Explain what is AuthenticationManager in Spring security.

1.	Explain what is AuthenticationManager in Spring security.
Answer» A Spring Security component called AuthenticationManager tells "How authentication will happen". Because the how part of this question depends on which authentication provider we are using for our application, an AuthenticationManager contains references to all the AuthenticationProviders. AuthenticationManager is the strategy INTERFACE for authentication, which has only one METHOD: public interface AuthenticationManager { Authentication authenticate(Authentication authentication) THROWS AuthenticationException; } AuthenticationManagers can PERFORM one of three actions in their authenticate() method: If it can verify that the input represents a valid principal, it will RETURN an Authentication (normally authenticated=true). If the input is believed to represent an invalid principal, it will throw an AuthenticationException. If it is unable to decide, it will return null.

Answer»

A Spring Security component called AuthenticationManager tells "How authentication will happen". Because the how part of this question depends on which authentication provider we are using for our application, an AuthenticationManager contains references to all the AuthenticationProviders. AuthenticationManager is the strategy INTERFACE for authentication, which has only one METHOD:

public interface AuthenticationManager { Authentication authenticate(Authentication authentication) THROWS AuthenticationException; }

AuthenticationManagers can PERFORM one of three actions in their authenticate() method:

If it can verify that the input represents a valid principal, it will RETURN an Authentication (normally authenticated=true).
If the input is believed to represent an invalid principal, it will throw an AuthenticationException.
If it is unable to decide, it will return null.

Discussion

No Comment Found

Related InterviewSolutions

State the difference between @Secured and @RolesAllowed.
State the difference between @PreAuthorize and @Secured in Spring security.
State the difference between ROLE_USER and ROLE_ANONYMOUS in a spring intercept-url configuration.
Does order matter in the intercept-url pattern? If yes, then in which order should we write it?
What is the intercept-url pattern and why do we need it?
Can you explain what is FilterChainProxy in spring security?
Can you explain what is DelegatingFilterProxy in spring security?
What do you mean by principal in Spring security?
Name some predefined filters used in spring security and write their functions.
Explain how the security filter chain works.