Logo Questions Linux Laravel Mysql Ubuntu Git Menu

Spring security and UserDetailsService

I am new to Spring Security and I am trying to implement a custom UserDetailsService for authentication. What bothers me, is that this interface contains only one method loadUserByUsername(String username) which takes only the username as a parameter and returns a UserDetails.

I was wondering why this method does not take any password as a parameter.

How Spring managed to authenticate a user based only on the username?

I am new to Spring security and any clarification on the Api and the authentication process in Spring Security is welcome.

like image 932
Dimitri Avatar asked Mar 19 '23 06:03


1 Answers

It is not the job of UserDetailsService to authenticate the user. That is responsibility of AuthenticationProvider.

For example the DaoAuthenticationProvider just uses UserDetailsService to load the user by username and then verifies the UsernamePasswordAuthenticationToken against that user to see if the passwords match.

Have a look at the source code of DaoAuthenticationProvider to get an idea of how exactly this is done behind the scenes.

like image 73
Bohuslav Burghardt Avatar answered Mar 26 '23 02:03

Bohuslav Burghardt