/js/78.55656c0f.js"><link rel="prefetch" href="/assets/js/79.b5784c72.js"><link rel="prefetch" href="/assets/js/8.44118d7c.js"><link rel="prefetch" href="/assets/js/80.98240933.js"><link rel="prefetch" href="/assets/js/81.5421fa90.js"><link rel="prefetch" href="/assets/js/82.72a10ccf.js"><link rel="prefetch" href="/assets/js/83.abdca93e.js"><link rel="prefetch" href="/assets/js/84.5d0190e3.js"><link rel="prefetch" href="/assets/js/85.5d2a1647.js"><link rel="prefetch" href="/assets/js/86.5aea5730.js"><link rel="prefetch" href="/assets/js/87.bfe2bb57.js"><link rel="prefetch" href="/assets/js/88.4097611c.js"><link rel="prefetch" href="/assets/js/89.e5a98da0.js"><link rel="prefetch" href="/assets/js/9.612b54fd.js"><link rel="prefetch" href="/assets/js/90.5564a69b.js"><link rel="prefetch" href="/assets/js/91.ff219511.js"><link rel="prefetch" href="/assets/js/92.8191f073.js"><link rel="prefetch" href="/assets/js/93.4b6ecb16.js"><link rel="prefetch" href="/assets/js/94.fd999a73.js"><link rel="prefetch" href="/assets/js/95.c96c310d.js"><link rel="prefetch" href="/assets/js/96.2eb0ab2f.js"><link rel="prefetch" href="/assets/js/97.4c8c6fba.js"><link rel="prefetch" href="/assets/js/98.f9ef7bdb.js"><link rel="prefetch" href="/assets/js/99.513483d0.js"><link rel="prefetch" href="/assets/js/vendors~docsearch.49ad9c45.js">
    <link rel="stylesheet" href="/assets/css/0.styles.af3770e9.css">
  </head>
  <body>
    <div id="app" data-server-rendered="true"><div class="theme-container"><header class="navbar"><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/en/" class="home-link router-link-active"><img src="/images/icons/spring-logo.svg" alt="Spring Docs" class="logo"> <span class="site-name can-hide">Spring Docs</span></a> <div class="links"><div class="search-box"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><div class="nav-item"><a href="/en/spring/why-spring.html" class="nav-link">
  Spring
</a></div><div class="nav-item"><a href="/en/spring-boot/getting-help.html" class="nav-link">
  Spring Boot
</a></div><div class="nav-item"><a href="/en/spring-cloud/documentation-overview.html" class="nav-link">
  Spring Cloud
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="Others" class="dropdown-title"><span class="title">more</span> <span class="arrow down"></span></button> <button type="button" aria-label="Others" class="mobile-dropdown-title"><span class="title">more</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/en/spring-framework/overview.html" class="nav-link">
  Spring Framework
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-data/spring-data.html" class="nav-link">
  Spring Data
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-cloud-data-flow/spring-cloud-dataflow.html" class="nav-link">
  Spring Cloud Data Flow
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-security/overview.html" class="nav-link">
  Spring Security
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-for-graphql/spring-graphql.html" class="nav-link">
  Spring for GraphQL
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-session/_index.html" class="nav-link">
  Spring Session
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-integration/preface.html" class="nav-link">
  Spring Integration
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-hateoas/spring-hateoas.html" class="nav-link">
  Spring HATEOAS
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-rest-docs/spring-restdocs.html" class="nav-link">
  Spring REST Docs
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-batch/spring-batch-intro.html" class="nav-link">
  Spring Batch
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-amqp/spring-amqp.html" class="nav-link">
  Spring AMQP
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-credhub/spring-credhub.html" class="nav-link">
  Spring CredHub
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-flo/spring-flo.html" class="nav-link">
  Spring Flo
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-for-apache-kafka/spring-kafka.html" class="nav-link">
  Spring for Apache Kafka
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-ldap/spring-ldap.html" class="nav-link">
  Spring LDAP
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-shell/spring-shell.html" class="nav-link">
  Spring Shell
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-statemachine/spring-statemachine.html" class="nav-link">
  Spring Statemachine
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-vault/spring-vault.html" class="nav-link">
  Spring Vault
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-web-flow/preface.html" class="nav-link">
  Spring Web Flow
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-web-services/spring-web-service.html" class="nav-link">
  Spring Web Services
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="Select language" class="dropdown-title"><span class="title">Language</span> <span class="arrow down"></span></button> <button type="button" aria-label="Select language" class="mobile-dropdown-title"><span class="title">Language</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/en/spring-security/servlet-authentication-architecture.html" aria-current="page" class="nav-link router-link-exact-active router-link-active">
  English
</a></li><li class="dropdown-item"><!----> <a href="/spring-security/servlet-authentication-architecture.html" class="nav-link">
  简体中文
</a></li></ul></div></div> <a href="https://gitcode.net/dev-cloud/spring-docs" target="_blank" rel="noopener noreferrer" class="repo-link">
    GitCode
    <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></nav></div></header> <div class="sidebar-mask"></div> <aside class="sidebar"><nav class="nav-links"><div class="nav-item"><a href="/en/spring/why-spring.html" class="nav-link">
  Spring
</a></div><div class="nav-item"><a href="/en/spring-boot/getting-help.html" class="nav-link">
  Spring Boot
</a></div><div class="nav-item"><a href="/en/spring-cloud/documentation-overview.html" class="nav-link">
  Spring Cloud
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="Others" class="dropdown-title"><span class="title">more</span> <span class="arrow down"></span></button> <button type="button" aria-label="Others" class="mobile-dropdown-title"><span class="title">more</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/en/spring-framework/overview.html" class="nav-link">
  Spring Framework
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-data/spring-data.html" class="nav-link">
  Spring Data
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-cloud-data-flow/spring-cloud-dataflow.html" class="nav-link">
  Spring Cloud Data Flow
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-security/overview.html" class="nav-link">
