스프링 시큐리티의 DaoAuthenticationProvider 에 대해서 배워 보겠습니다.
DaoAuthenticationProvider 는 AuthenticationProvider 의 구현체 입니다.
DaoAuthenticationProvider 는 UserDetailsService 를 사용하여 UserDetails 정보를 가져와 사용자가 입력한 password 와 비교합니다.
- number 1. The authentication Filter from Reading the Username & Password passes a UsernamePasswordAuthenticationToken to the AuthenticationManager which is implemented by ProviderManager.
- number 2. The ProviderManager is configured to use an AuthenticationProvider of type DaoAuthenticationProvider.
- number 3. DaoAuthenticationProvider looks up the UserDetails from the UserDetailsService.
- number 4. DaoAuthenticationProvider then uses the PasswordEncoder to validate the password on the UserDetails returned in the previous step.
- number 5. When authentication is successful, the Authentication that is returned is of type UsernamePasswordAuthenticationToken and has a principal that is the UserDetails returned by the configured UserDetailsService. Ultimately, the returned UsernamePasswordAuthenticationToken will be set on the SecurityContextHolder by the authentication Filter.