Menu
I am new to Spring Security and I am trying to implement a custom UserDetailsService for authentication. What bothers me, is that this interface contains only one method loadUserByUsername(String username) which takes only the username as a parameter and returns a UserDetails.
I was wondering why this method does not take any password as a parameter.
How Spring managed to authenticate a user based only on the username?
I am new to Spring security and any clarification on the Api and the authentication process in Spring Security is welcome.
932
It is not the job of UserDetailsService to authenticate the user. That is responsibility of AuthenticationProvider.
For example the DaoAuthenticationProvider just uses UserDetailsService to load the user by username and then verifies the UsernamePasswordAuthenticationToken against that user to see if the passwords match.
Have a look at the source code of DaoAuthenticationProvider to get an idea of how exactly this is done behind the scenes.
73
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
