DaoAuthenticationProvider

{security-api-url}org/springframework/security/authentication/dao/DaoAuthenticationProvider.html[DaoAuthenticationProvider] 是一个 AuthenticationProvider实现,它使用 UserDetailsServicePasswordEncoder来对用户名和密码进行身份验证。

{security-api-url}org/springframework/security/authentication/dao/DaoAuthenticationProvider.html[DaoAuthenticationProvider] is an AuthenticationProvider implementation that uses a UserDetailsService and PasswordEncoder to authenticate a username and password.

本节探讨了 DaoAuthenticationProvider`如何在 Spring Security 中工作。下图说明了来自 Reading the Username & Password部分各图中 `AuthenticationManager的工作原理。

This section examines how DaoAuthenticationProvider works within Spring Security. The following figure explains the workings of the AuthenticationManager in figures from the Reading the Username & Password section.

daoauthenticationprovider
Figure 1. DaoAuthenticationProvider Usage

number 1来自 Reading the Username & Password部分的身份验证 Filter`将 `UsernamePasswordAuthenticationToken`传递给 `AuthenticationManager,它由 ProviderManager实现。

number 1 The authentication Filter from the Reading the Username & Password section passes a UsernamePasswordAuthenticationToken to the AuthenticationManager, which is implemented by ProviderManager.

number 2配置为使用类型为 `DaoAuthenticationProvider`的 AuthenticationProvider

number 2 The ProviderManager is configured to use an AuthenticationProvider of type DaoAuthenticationProvider.

number 3 DaoAuthenticationProviderUserDetailsService 中查找 UserDetails

number 3 DaoAuthenticationProvider looks up the UserDetails from the UserDetailsService.

number 4 DaoAuthenticationProvider`使用 `PasswordEncoder验证在上一步中返回的 `UserDetails`上的密码。

number 4 DaoAuthenticationProvider uses the PasswordEncoder to validate the password on the UserDetails returned in the previous step.

number 5当身份验证成功时,返回的 Authentication类型为 UsernamePasswordAuthenticationToken,其主体是已配置的 UserDetailsService`返回的 `UserDetails。最终,返回的 UsernamePasswordAuthenticationToken`由身份验证 `Filter`设置在 `SecurityContextHolder上。

number 5 When authentication is successful, the Authentication that is returned is of type UsernamePasswordAuthenticationToken and has a principal that is the UserDetails returned by the configured UserDetailsService. Ultimately, the returned UsernamePasswordAuthenticationToken is set on the SecurityContextHolder by the authentication Filter.