  Spring Security
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-for-graphql/spring-graphql.html" class="nav-link">
  Spring for GraphQL
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-session/_index.html" class="nav-link">
  Spring Session
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-integration/preface.html" class="nav-link">
  Spring Integration
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-hateoas/spring-hateoas.html" class="nav-link">
  Spring HATEOAS
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-rest-docs/spring-restdocs.html" class="nav-link">
  Spring REST Docs
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-batch/spring-batch-intro.html" class="nav-link">
  Spring Batch
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-amqp/spring-amqp.html" class="nav-link">
  Spring AMQP
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-credhub/spring-credhub.html" class="nav-link">
  Spring CredHub
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-flo/spring-flo.html" class="nav-link">
  Spring Flo
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-for-apache-kafka/spring-kafka.html" class="nav-link">
  Spring for Apache Kafka
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-ldap/spring-ldap.html" class="nav-link">
  Spring LDAP
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-shell/spring-shell.html" class="nav-link">
  Spring Shell
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-statemachine/spring-statemachine.html" class="nav-link">
  Spring Statemachine
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-vault/spring-vault.html" class="nav-link">
  Spring Vault
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-web-flow/preface.html" class="nav-link">
  Spring Web Flow
</a></li><li class="dropdown-item"><!----> <a href="/en/spring-web-services/spring-web-service.html" class="nav-link">
  Spring Web Services
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="Select language" class="dropdown-title"><span class="title">Language</span> <span class="arrow down"></span></button> <button type="button" aria-label="Select language" class="mobile-dropdown-title"><span class="title">Language</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/en/spring-security/servlet-authentication-architecture.html" aria-current="page" class="nav-link router-link-exact-active router-link-active">
  English
</a></li><li class="dropdown-item"><!----> <a href="/spring-security/servlet-authentication-architecture.html" class="nav-link">
  简体中文
</a></li></ul></div></div> <a href="https://gitcode.net/dev-cloud/spring-docs" target="_blank" rel="noopener noreferrer" class="repo-link">
    GitCode
    <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></nav>  <ul class="sidebar-links"><li><section class="sidebar-group depth-0"><p class="sidebar-heading open"><span>Spring Security</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/en/spring-security/overview.html" class="sidebar-link">Spring Security</a></li><li><a href="/en/spring-security/prerequisites.html" class="sidebar-link">Prerequisites</a></li><li><a href="/en/spring-security/community.html" class="sidebar-link">Spring Security Community</a></li><li><a href="/en/spring-security/whats-new.html" class="sidebar-link">What’s New in Spring Security 5.6</a></li><li><a href="/en/spring-security/getting-spring-security.html" class="sidebar-link">Getting Spring Security</a></li><li><a href="/en/spring-security/features.html" class="sidebar-link">Features</a></li><li><a href="/en/spring-security/features-authentication.html" class="sidebar-link">Authentication</a></li><li><a href="/en/spring-security/features-authentication-password-storage.html" class="sidebar-link">Password Storage</a></li><li><a href="/en/spring-security/features-exploits.html" class="sidebar-link">Protection Against Exploits</a></li><li><a href="/en/spring-security/features-exploits-csrf.html" class="sidebar-link">Cross Site Request Forgery (CSRF)</a></li><li><a href="/en/spring-security/features-exploits-headers.html" class="sidebar-link">Security HTTP Response Headers</a></li><li><a href="/en/spring-security/features-exploits-http.html" class="sidebar-link">HTTP</a></li><li><a href="/en/spring-security/features-integrations.html" class="sidebar-link">Integrations</a></li><li><a href="/en/spring-security/features-integrations-cryptography.html" class="sidebar-link">Spring Security Crypto Module</a></li><li><a href="/en/spring-security/features-integrations-data.html" class="sidebar-link">Spring Data Integration</a></li><li><a href="/en/spring-security/features-integrations-concurrency.html" class="sidebar-link">Concurrency Support</a></li><li><a href="/en/spring-security/features-integrations-jackson.html" class="sidebar-link">Jackson Support</a></li><li><a href="/en/spring-security/features-integrations-localization.html" class="sidebar-link">Localization</a></li><li><a href="/en/spring-security/modules.html" class="sidebar-link">Project Modules and Dependencies</a></li><li><a href="/en/spring-security/samples.html" class="sidebar-link">Samples</a></li><li><a href="/en/spring-security/servlet.html" class="sidebar-link">Servlet Applications</a></li><li><a href="/en/spring-security/servlet-getting-started.html" class="sidebar-link">Hello Spring Security</a></li><li><a href="/en/spring-security/servlet-architecture.html" class="sidebar-link">Architecture</a></li><li><a href="/en/spring-security/servlet-authentication.html" class="sidebar-link">Authentication</a></li><li><a href="/en/spring-security/servlet-authentication-architecture.html" aria-current="page" class="active sidebar-link">Servlet Authentication Architecture</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/en/spring-security/servlet-authentication-architecture.html#securitycontextholder" class="sidebar-link">SecurityContextHolder</a></li><li class="sidebar-sub-header"><a href="/en/spring-security/servlet-authentication-architecture.html#securitycontext" class="sidebar-link">SecurityContext</a></li><li class="sidebar-sub-header"><a href="/en/spring-security/servlet-authentication-architecture.html#authentication" class="sidebar-link">Authentication</a></li><li class="sidebar-sub-header"><a href="/en/spring-security/servlet-authentication-architecture.html#grantedauthority" class="sidebar-link">GrantedAuthority</a></li><li class="sidebar-sub-header"><a href="/en/spring-security/servlet-authentication-architecture.html#authenticationmanager" class="sidebar-link">AuthenticationManager</a></li><li class="sidebar-sub-header"><a href="/en/spring-security/servlet-authentication-architecture.html#providermanager" class="sidebar-link">ProviderManager</a></li><li