Part III. Authentication

We've already introduced Spring Security's authentication architecture in the Technical Overview chapter. In this part of the reference guide we will examine individual authentication mechanisms and their corresponding AuthenticationProviders. We'll also look at how to configure authentication more generally, including if you have several authentication approaches that need to be chained together.

With some exceptions, we will be discussing the full details of Spring Security bean configuration rather than the shorthand namespace syntax. You should review the introduction to using namespace configuration and the options it provides to see if they will meet your needs. As you come to use the framework more, and need to customize the internal behaviour, you will probably want to understand more about how the individual services are implemented, which classes to look at extending and so on. This part is more targeted at providing this kind of information. We'd recommend that you supplement the content by browsing the Javadoc and the source itself [2].

Table of Contents

8. Common Authentication Services
Mechanisms, Providers and Entry Points
UserDetails and Associated Types
In-Memory Authentication
JDBC Authentication
Concurrent Session Handling
Authentication Tag Libraries
9. DAO Authentication Provider
Overview
Configuration
10. LDAP Authentication
Overview
Using LDAP with Spring Security
Configuring an LDAP Server
Using an Embedded Test Server
Using Bind Authentication
Loading Authorities
Implementation Classes
LdapAuthenticator Implementations
Connecting to the LDAP Server
LDAP Search Objects
LdapAuthoritiesPopulator
Spring Bean Configuration
LDAP Attributes and Customized UserDetails
11. Form Authentication Mechanism
Overview
Configuration
12. BASIC Authentication Mechanism
Overview
Configuration
13. Digest Authentication
Overview
Configuration
14. Remember-Me Authentication
Overview
Simple Hash-Based Token Approach
Persistent Token Approach
Remember-Me Interfaces and Implementations
TokenBasedRememberMeServices
PersistentTokenBasedRememberMeServices
15. Java Authentication and Authorization Service (JAAS) Provider
Overview
Configuration
JAAS CallbackHandler
JAAS AuthorityGranter
16. Pre-Authentication Scenarios
Pre-Authentication Framework Classes
AbstractPreAuthenticatedProcessingFilter
AbstractPreAuthenticatedAuthenticationDetailsSource
PreAuthenticatedAuthenticationProvider
PreAuthenticatedProcessingFilterEntryPoint
Concrete Implementations
Request-Header Authentication (Siteminder)
J2EE Container Authentication
17. Anonymous Authentication
Overview
Configuration
18. X.509 Authentication
Overview
Adding X.509 Authentication to Your Web Application
Setting up SSL in Tomcat
19. CAS Authentication
Overview
How CAS Works
Configuration of CAS Client
20. Run-As Authentication Replacement
Overview
Configuration
21. Container Adapter Authentication
Overview
Adapter Authentication Provider
Jetty
JBoss
Resin
Tomcat


[2] Links to both Javadoc APIs and browsable source cross-reference are available from the project web site.