this post was submitted on 27 Dec 2023
5 points (100.0% liked)
The Java Programming Language
207 readers
5 users here now
Discussion of Java and java-related technologies. This includes things like:
- J2EE/JakartaEE
- Spring
- Micronaut
- Helidon
- Quarkus
For assistance learning Java, please go to Learn Java
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I think using AuthenticationProvider is a bit overkill. I usually make a AuthenticationManager Bean. like this:
@Bean public AuthenticationManager authenticationManager(PasswordEncoder passwordEncoder, CustomUserDetailsService customUserDetailsService) throws Exception { var auth = new DaoAuthenticationProvider(); auth.setPasswordEncoder(passwordEncoder); auth.setUserDetailsService(customUserDetailsService); return new ProviderManager(auth); }
Here I provide the
DoaAuthenticationProvider
which is a Spring class used for Users stored in the DB. These DB-Users can implement the UserDetails interface (mine actually don't I translate it later), because that's the interface Spring Security uses to authenticate user credentials.I also provide a
CustomUserDetailsService
which is a@Service
class that implements the UserDetailsService interface and it'sloadByUsername
method, which fetches the user from the database and translates it's username, password and authority into a UserDetails instance.Alternatively, you can make a
UserDetails
Bean with InmemoryAuthentication like here. This is great for practicing security, because you can skip the step of storing Users in the DB and just declare them there, but it's not good for real world applications for obvious reasons.(p.s. I hope this answers your question, next time provide your relevant code snippets or maybe a full github repo)