class="sidebar-sub-header"><a href="/en/spring-security/servlet-authentication-architecture.html#authenticationprovider" class="sidebar-link">AuthenticationProvider</a></li><li class="sidebar-sub-header"><a href="/en/spring-security/servlet-authentication-architecture.html#request-credentials-with-authenticationentrypoint" class="sidebar-link">Request Credentials with AuthenticationEntryPoint</a></li><li class="sidebar-sub-header"><a href="/en/spring-security/servlet-authentication-architecture.html#abstractauthenticationprocessingfilter" class="sidebar-link">AbstractAuthenticationProcessingFilter</a></li></ul></li><li><a href="/en/spring-security/servlet-authentication-passwords.html" class="sidebar-link">Username/Password Authentication</a></li><li><a href="/en/spring-security/servlet-authentication-passwords-input.html" class="sidebar-link">Reading the Username &amp; Password</a></li><li><a href="/en/spring-security/servlet-authentication-passwords-form.html" class="sidebar-link">Form Login</a></li><li><a href="/en/spring-security/servlet-authentication-passwords-basic.html" class="sidebar-link">Basic Authentication</a></li><li><a href="/en/spring-security/servlet-authentication-passwords-digest.html" class="sidebar-link">Digest Authentication</a></li><li><a href="/en/spring-security/servlet-authentication-passwords-storage.html" class="sidebar-link">Storage Mechanisms</a></li><li><a href="/en/spring-security/servlet-authentication-passwords-storage-in-memory.html" class="sidebar-link">In-Memory Authentication</a></li><li><a href="/en/spring-security/servlet-authentication-passwords-storage-jdbc.html" class="sidebar-link">JDBC Authentication</a></li><li><a href="/en/spring-security/servlet-authentication-passwords-storage-user-details.html" class="sidebar-link">UserDetails</a></li><li><a href="/en/spring-security/servlet-authentication-passwords-storage-user-details-service.html" class="sidebar-link">UserDetailsService</a></li><li><a href="/en/spring-security/servlet-authentication-passwords-storage-password-encoder.html" class="sidebar-link">PasswordEncoder</a></li><li><a href="/en/spring-security/servlet-authentication-passwords-storage-dao-authentication-provider.html" class="sidebar-link">DaoAuthenticationProvider</a></li><li><a href="/en/spring-security/servlet-authentication-passwords-storage-ldap.html" class="sidebar-link">LDAP Authentication</a></li><li><a href="/en/spring-security/servlet-authentication-session-management.html" class="sidebar-link">Session Management</a></li><li><a href="/en/spring-security/servlet-authentication-rememberme.html" class="sidebar-link">Remember-Me Authentication</a></li><li><a href="/en/spring-security/servlet-authentication-openid.html" class="sidebar-link">OpenID Support</a></li><li><a href="/en/spring-security/servlet-authentication-anonymous.html" class="sidebar-link">Anonymous Authentication</a></li><li><a href="/en/spring-security/servlet-authentication-preauth.html" class="sidebar-link">Pre-Authentication Scenarios</a></li><li><a href="/en/spring-security/servlet-authentication-jaas.html" class="sidebar-link">Java Authentication and Authorization Service (JAAS) Provider</a></li><li><a href="/en/spring-security/servlet-authentication-cas.html" class="sidebar-link">CAS Authentication</a></li><li><a href="/en/spring-security/servlet-authentication-x509.html" class="sidebar-link">X.509 Authentication</a></li><li><a href="/en/spring-security/servlet-authentication-runas.html" class="sidebar-link">Run-As Authentication Replacement</a></li><li><a href="/en/spring-security/servlet-authentication-logout.html" class="sidebar-link">Handling Logouts</a></li><li><a href="/en/spring-security/servlet-authentication-events.html" class="sidebar-link">Authentication Events</a></li><li><a href="/en/spring-security/servlet-authorization-.html" class="sidebar-link">Authorization</a></li><li><a href="/en/spring-security/servlet-authorization-architecture.html" class="sidebar-link">Authorization Architecture</a></li><li><a href="/en/spring-security/servlet-authorization-authorize-http-requests.html" class="sidebar-link">Authorize HttpServletRequests with AuthorizationFilter</a></li><li><a href="/en/spring-security/servlet-authorization-authorize-requests.html" class="sidebar-link">Authorize HttpServletRequest with FilterSecurityInterceptor</a></li><li><a href="/en/spring-security/servlet-authorization-expression-based.html" class="sidebar-link">Expression-Based Access Control</a></li><li><a href="/en/spring-security/servlet-authorization-secure-objects.html" class="sidebar-link">Secure Object Implementations</a></li><li><a href="/en/spring-security/servlet-authorization-method-security.html" class="sidebar-link">Method Security</a></li><li><a href="/en/spring-security/servlet-authorization-acls.html" class="sidebar-link">Domain Object Security (ACLs)</a></li><li><a href="/en/spring-security/servlet-oauth2-.html" class="sidebar-link">OAuth2</a></li><li><a href="/en/spring-security/servlet-oauth2-login.html" class="sidebar-link">OAuth 2.0 Login</a></li><li><a href="/en/spring-security/servlet-oauth2-login-core.html" class="sidebar-link">Core Configuration</a></li><li><a href="/en/spring-security/servlet-oauth2-login-advanced.html" class="sidebar-link">Advanced Configuration</a></li><li><a href="/en/spring-security/servlet-oauth2-client.html" class="sidebar-link">OAuth 2.0 Client</a></li><li><a href="/en/spring-security/servlet-oauth2-client-core.html" class="sidebar-link">Core Interfaces / Classes</a></li><li><a href="/en/spring-security/servlet-oauth2-client-authorization-grants.html" class="sidebar-link">Authorization Grant Support</a></li><li><a href="/en/spring-security/servlet-oauth2-client-client-authentication.html" class="sidebar-link">Client Authentication Support</a></li><li><a href="/en/spring-security/servlet-oauth2-client-authorized-clients.html" class="sidebar-link">Authorized Client Features</a></li><li><a href="/en/spring-security/servlet-oauth2-resource-server.html" class="sidebar-link">OAuth 2.0 Resource Server</a></li><li><a href="/en/spring-security/servlet-oauth2-resource-server-jwt.html" class="sidebar-link">OAuth 2.0 Resource Server JWT</a></li><li><a href="/en/spring-security/servlet-oauth2-resource-server-opaque-token.html" class="sidebar-link">OAuth 2.0 Resource Server Opaque Token</a></li><li><a href="/en/spring-security/servlet-oauth2-resource-server-multitenancy.html" class="sidebar-link">OAuth 2.0 Resource Server Multitenancy</a></li><li><a href="/en/spring-security/servlet-oauth2-resource-server-bearer-tokens.html" class="sidebar-link">OAuth 2.0 Bearer Tokens</a></li><li><a href="/en/spring-security/servlet-saml2.html" class="sidebar-link">SAML2</a></li><li><a