Java Reference
In-Depth Information
principal and credential. On successful authentication, this method returns the
Authentication object with the user's role list. This will be required later during
The authenticated user is redirected to the URL specified by the property
defaultTargetUrl . In this case, the user is directed to the web page for underwriting a
new policy. If the authentication fails, an AuthenticationException will be raised. In this
case, the user is redirected to the URL set in the property authenticationFailureUrl .
In this example, the user is redirected to the login page. The errorId specified in the
authenticationFailureUrl flags the login.jsp file in Listing 6-5 to display the error mes-
sages because of an authentication failure.
Spring Security provides one custom authentication manager implementation in the
form of the ProviderManager class. This in turn delegates to authentication providers.
Authentication providers are adapters for the underlying authentication technology.
With this strategy, it is possible to authenticate with any identity management system.
The ProviderManager class can be configured to work with multiple authentication
providers. It will iterate through the list of authentication providers until the user is
authenticated by one of them or the provider collection is exhausted. Listing 6-8 shows
the provider manager configuration.
Listing 6-8. applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<!—Other beans -->
<bean id="authenticationManager"
<property name="providers">
<ref local="daoAuthenticationProvider"/>
Note that in Listing 6-8, the provider manager works with a single authentication
provider. Spring provides several out-of-the-box providers, as shown in Figure 6-5.
Search WWH ::

Custom Search