Skip to content

Spring 中文文档社区
Spring 中文文档社区

syhp1982 / Spring 中文文档社区
与 Fork 源项目一致

Fork自 开发云 / Spring 中文文档社区

通知 1
Star 0
Fork 0
Spring 中文文档社区
Spring 中文文档社区

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
servlet-authentication-passwords-storage-dao-authentication-provider.md 2.5 KB
Newer Older
茶陵後's avatar
#18 [skip ci] spring-security  
茶陵後 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 
# DaoAuthenticationProvider

[`DaoAuthenticationProvider`](https://docs.spring.io/spring-security/site/docs/5.6.2/api/org/springframework/security/authentication/dao/DaoAuthenticationProvider.html) is an [`AuthenticationProvider`](../architecture.html#servlet-authentication-authenticationprovider) implementation that leverages a [`UserDetailsService`](user-details-service.html#servlet-authentication-userdetailsservice) and [`PasswordEncoder`](password-encoder.html#servlet-authentication-password-storage) to authenticate a username and password.

Let’s take a look at how `DaoAuthenticationProvider` works within Spring Security.
The figure explains details of how the [`AuthenticationManager`](../architecture.html#servlet-authentication-authenticationmanager) in figures from [Reading the Username & Password](index.html#servlet-authentication-unpwd-input) works.

![daoauthenticationprovider](../../../_images/servlet/authentication/unpwd/daoauthenticationprovider.png)

Figure 1. `DaoAuthenticationProvider` Usage

![number 1](../../../_images/icons/number_1.png) The authentication `Filter` from [Reading the Username & Password](index.html#servlet-authentication-unpwd-input) passes a `UsernamePasswordAuthenticationToken` to the `AuthenticationManager` which is implemented by [`ProviderManager`](../architecture.html#servlet-authentication-providermanager).

![number 2](../../../_images/icons/number_2.png) The `ProviderManager` is configured to use an [AuthenticationProvider](../architecture.html#servlet-authentication-authenticationprovider) of type `DaoAuthenticationProvider`.

![number 3](../../../_images/icons/number_3.png) `DaoAuthenticationProvider` looks up the `UserDetails` from the `UserDetailsService`.

![number 4](../../../_images/icons/number_4.png) `DaoAuthenticationProvider` then uses the [`PasswordEncoder`](password-encoder.html#servlet-authentication-password-storage) to validate the password on the `UserDetails` returned in the previous step.

![number 5](../../../_images/icons/number_5.png) When authentication is successful, the [`Authentication`](../architecture.html#servlet-authentication-authentication) that is returned is of type `UsernamePasswordAuthenticationToken` and has a principal that is the `UserDetails` returned by the configured `UserDetailsService`.
Ultimately, the returned `UsernamePasswordAuthenticationToken` will be set on the [`SecurityContextHolder`](../architecture.html#servlet-authentication-securitycontextholder) by the authentication `Filter`.

[PasswordEncoder](password-encoder.html)[LDAP](ldap.html)