In case you are looking for basic spring security understating refer to the previous blog of this series Spring Security basic.

The blog we will discussing briefly on spring security architecure, in the end you will know where all you can plugin your code and improve your project security. Spring security basically provides two feature authentication based on credentials and authorization/access control based on roles. First of all let’s look into below diagrams and then we will have detailed discussion on this. gras
Here are few pointer from above images.

gras Source:
Here are few pointer from above images


AuthenticationManagerBuilder is utility helps us configuring the AuthenticationManager, such as picking the right strategy (inmemory, jdbc, datasource etc).

Authorization/Access control

There are two important class AccessDecisionManager and AccessDecisionVoter same as ProviderManager and AuthenticationProvider pattern. AccessDecisionManager has three implementation(AffirmativeBased, ConsensusBased,UnanimousBased) and each contains list of AccessDecisionVoter. gras
For example, AffirmativeBased implementation run all the AccessDecisionVoter and if any of them throws exception it denies the access otherwise access is granted.

Access User object.

In case you need to access the User the logged in user object.

public String foo(@AuthenticationPrincipal User user) {
  ... // do stuff with user
public String foo(Principal principal) {
  Authentication authentication = (Authentication) principal;
  User = (User) authentication.getPrincipal();
  ... // do stuff with user