Spring Security

2.

Core Architectural Components

2.1.

The Servlet Filter Chain

2.1.1.

Purpose and Function of Servlet Filters

2.1.2.

`DelegatingFilterProxy`

2.1.2.1.

Role in Delegating to Spring Beans

2.1.2.2.

Configuration in `web.xml`

2.1.2.3.

Configuration in Spring Boot

2.1.3.

`FilterChainProxy`

2.1.3.1.

Managing Multiple Security Filter Chains

2.1.3.2.

Order of Filters

2.1.3.3.

Filter Chain Selection

2.2.

The `SecurityFilterChain` Bean

2.2.1.

Definition and Purpose

2.2.2.

Customizing Filter Chains

2.2.3.

Multiple Filter Chains for Different Endpoints

2.2.4.

Filter Chain Matching

2.3.

`SecurityContextHolder`

2.3.1.

Storage Strategies

2.3.1.1.

ThreadLocal Strategy

2.3.1.2.

InheritableThreadLocal Strategy

2.3.1.3.

Global Strategy

2.3.2.

Accessing the Security Context

2.3.3.

Clearing the Security Context

2.3.4.

Thread Safety Considerations

2.4.

`SecurityContext`

2.4.1.

Structure and Purpose

2.4.2.

Storing Authentication Information

2.4.3.

Context Propagation

2.5.

`Authentication` Object

2.5.1.

Structure and Key Properties

2.5.2.

2.5.3.

2.5.4.

2.5.5.

Authentication State

2.6.

Key Interfaces and Implementations

2.6.1.

2.6.1.1.

Required Methods

2.6.1.2.

Account Status Properties

2.6.1.3.

Custom UserDetails Implementations

2.6.2.

`UserDetailsService`

2.6.2.1.

Loading User Information

2.6.2.2.

Implementing Custom UserDetailsService

2.6.2.3.

Exception Handling

2.6.3.

`GrantedAuthority`

2.6.3.1.

Role and Permission Representation

2.6.3.2.

Simple Granted Authority

2.6.3.3.

Custom Authority Implementations

2.6.4.

`PasswordEncoder`

2.6.4.1.

Purpose and Usage

2.6.4.2.

Encoding Passwords

2.6.4.3.

Matching Passwords

Previous

1. Introduction to Spring Security

Go to top

Next

3. Authentication Mechanisms