# DaoAuthenticationProvider [`DaoAuthenticationProvider`](https://docs.spring.io/spring-security/site/docs/5.6.2/api/org/springframework/security/authentication/dao/DaoAuthenticationProvider.html) is an [`AuthenticationProvider`](../architecture.html#servlet-authentication-authenticationprovider) implementation that leverages a [`UserDetailsService`](user-details-service.html#servlet-authentication-userdetailsservice) and [`PasswordEncoder`](password-encoder.html#servlet-authentication-password-storage) to authenticate a username and password. Let’s take a look at how `DaoAuthenticationProvider` works within Spring Security. The figure explains details of how the [`AuthenticationManager`](../architecture.html#servlet-authentication-authenticationmanager) in figures from [Reading the Username & Password](index.html#servlet-authentication-unpwd-input) works. ![daoauthenticationprovider](../../../_images/servlet/authentication/unpwd/daoauthenticationprovider.png) Figure 1. `DaoAuthenticationProvider` Usage ![number 1](../../../_images/icons/number_1.png) The authentication `Filter` from [Reading the Username & Password](index.html#servlet-authentication-unpwd-input) passes a `UsernamePasswordAuthenticationToken` to the `AuthenticationManager` which is implemented by [`ProviderManager`](../architecture.html#servlet-authentication-providermanager). ![number 2](../../../_images/icons/number_2.png) The `ProviderManager` is configured to use an [AuthenticationProvider](../architecture.html#servlet-authentication-authenticationprovider) of type `DaoAuthenticationProvider`. ![number 3](../../../_images/icons/number_3.png) `DaoAuthenticationProvider` looks up the `UserDetails` from the `UserDetailsService`. ![number 4](../../../_images/icons/number_4.png) `DaoAuthenticationProvider` then uses the [`PasswordEncoder`](password-encoder.html#servlet-authentication-password-storage) to validate the password on the `UserDetails` returned in the previous step. ![number 5](../../../_images/icons/number_5.png) When authentication is successful, the [`Authentication`](../architecture.html#servlet-authentication-authentication) that is returned is of type `UsernamePasswordAuthenticationToken` and has a principal that is the `UserDetails` returned by the configured `UserDetailsService`. Ultimately, the returned `UsernamePasswordAuthenticationToken` will be set on the [`SecurityContextHolder`](../architecture.html#servlet-authentication-securitycontextholder) by the authentication `Filter`. [PasswordEncoder](password-encoder.html)[LDAP](ldap.html)