6

Is there any difference in 

Authentication auth= authenticationManager.authenticate(authentication);

and 

 Authentication auth= authenticationProvider.authenticate(authentication);
Cork Kochi
  • 1,783
  • 6
  • 29
  • 45
  • Does this answer your question? [spring security AuthenticationManager vs AuthenticationProvider?](https://stackoverflow.com/questions/2323377/spring-security-authenticationmanager-vs-authenticationprovider) – lcnicolau Sep 24 '22 at 20:14

1 Answers1

16

AuthenticationManager holds list of AuthenticationProvider instances.

When you execute authenticationManager.authenticate()

What this actually does is iterate over all instances of AuthenticationProvider and tries to authenticate user with each one.

Default spring implementation of AuthenticationManager is org.springframework.security.authentication.ProviderManager

The actual authentication is performed inside AuthenticationProvider. Each AuthenticationProvider contains instance of UserDetailsService which is responsible for fetching user information (including hashed password) out of database for example, or LDAP. Once instance of UserDetails is successfully retrieved from database AuthenticationProvider will then use instance of PasswordEncoder to check whether password user provided matches hashed password you retrieved from database.

more info here http://docs.spring.io/spring-security/site/docs/2.0.8.RELEASE/apidocs/org/springframework/security/providers/ProviderManager.html

and here https://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/authentication/dao/DaoAuthenticationProvider.html

SeaBiscuit
  • 2,553
  • 4
  • 25
  • 40