Spring security is a powerful authentication and access control framework. It helps in implementing authentication and authorization features in spring applications.
In this article, we work on implementing custom authentication using Spring Security in a Spring Boot application. The theory below is complemented with the YouTube video where actual code is demonstrated.
Use Case:
In this tutorial, we secure a REST endpoint by a custom authenticator, which will authenticate requests based on a key present in the header of the request. Valid application key is present in the configuration file and custom authenticator is responsible to match the incoming header key with the application key.
Ingredients:
AuthenticationObject: It contains authentication status and the key provided in the header of the request.
AuthenticationProvider: It is responsible to perform the evaluation which in our case is comparing the key in the header request with the application key present in the configuration file.
AuthenticationManager: It is responsible to invoke the authentication provider. We can have multiple custom authentication provider invoked by same authentication manager based on certain conditions. Later stages in the video demonstrate multiple authentication provides invoked by the authentication manager.
AuthenticationFilter: It is responsible to intercept the incoming requests. It will create the authentication object with the incoming header key and pass the object to the authentication manager.
Security Configuration: This class will wire up the authentication filter in the spring context.
Thats all for the theory, let head to the practical in the below video.