I'm new to Spring Security and would like to learn the authentication process a little bit better
Here's what I found on the Internet related to the topic if I'm wrong on the process please let me know:
Filter that might be part of a FilterChain. The filter might be of type UsernamePasswordAuthenticationFilter. The HTTP request is intercepted and there's an attempt to create an Authentication Request (an object of a class that implements the Authentication interface, i.e. UsernamePasswordAuthenticationToken).Authentication object gets delegated to the AuthenticationManager.AuthenticationManager it delegates it to the appropriate AuthenticationProvider (i.e. DaoAuthenticationProvider) where the REAL authentication takes place.AuthenticationProvider sends the fully authenticated Authentication object to the AuthenticationManager.Filter where the AuthenticationManager was invoked, SecurityContextHolder.getContext().setAuthentication(authResult); gets called and the authentication process is finished.My question is all about concrete implementations of the Filter class and the FilterChain related to authentication.
In our application most authentication filters extend AbstractAuthenticationProcessingFilter and the FilterChain is of class CompositeFilter. What are the de-facto "right" implementations of this interfaces? I apologise in advance for such a silly question but still need to learn this concept.
The SecurityFilterChain has one implementation, DefaultSecurityFilterChain.
There are too many implementations of Filter for one implementation to be considered most common. The available authentication filters in Spring Security that extend AbstractAuthenticationProcessingFilter are UsernamePasswordAuthenticationFilter, OAuth2LoginAuthenticationFilter, and Saml2WebSsoAuthenticationFilter.
The "right" filter to use depends largely on your use case.