[英]Understanding authentication providers in Spring security
I am trying to understand authentication providers in Spring (3.1) and I have a question to what is really happening here. 我试图了解Spring(3.1)中的身份验证提供程序,但对这里到底发生了什么有疑问。 I know that I use the namespace that gives easier access to functionality and configuration in the security module. 我知道我使用的命名空间可以更轻松地访问安全模块中的功能和配置。
When I have the following tags I get a provider manager which have a list of authentication providers. 当我具有以下标签时,我将获得一个提供程序管理器,其中包含身份验证提供程序的列表。 Now as I look at the AuthenticationProvider
interface I wonder what kind of providers I get? 现在,当我查看AuthenticationProvider
接口时,我想知道我获得了哪种提供程序? Am I right that I get a DaoAuthenticationProvider
? 我可以得到DaoAuthenticationProvider
吗? Do I get other providers and how is it able to find out which providers to register (if this is how it is done)? 我可以获得其他提供商吗?如何找到要注册的提供商(如果这样做的话)?
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource" />
</security:authentication-provider>
</security:authentication-manager>
That's right you are going to get a DaoAuthenticationProvider
with the above config. 没错,您将获得带有上述配置的DaoAuthenticationProvider
。 The documentation for <authentication-provider>
clearly states: <authentication-provider>
的文档明确指出:
Unless used with a
ref
attribute, this element is shorthand for configuring aDaoAuthenticationProvider
. 除非与ref
属性一起使用,否则此元素是配置DaoAuthenticationProvider
简写。
The <authentication-provider>
tag is parsed by AuthenticationProviderBeanDefinitionParser
which invariably registers a DaoAuthenticationProvider
injected with the specified UserDetailsService
and other collaborators (passwordEncoder, saltSource, etc.). <authentication-provider>
标记由AuthenticationProviderBeanDefinitionParser
解析,该标识符始终注册使用指定UserDetailsService
和其他协作者(passwordEncoder,saltSource等)注入的DaoAuthenticationProvider
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.