href="/en/spring-security/servlet-saml2-login.html" class="sidebar-link">SAML 2.0 Login</a></li><li><a href="/en/spring-security/servlet-saml2-login-overview.html" class="sidebar-link">SAML 2.0 Login Overview</a></li><li><a href="/en/spring-security/servlet-saml2-login-authentication-requests.html" class="sidebar-link">Producing &lt;saml2:AuthnRequest&gt;s</a></li><li><a href="/en/spring-security/servlet-saml2-login-authentication.html" class="sidebar-link">Authenticating &lt;saml2:Response&gt;s</a></li><li><a href="/en/spring-security/servlet-saml2-logout.html" class="sidebar-link">Performing Single Logout</a></li><li><a href="/en/spring-security/servlet-saml2-metadata.html" class="sidebar-link">Producing &lt;saml2:SPSSODescriptor&gt; Metadata</a></li><li><a href="/en/spring-security/servlet-exploits.html" class="sidebar-link">Protection Against Exploits</a></li><li><a href="/en/spring-security/servlet-exploits-csrf.html" class="sidebar-link">Cross Site Request Forgery (CSRF) for Servlet Environments</a></li><li><a href="/en/spring-security/servlet-exploits-headers.html" class="sidebar-link">Security HTTP Response Headers</a></li><li><a href="/en/spring-security/servlet-exploits-http.html" class="sidebar-link">HTTP</a></li><li><a href="/en/spring-security/servlet-exploits-firewall.html" class="sidebar-link">HttpFirewall</a></li><li><a href="/en/spring-security/servlet-integrations.html" class="sidebar-link">Integrations</a></li><li><a href="/en/spring-security/servlet-integrations-concurrency.html" class="sidebar-link">Concurrency Support</a></li><li><a href="/en/spring-security/servlet-integrations-jackson.html" class="sidebar-link">Jackson Support</a></li><li><a href="/en/spring-security/servlet-integrations-localization.html" class="sidebar-link">Localization</a></li><li><a href="/en/spring-security/servlet-integrations-servlet-api.html" class="sidebar-link">Servlet API integration</a></li><li><a href="/en/spring-security/servlet-integrations-data.html" class="sidebar-link">Spring Data Integration</a></li><li><a href="/en/spring-security/servlet-integrations-mvc.html" class="sidebar-link">Spring MVC Integration</a></li><li><a href="/en/spring-security/servlet-integrations-websocket.html" class="sidebar-link">WebSocket Security</a></li><li><a href="/en/spring-security/servlet-integrations-cors.html" class="sidebar-link">CORS</a></li><li><a href="/en/spring-security/servlet-integrations-jsp-taglibs.html" class="sidebar-link">JSP Tag Libraries</a></li><li><a href="/en/spring-security/servlet-configuration-java.html" class="sidebar-link">Java Configuration</a></li><li><a href="/en/spring-security/servlet-configuration-kotlin.html" class="sidebar-link">Kotlin Configuration</a></li><li><a href="/en/spring-security/servlet-configuration-xml-namespace.html" class="sidebar-link">Security Namespace Configuration</a></li><li><a href="/en/spring-security/servlet-test.html" class="sidebar-link">Testing</a></li><li><a href="/en/spring-security/servlet-test-method.html" class="sidebar-link">Testing Method Security</a></li><li><a href="/en/spring-security/servlet-test-mockmvc.html" class="sidebar-link">Spring MVC Test Integration</a></li><li><a href="/en/spring-security/servlet-test-mockmvc-setup.html" class="sidebar-link">Setting Up MockMvc and Spring Security</a></li><li><a href="/en/spring-security/servlet-test-mockmvc-request-post-processors.html" class="sidebar-link">SecurityMockMvcRequestPostProcessors</a></li><li><a href="/en/spring-security/servlet-test-mockmvc-authentication.html" class="sidebar-link">Running a Test as a User in Spring MVC Test</a></li><li><a href="/en/spring-security/servlet-test-mockmvc-csrf.html" class="sidebar-link">Testing with CSRF Protection</a></li><li><a href="/en/spring-security/servlet-test-mockmvc-form-login.html" class="sidebar-link">Testing Form Based Authentication</a></li><li><a href="/en/spring-security/servlet-test-mockmvc-http-basic.html" class="sidebar-link">Testing HTTP Basic Authentication</a></li><li><a href="/en/spring-security/servlet-test-mockmvc-oauth2.html" class="sidebar-link">Testing OAuth 2.0</a></li><li><a href="/en/spring-security/servlet-test-mockmvc-logout.html" class="sidebar-link">Testing Logout</a></li><li><a href="/en/spring-security/servlet-test-mockmvc-request-builders.html" class="sidebar-link">SecurityMockMvcRequestBuilders</a></li><li><a href="/en/spring-security/servlet-test-mockmvc-result-matchers.html" class="sidebar-link">SecurityMockMvcResultMatchers</a></li><li><a href="/en/spring-security/servlet-test-mockmvc-result-handlers.html" class="sidebar-link">SecurityMockMvcResultHandlers</a></li><li><a href="/en/spring-security/servlet-appendix.html" class="sidebar-link">Appendix</a></li><li><a href="/en/spring-security/servlet-appendix-database-schema.html" class="sidebar-link">Security Database Schema</a></li><li><a href="/en/spring-security/servlet-appendix-namespace.html" class="sidebar-link">The Security Namespace</a></li><li><a href="/en/spring-security/servlet-appendix-namespace-authentication-manager.html" class="sidebar-link">Authentication Services</a></li><li><a href="/en/spring-security/servlet-appendix-namespace-http.html" class="sidebar-link">Web Application Security</a></li><li><a href="/en/spring-security/servlet-appendix-namespace-method-security.html" class="sidebar-link">Method Security</a></li><li><a href="/en/spring-security/servlet-appendix-namespace-ldap.html" class="sidebar-link">LDAP Namespace Options</a></li><li><a href="/en/spring-security/servlet-appendix-namespace-websocket.html" class="sidebar-link">WebSocket Security</a></li><li><a href="/en/spring-security/servlet-appendix-faq.html" class="sidebar-link">Spring Security FAQ</a></li><li><a href="/en/spring-security/reactive.html" class="sidebar-link">Reactive Applications</a></li><li><a href="/en/spring-security/reactive-getting-started.html" class="sidebar-link">Getting Started with WebFlux Applications</a></li><li><a href="/en/spring-security/reactive-authentication-x509.html" class="sidebar-link">Reactive X.509 Authentication</a></li><li><a href="/en/spring-security/reactive-authentication-logout.html" class="sidebar-link">Logout</a></li><li><a href="/en/spring-security/reactive-authorization-authorize-http-requests.html" class="sidebar-link">Authorize ServerHttpRequest</a></li><li><a href="/en/spring-security/reactive-authorization-method.html" class="sidebar-link">EnableReactiveMethodSecurity</a></li><li><a href="/en/spring-security/reactive-oauth2.html" class="sidebar-link">OAuth2 WebFlux</a></li><li><a href="/en/spring-security/reactive-oauth2-login.html" class="sidebar-link">OAuth 2.0 Login</a></li><li><a href="/en/spring-security/reactive-oauth2-login-core.html" class="sidebar-link">Core