Spring Security 2ΒΆ

See also

spring-security.xml
LoginAction.java

classes, interfaces:

[I] org.springframework.security.Authentication
[I] org.springframework.security.providers.AuthenticationProvider
[I] org.springframework.security.userdetails.UserDetails
[I] org.springframework.security.userdetails.UserDetailsService
[I] org.springframework.security.userdetails.AuthenticationUserDetailsService

// the object containing the Authentication object
[C] org.springframework.security.context.SecurityContextHolder

// credential check non required
[C] org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider [I AuthenticationProvider]
[C] org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken [I Authentication]

// credential check required
[C] org.springframework.security.providers.dao.DaoAuthenticationProvider [I AuthenticationProvider]
[C] org.springframework.security.providers.UsernamePasswordAuthenticationToken [I Authentication]

// anonymous user access no credential check ( not used )
[C] org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider
[C] org.springframework.security.providers.anonymous.AnonymousAuthenticationToken

[C] org.springframework.security.providers.ProviderManager // the object containing the Authentication object

[I] sangah.security.service.UserService
[C] sangah.security.service.UserServiceImpl ( CRUD implementation for user )

[I] sangah.security.UserProfile
[C] sangah.security.UserProfileImpl (  )

example:

// pre authenticated user ( credential check not required )
Authentication auth = new PreAuthenticatedAuthenticationToken([userid], [password]);
auth = preAuthAuthenticationProvider.authenticate(auth);

// user to be authenticated ( credential check required )
auth = new UsernamePasswordAuthenticationToken( new UserProfileImpl( [userid], [password] ), [password] );
auth = authenticationProvider.authenticate( auth );

if( auth != null && auth.isAuthenticated() ){
    SecurityContextHolder.getContext().setAuthentication( auth );
}

reference:

See also

  1. http://docs.spring.io/spring-security/site/reference.html
  2. http://docs.spring.io/spring-security/site/docs/2.0.7.RELEASE/reference/springsecurity.html
  3. http://docs.spring.io/spring-security/site/docs/2.0.7.RELEASE/reference/authentication-common-auth-services.html#concurrent-sessions
  4. http://docs.spring.io/spring-security/site/docs/3.0.x/reference/springsecurity.html ( recommended )
  5. http://docs.spring.io/spring-security/site/docs/3.0.x/reference/core-services.html
  6. http://docs.spring.io/spring-security/site/docs/3.0.x/reference/technical-overview.html
  7. http://docs.spring.io/spring-security/site/docs/3.0.x/reference/security-filter-chain.html
  8. http://docs.spring.io/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/Authentication.html
  9. http://docs.spring.io/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/userdetails/UserDetails.html
  10. http://docs.spring.io/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/userdetails/UserDetailsService.html
  11. supplement: http://www.codeproject.com/Articles/253901/Getting-Started-Spring-Security