Spring security notes

textual: http://perfectworldprogramming.com/introduction-to-spring-security-the-architecture-and-design/

 

(part 1)

user => username and password as well as some type of authorization information.

UserDetails:  interface to store user information
  username, password,
  list of GrantedAutority  

GrantedAutority: hold a string for each role that the user has

Authentication: look up the user information and populate UserDetails instance object.
AuthenticationManger:  interface that delegates to others do the actual work.

how to do: 1) look up, populate UserDetails  2) check password
fail:  throw exception.
successful: take the UserDetails object and store it somewhere

AuthenticationManager delegate to a collection of AuthenticationProvider instances.

AuthenticationProvider : is a interface that maps to a data store which stores you user data.
  eg. database.

to get data for the user, AuthenticationProvider call a UserDetailsService object.

UserDetailsService looks up the user data and returns a populated UserDetails object.
can't find user data, throw UsernameNotFoundException.

Password is checked in AuthenticationProvider, if password does not match,
throw AuthenticationException (or a subclass of it like BadCredentialsException).

so the process goes something like this: 所以事情是这个样子地：
as a matter of fact:   确切地说; 事实上

username and password -> Authentication

        -> AuthenticationManager.authenticate()

              ->  AuthenticationProvider(s).authenticate()

                   -> UserDetailsService.loadUserByUsername()

different: that will be where and how you store your user data.


(part 2)

textual: http://perfectworldprogramming.com/category/spring-security/

authorization:  GROUP, ROLE, ACLs

role based:
AccessDecisionManager:  delegats to a Collection of objects called AccessDecisionVoter(s)

voter: yay, positive integer, no: negative number.
RoleVoter:  ROLE_