Configuration</a></li><li><a href="/en/spring-security/reactive-oauth2-login-advanced.html" class="sidebar-link">Advanced Configuration</a></li><li><a href="/en/spring-security/reactive-oauth2-client.html" class="sidebar-link">OAuth 2.0 Client</a></li><li><a href="/en/spring-security/reactive-oauth2-client-core.html" class="sidebar-link">Core Interfaces / Classes</a></li><li><a href="/en/spring-security/reactive-oauth2-client-authorization-grants.html" class="sidebar-link">Authorization Grant Support</a></li><li><a href="/en/spring-security/reactive-oauth2-client-client-authentication.html" class="sidebar-link">Client Authentication Support</a></li><li><a href="/en/spring-security/reactive-oauth2-client-authorized-clients.html" class="sidebar-link">Authorized Clients</a></li><li><a href="/en/spring-security/reactive-oauth2-resource-server.html" class="sidebar-link">OAuth 2.0 Resource Server</a></li><li><a href="/en/spring-security/reactive-oauth2-resource-server-jwt.html" class="sidebar-link">OAuth 2.0 Resource Server JWT</a></li><li><a href="/en/spring-security/reactive-oauth2-resource-server-opaque-token.html" class="sidebar-link">OAuth 2.0 Resource Server Opaque Token</a></li><li><a href="/en/spring-security/reactive-oauth2-resource-server-multitenancy.html" class="sidebar-link">OAuth 2.0 Resource Server Multitenancy</a></li><li><a href="/en/spring-security/reactive-oauth2-resource-server-bearer-tokens.html" class="sidebar-link">OAuth 2.0 Resource Server Bearer Tokens</a></li><li><a href="/en/spring-security/reactive-exploits.html" class="sidebar-link">Protection Against Exploits</a></li><li><a href="/en/spring-security/reactive-exploits-csrf.html" class="sidebar-link">Cross Site Request Forgery (CSRF) for WebFlux Environments</a></li><li><a href="/en/spring-security/reactive-exploits-headers.html" class="sidebar-link">Security HTTP Response Headers</a></li><li><a href="/en/spring-security/reactive-exploits-http.html" class="sidebar-link">HTTP</a></li><li><a href="/en/spring-security/reactive-integrations-cors.html" class="sidebar-link">CORS</a></li><li><a href="/en/spring-security/reactive-integrations-rsocket.html" class="sidebar-link">RSocket Security</a></li><li><a href="/en/spring-security/reactive-test.html" class="sidebar-link">Reactive Test Support</a></li><li><a href="/en/spring-security/reactive-test-method.html" class="sidebar-link">Testing Method Security</a></li><li><a href="/en/spring-security/reactive-test-web.html" class="sidebar-link">Testing Web Security</a></li><li><a href="/en/spring-security/reactive-test-web-setup.html" class="sidebar-link">WebTestClient Security Setup</a></li><li><a href="/en/spring-security/reactive-test-web-authentication.html" class="sidebar-link">Testing Authentication</a></li><li><a href="/en/spring-security/reactive-test-web-csrf.html" class="sidebar-link">Testing with CSRF</a></li><li><a href="/en/spring-security/reactive-test-web-oauth2.html" class="sidebar-link">Testing OAuth 2.0</a></li><li><a href="/en/spring-security/reactive-configuration-webflux.html" class="sidebar-link">WebFlux Security</a></li></ul></section></li></ul> </aside> <main class="page"> <div class="theme-default-content content__default"><h1 id="servlet-authentication-architecture"><a href="#servlet-authentication-architecture" class="header-anchor">#</a> Servlet Authentication Architecture</h1> <p>This discussion expands on <a href="/en/architecture.html#servlet-architecture">Servlet Security: The Big Picture</a> to describe the main architectural components of Spring Security’s used in Servlet authentication.
If you need concrete flows that explain how these pieces fit together, look at the <a href="/en/spring-security/index.html#servlet-authentication-mechanisms">Authentication Mechanism</a> specific sections.</p> <ul><li><p><a href="#servlet-authentication-securitycontextholder">SecurityContextHolder</a> - The <code>SecurityContextHolder</code> is where Spring Security stores the details of who is <a href="/features/authentication/index.html#authentication">authenticated</a>.</p></li> <li><p><a href="#servlet-authentication-securitycontext">SecurityContext</a> - is obtained from the <code>SecurityContextHolder</code> and contains the <code>Authentication</code> of the currently authenticated user.</p></li> <li><p><a href="#servlet-authentication-authentication">Authentication</a> - Can be the input to <code>AuthenticationManager</code> to provide the credentials a user has provided to authenticate or the current user from the <code>SecurityContext</code>.</p></li> <li><p><a href="#servlet-authentication-granted-authority">GrantedAuthority</a> - An authority that is granted to the principal on the <code>Authentication</code> (i.e. roles, scopes, etc.)</p></li> <li><p><a href="#servlet-authentication-authenticationmanager">AuthenticationManager</a> - the API that defines how Spring Security’s Filters perform <a href="/features/authentication/index.html#authentication">authentication</a>.</p></li> <li><p><a href="#servlet-authentication-providermanager">ProviderManager</a> - the most common implementation of <code>AuthenticationManager</code>.</p></li> <li><p><a href="#servlet-authentication-authenticationprovider">AuthenticationProvider</a> - used by <code>ProviderManager</code> to perform a specific type of authentication.</p></li> <li><p><a href="#servlet-authentication-authenticationentrypoint">Request Credentials with <code>AuthenticationEntryPoint</code></a> - used for requesting credentials from a client (i.e. redirecting to a log in page, sending a <code>WWW-Authenticate</code> response, etc.)</p></li> <li><p><a href="#servlet-authentication-abstractprocessingfilter">AbstractAuthenticationProcessingFilter</a> - a base <code>Filter</code> used for authentication.
This also gives a good idea of the high level flow of authentication and how pieces work together.</p></li></ul> <h2 id="securitycontextholder"><a href="#securitycontextholder" class="header-anchor">#</a> SecurityContextHolder</h2> <p>Hi servlet/authentication/architecture there</p> <p>At the heart of Spring Security’s authentication model is the <code>SecurityContextHolder</code>.
It contains the <a href="#servlet-authentication-securitycontext">SecurityContext</a>.</p> <p><img src="https://docs.spring.io/spring-security/reference/_images/servlet/authentication/architecture/securitycontextholder.png" alt="SecurityContextholder"></p> <p>The <code>SecurityContextHolder</code> is where Spring Security stores the details of who is <a href="/features/authentication/index.html#authentication">authenticated</a>.
Spring Security does not care how the <code>SecurityContextHolder</code> is populated.
