Table of Contents
Spring Security includes a production-quality
AuthenticationProvider
implementation called
DaoAuthenticationProvider
. This authentication
provider is compatible with all of the authentication mechanisms that
generate a UsernamePasswordAuthenticationToken
, and
is probably the most commonly used provider in the framework. Like
most of the other authentication providers, the
DaoAuthenticationProvider leverages a UserDetailsService in order to
lookup the username, password and GrantedAuthority[]s. Unlike most of
the other authentication providers that leverage UserDetailsService,
this authentication provider actually requires the password to be
presented, and the provider will actually evaluate the validity or
otherwise of the password presented in an authentication request
object.