Java Reference
In-Depth Information
principal and credential. On successful authentication, this method returns the
Authentication
object with the user's role list. This will be required later during
authorization.
The authenticated user is redirected to the URL specified by the property
defaultTargetUrl
. In this case, the user is directed to the web page for underwriting a
new policy. If the authentication fails, an
AuthenticationException
will be raised. In this
case, the user is redirected to the URL set in the property
authenticationFailureUrl
.
In this example, the user is redirected to the login page. The
errorId
specified in the
authenticationFailureUrl
flags the
login.jsp
file in Listing 6-5 to display the error mes-
sages because of an authentication failure.
Spring Security provides one custom authentication manager implementation in the
form of the
ProviderManager
class. This in turn delegates to authentication providers.
Authentication providers are adapters for the underlying authentication technology.
With this strategy, it is possible to authenticate with any identity management system.
The
ProviderManager
class can be configured to work with multiple authentication
providers. It will iterate through the list of authentication providers until the user is
authenticated by one of them or the provider collection is exhausted. Listing 6-8 shows
the provider manager configuration.
Listing 6-8.
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
<beans>
<!—Other beans -->
<bean id="authenticationManager"
class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
</list>
</property>
</bean>
</beans>
Note that in Listing 6-8, the provider manager works with a single authentication
provider. Spring provides several out-of-the-box providers, as shown in Figure 6-5.