If it contains a value, then it is used as the currently authenticated user.</p> <p>The simplest way to indicate a user is authenticated is to set the <code>SecurityContextHolder</code> directly.</p> <p>Example 1. Setting <code>SecurityContextHolder</code></p> <p>Java</p> <div class="language- extra-class"><pre class="language-text"><code>SecurityContext context = SecurityContextHolder.createEmptyContext(); (1)
Authentication authentication =
    new TestingAuthenticationToken(&quot;username&quot;, &quot;password&quot;, &quot;ROLE_USER&quot;); (2)
context.setAuthentication(authentication);

SecurityContextHolder.setContext(context); (3)
</code></pre></div><p>Kotlin</p> <div class="language- extra-class"><pre class="language-text"><code>val context: SecurityContext = SecurityContextHolder.createEmptyContext() (1)
val authentication: Authentication = TestingAuthenticationToken(&quot;username&quot;, &quot;password&quot;, &quot;ROLE_USER&quot;) (2)
context.authentication = authentication

SecurityContextHolder.setContext(context) (3)
</code></pre></div><table><thead><tr><th><strong>1</strong></th> <th>We start by creating an empty <code>SecurityContext</code>.<br>It is important to create a new <code>SecurityContext</code> instance instead of using <code>SecurityContextHolder.getContext().setAuthentication(authentication)</code> to avoid race conditions across multiple threads.</th></tr></thead> <tbody><tr><td><strong>2</strong></td> <td>Next we create a new <a href="#servlet-authentication-authentication"><code>Authentication</code></a> object.<br>Spring Security does not care what type of <code>Authentication</code> implementation is set on the <code>SecurityContext</code>.<br>Here we use <code>TestingAuthenticationToken</code> because it is very simple.<br>A more common production scenario is <code>UsernamePasswordAuthenticationToken(userDetails, password, authorities)</code>.</td></tr> <tr><td><strong>3</strong></td> <td>Finally, we set the <code>SecurityContext</code> on the <code>SecurityContextHolder</code>.<br>Spring Security will use this information for <a href="/en/authorization/index.html#servlet-authorization">authorization</a>.</td></tr></tbody></table> <p>If you wish to obtain information about the authenticated principal, you can do so by accessing the <code>SecurityContextHolder</code>.</p> <p>Example 2. Access Currently Authenticated User</p> <p>Java</p> <div class="language- extra-class"><pre class="language-text"><code>SecurityContext context = SecurityContextHolder.getContext();
Authentication authentication = context.getAuthentication();
String username = authentication.getName();
Object principal = authentication.getPrincipal();
Collection&lt;? extends GrantedAuthority&gt; authorities = authentication.getAuthorities();
</code></pre></div><p>Kotlin</p> <div class="language- extra-class"><pre class="language-text"><code>val context = SecurityContextHolder.getContext()
val authentication = context.authentication
val username = authentication.name
val principal = authentication.principal
val authorities = authentication.authorities
</code></pre></div><p>By default the <code>SecurityContextHolder</code> uses a <code>ThreadLocal</code> to store these details, which means that the <code>SecurityContext</code> is always available to methods in the same thread, even if the <code>SecurityContext</code> is not explicitly passed around as an argument to those methods.
Using a <code>ThreadLocal</code> in this way is quite safe if care is taken to clear the thread after the present principal’s request is processed.
Spring Security’s <a href="/en/architecture.html#servlet-filterchainproxy">FilterChainProxy</a> ensures that the <code>SecurityContext</code> is always cleared.</p> <p>Some applications aren’t entirely suitable for using a <code>ThreadLocal</code>, because of the specific way they work with threads.
For example, a Swing client might want all threads in a Java Virtual Machine to use the same security context.<code>SecurityContextHolder</code> can be configured with a strategy on startup to specify how you would like the context to be stored.
For a standalone application you would use the <code>SecurityContextHolder.MODE_GLOBAL</code> strategy.
Other applications might want to have threads spawned by the secure thread also assume the same security identity.
This is achieved by using <code>SecurityContextHolder.MODE_INHERITABLETHREADLOCAL</code>.
You can change the mode from the default <code>SecurityContextHolder.MODE_THREADLOCAL</code> in two ways.
The first is to set a system property, the second is to call a static method on <code>SecurityContextHolder</code>.
Most applications won’t need to change from the default, but if you do, take a look at the Javadoc for <code>SecurityContextHolder</code> to learn more.</p> <h2 id="securitycontext"><a href="#securitycontext" class="header-anchor">#</a> SecurityContext</h2> <p>The <a href="https://docs.spring.io/spring-security/site/docs/5.6.2/api/org/springframework/security/core/context/SecurityContext.html" target="_blank" rel="noopener noreferrer"><code>SecurityContext</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> is obtained from the <a href="#servlet-authentication-securitycontextholder">SecurityContextHolder</a>.
The <code>SecurityContext</code> contains an <a href="#servlet-authentication-authentication">Authentication</a> object.</p> <h2 id="authentication"><a href="#authentication" class="header-anchor">#</a> Authentication</h2> <p>The <a href="https://docs.spring.io/spring-security/site/docs/5.6.2/api/org/springframework/security/core/Authentication.html" target="_blank" rel="noopener noreferrer"><code>Authentication</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> serves two main purposes within Spring Security:</p> <ul><li><p>An input to <a href="#servlet-authentication-authenticationmanager"><code>AuthenticationManager</code></a> to provide the credentials a user has provided to authenticate.
When used in this scenario, <code>isAuthenticated()</code> returns <code>false</code>.</p></li> <li><p>Represents the currently authenticated user.
The current <code>Authentication</code> can be obtained from the <a href="#servlet-authentication-securitycontext">SecurityContext</a>.</p></li></ul> <p>The <code>Authentication</code> contains:</p> <ul><li><p><code>principal</code> - identifies the user.
When authenticating with a username/password this is often an instance of <a href="/en/spring-security/passwords/user-details.html#servlet-authentication-userdetails"><code>UserDetails</code></a>.</p></li> <li><p><code>credentials</code> - often a password.
In many cases this will be cleared after the user is authenticated to ensure it is not leaked.</p></li> <li><p><code>authorities</code> - the <a href="#servlet-authentication-granted-authority"><code>GrantedAuthority</code>s</a> are high level permissions the user is granted.
A few examples are roles or scopes.</p></li></ul> <h2 id="grantedauthority"><a href="#grantedauthority" class="header-anchor">#</a> GrantedAuthority</h2> <p><a href="https://docs.spring.io/spring-security/site/docs/5.6.2/api/org/springframework/security/core/GrantedAuthority.html" target="_blank" rel="noopener noreferrer"><code>GrantedAuthority</code>s<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> are high level permissions the user is granted. A few examples are roles or scopes.</p> <p><code>GrantedAuthority</code>s can be obtained from the <a href="#servlet-authentication-authentication"><code>Authentication.getAuthorities()</code></a> method.
