I am new to Spring Security and I am trying to implement a custom UserDetailsService
for authentication. What bothers me, is that this interface contains only one method loadUserByUsername(String username)
which takes only the username as a parameter and returns a UserDetails
.
I was wondering why this method does not take any password as a parameter.
How Spring managed to authenticate a user based only on the username?
I am new to Spring security and any clarification on the Api and the authentication process in Spring Security is welcome.
It is not the job of UserDetailsService
to authenticate the user. That is responsibility of AuthenticationProvider
.
For example the DaoAuthenticationProvider
just uses UserDetailsService
to load the user by username and then verifies the UsernamePasswordAuthenticationToken
against that user to see if the passwords match.
Have a look at the source code of DaoAuthenticationProvider
to get an idea of how exactly this is done behind the scenes.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With