This method provides a <code>Collection</code> of <code>GrantedAuthority</code> objects.
A <code>GrantedAuthority</code> is, not surprisingly, an authority that is granted to the principal.
Such authorities are usually &quot;roles&quot;, such as <code>ROLE_ADMINISTRATOR</code> or <code>ROLE_HR_SUPERVISOR</code>.
These roles are later on configured for web authorization, method authorization and domain object authorization.
Other parts of Spring Security are capable of interpreting these authorities, and expect them to be present.
When using username/password based authentication <code>GrantedAuthority</code>s are usually loaded by the <a href="/en/spring-security/passwords/user-details-service.html#servlet-authentication-userdetailsservice"><code>UserDetailsService</code></a>.</p> <p>Usually the <code>GrantedAuthority</code> objects are application-wide permissions.
They are not specific to a given domain object.
Thus, you wouldn’t likely have a <code>GrantedAuthority</code> to represent a permission to <code>Employee</code> object number 54, because if there are thousands of such authorities you would quickly run out of memory (or, at the very least, cause the application to take a long time to authenticate a user).
Of course, Spring Security is expressly designed to handle this common requirement, but you’d instead use the project’s domain object security capabilities for this purpose.</p> <h2 id="authenticationmanager"><a href="#authenticationmanager" class="header-anchor">#</a> AuthenticationManager</h2> <p><a href="https://docs.spring.io/spring-security/site/docs/5.6.2/api/org/springframework/security/authentication/AuthenticationManager.html" target="_blank" rel="noopener noreferrer"><code>AuthenticationManager</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> is the API that defines how Spring Security’s Filters perform <a href="/features/authentication/index.html#authentication">authentication</a>.
The <a href="#servlet-authentication-authentication"><code>Authentication</code></a> that is returned is then set on the <a href="#servlet-authentication-securitycontextholder">SecurityContextHolder</a> by the controller (i.e. <a href="/en/architecture.html#servlet-security-filters">Spring Security’s <code>Filters</code>s</a>) that invoked the <code>AuthenticationManager</code>.
If you are not integrating with <em>Spring Security’s <code>Filters</code>s</em> you can set the <code>SecurityContextHolder</code> directly and are not required to use an <code>AuthenticationManager</code>.</p> <p>While the implementation of <code>AuthenticationManager</code> could be anything, the most common implementation is <a href="#servlet-authentication-providermanager"><code>ProviderManager</code></a>.</p> <h2 id="providermanager"><a href="#providermanager" class="header-anchor">#</a> ProviderManager</h2> <p><a href="https://docs.spring.io/spring-security/site/docs/5.6.2/api/org/springframework/security/authentication/ProviderManager.html" target="_blank" rel="noopener noreferrer"><code>ProviderManager</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> is the most commonly used implementation of <a href="#servlet-authentication-authenticationmanager"><code>AuthenticationManager</code></a>.<code>ProviderManager</code> delegates to a <code>List</code> of <a href="#servlet-authentication-authenticationprovider"><code>AuthenticationProvider</code>s</a>.
Each <code>AuthenticationProvider</code> has an opportunity to indicate that authentication should be successful, fail, or indicate it cannot make a decision and allow a downstream <code>AuthenticationProvider</code> to decide.
If none of the configured <code>AuthenticationProvider</code>s can authenticate, then authentication will fail with a <code>ProviderNotFoundException</code> which is a special <code>AuthenticationException</code> that indicates the <code>ProviderManager</code> was not configured to support the type of <code>Authentication</code> that was passed into it.</p> <p><img src="https://docs.spring.io/spring-security/reference/_images/servlet/authentication/architecture/providermanager.png" alt="ProviderManager"></p> <p>In practice each <code>AuthenticationProvider</code> knows how to perform a specific type of authentication.
For example, one <code>AuthenticationProvider</code> might be able to validate a username/password, while another might be able to authenticate a SAML assertion.
This allows each <code>AuthenticationProvider</code> to do a very specific type of authentication, while supporting multiple types of authentication and only exposing a single <code>AuthenticationManager</code> bean.</p> <p><code>ProviderManager</code> also allows configuring an optional parent <code>AuthenticationManager</code> which is consulted in the event that no <code>AuthenticationProvider</code> can perform authentication.
The parent can be any type of <code>AuthenticationManager</code>, but it is often an instance of <code>ProviderManager</code>.</p> <p><img src="https://docs.spring.io/spring-security/reference/_images/servlet/authentication/architecture/providermanager-parent.png" alt="providermanager parent"></p> <p>In fact, multiple <code>ProviderManager</code> instances might share the same parent <code>AuthenticationManager</code>.
This is somewhat common in scenarios where there are multiple <a href="/en/architecture.html#servlet-securityfilterchain"><code>SecurityFilterChain</code></a> instances that have some authentication in common (the shared parent <code>AuthenticationManager</code>), but also different authentication mechanisms (the different <code>ProviderManager</code> instances).</p> <p><img src="https://docs.spring.io/spring-security/reference/_images/servlet/authentication/architecture/providermanagers-parent.png" alt="providermanagers parent"></p> <p>By default <code>ProviderManager</code> will attempt to clear any sensitive credentials information from the <code>Authentication</code> object which is returned by a successful authentication request.
This prevents information like passwords being retained longer than necessary in the <code>HttpSession</code>.</p> <p>This may cause issues when you are using a cache of user objects, for example, to improve performance in a stateless application.
If the <code>Authentication</code> contains a reference to an object in the cache (such as a <code>UserDetails</code> instance) and this has its credentials removed, then it will no longer be possible to authenticate against the cached value.
You need to take this into account if you are using a cache.
An obvious solution is to make a copy of the object first, either in the cache implementation or in the <code>AuthenticationProvider</code> which creates the returned <code>Authentication</code> object.
Alternatively, you can disable the <code>eraseCredentialsAfterAuthentication</code> property on <code>ProviderManager</code>.
See the <a href="https://docs.spring.io/spring-security/site/docs/5.6.2/api/org/springframework/security/authentication/ProviderManager.html" target="_blank" rel="noopener noreferrer">Javadoc<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> for more information.</p> <h2 id="authenticationprovider"><a href="#authenticationprovider" class="header-anchor">#</a> AuthenticationProvider</h2> <p>Multiple <a href="https://docs.spring.io/spring-security/site/docs/5.6.2/api/org/springframework/security/authentication/AuthenticationProvider.html" target="_blank" rel="noopener noreferrer"><code>AuthenticationProvider</code>s<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> can be injected into <a href="#servlet-authentication-providermanager"><code>ProviderManager</code></a>.
Each <code>AuthenticationProvider</code> performs a specific type of authentication.
For example, <a href="/en/spring-security/passwords/dao-authentication-provider.html#servlet-authentication-daoauthenticationprovider"><code>DaoAuthenticationProvider</code></a> supports username/password based authentication while <code>JwtAuthenticationProvider</code> supports authenticating a JWT token.</p> <h2 id="request-credentials-with-authenticationentrypoint"><a href="#request-credentials-with-authenticationentrypoint" class="header-anchor">#</a> Request Credentials with <code>AuthenticationEntryPoint</code></h2> <p><a href="https://docs.spring.io/spring-security/site/docs/5.6.2/api/org/springframework/security/web/AuthenticationEntryPoint.html" target="_blank" rel="noopener noreferrer"><code>AuthenticationEntryPoint</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> is used to send an HTTP response that requests credentials from a client.</p> <p>Sometimes a client will proactively include credentials such as a username/password to request a resource.
In these cases, Spring Security does not need to provide an HTTP response that requests credentials from the client since they are already included.</p> <p>In other cases, a client will make an unauthenticated request to a resource that they are not authorized to access.
In this case, an implementation of <code>AuthenticationEntryPoint</code> is used to request credentials from the client.
The <code>AuthenticationEntryPoint</code> implementation might perform a <a href="/en/spring-security/passwords/form.html#servlet-authentication-form">redirect to a log in page</a>, respond with an <a href="/en/spring-security/passwords/basic.html#servlet-authentication-basic">WWW-Authenticate</a> header, etc.</p> <h2 id="abstractauthenticationprocessingfilter"><a href="#abstractauthenticationprocessingfilter" class="header-anchor">#</a> AbstractAuthenticationProcessingFilter</h2> <p><a href="https://docs.spring.io/spring-security/site/docs/5.6.2/api/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.html" target="_blank" rel="noopener noreferrer"><code>AbstractAuthenticationProcessingFilter</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> is used as a base <code>Filter</code> for authenticating a user’s credentials.
Before the credentials can be authenticated, Spring Security typically requests the credentials using <a href="#servlet-authentication-authenticationentrypoint"><code>AuthenticationEntryPoint</code></a>.</p> <p>Next, the <code>AbstractAuthenticationProcessingFilter</code> can authenticate any authentication requests that are submitted to it.</p> <p><img src="https://docs.spring.io/spring-security/reference/_images/servlet/authentication/architecture/abstractauthenticationprocessingfilter.png" alt="abstractauthenticationprocessingfilter"></p> <p><img src="https://docs.spring.io/spring-security/reference/_images/icons/number_1.png" alt="number 1"> When the user submits their credentials, the <code>AbstractAuthenticationProcessingFilter</code> creates an <a href="#servlet-authentication-authentication"><code>Authentication</code></a> from the <code>HttpServletRequest</code> to be authenticated.
The type of <code>Authentication</code> created depends on the subclass of <code>AbstractAuthenticationProcessingFilter</code>.
For example, <a href="/en/spring-security/passwords/form.html#servlet-authentication-usernamepasswordauthenticationfilter"><code>UsernamePasswordAuthenticationFilter</code></a> creates a <code>UsernamePasswordAuthenticationToken</code> from a <em>username</em> and <em>password</em> that are submitted in the <code>HttpServletRequest</code>.</p> <p><img src="https://docs.spring.io/spring-security/reference/_images/icons/number_2.png" alt="number 2"> Next, the <a href="#servlet-authentication-authentication"><code>Authentication</code></a> is passed into the <a href="#servlet-authentication-authenticationmanager"><code>AuthenticationManager</code></a> to be authenticated.</p> <p><img src="https://docs.spring.io/spring-security/reference/_images/icons/number_3.png" alt="number 3"> If authentication fails, then <em>Failure</em></p> <ul><li><p>The <a href="#servlet-authentication-securitycontextholder">SecurityContextHolder</a> is cleared out.</p></li> <li><p><code>RememberMeServices.loginFail</code> is invoked.
If remember me is not configured, this is a no-op.</p></li> <li><p><code>AuthenticationFailureHandler</code> is invoked.</p></li></ul> <p><img src="https://docs.spring.io/spring-security/reference/_images/icons/number_4.png" alt="number 4"> If authentication is successful, then <em>Success</em>.</p> <ul><li><p><code>SessionAuthenticationStrategy</code> is notified of a new log in.</p></li> <li><p>The <a href="#servlet-authentication-authentication">Authentication</a> is set on the <a href="#servlet-authentication-securitycontextholder">SecurityContextHolder</a>.
Later the <code>SecurityContextPersistenceFilter</code> saves the <code>SecurityContext</code> to the <code>HttpSession</code>.</p></li> <li><p><code>RememberMeServices.loginSuccess</code> is invoked.
If remember me is not configured, this is a no-op.</p></li> <li><p><code>ApplicationEventPublisher</code> publishes an <code>InteractiveAuthenticationSuccessEvent</code>.</p></li> <li><p><code>AuthenticationSuccessHandler</code> is invoked.</p></li></ul> <p><a href="/en/spring-security/index.html">Authentication</a><a href="/en/spring-security/passwords/index.html">Username/Password</a></p></div> <footer class="page-edit"><div class="edit-link"><a href="https://gitcode.net/dev-cloud/spring-docs/-/blob/master/docs/en/spring-security/servlet-authentication-architecture.md" target="_blank" rel="noopener noreferrer">Edit this page on GitCode</a> <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></div> <div class="last-updated"><span class="prefix">Last Updated:</span> <span class="time">Thu Mar 17 2022 18:19:53 GMT+0800</span></div></footer> <div class="page-nav"><p class="inner"><span class="prev">

      <a href="/en/spring-security/servlet-authentication.html" class="prev">
        Authentication
      </a></span> <span class="next"><a href="/en/spring-security/servlet-authentication-passwords.html">
        Username/Password Authentication
      </a>

    </span></p></div> </main></div><div class="global-ui"></div></div>
    <script src="/assets/js/app.cf11b18e.js" defer></script><script src="/assets/js/3.50918073.js" defer></script><script src="/assets/js/4.cd4c3ff4.js" defer></script><script src="/assets/js/229.560ccb5c.js" defer></script>
  </body>
</html>