Spring Current Security Context

Spring Security framework has two key context objects which an application must interact with:

• SecurityContextHolder – SecurityContextHolder contains information about the current security context of the application, which includes detailed information about the user currently working with the application.
• UserDetailsService – UserDetailsService is used to create a UserDetails object by implementing the single method of this interface: UserDetails loadUserByUsername (String username) throws UsernameNotFoundException

There are four steps needed to secure a web application with a login page via the Spring Security framework:

1. The user logs in with a name and a password. These two credentials are combined into an instance of the class UsernamePasswordAuthenticationToken. Then, they are passed to the AuthenticationManager for verification.
2. If the username does not match the password, the BadCredentialsException is returned along with the message “Bad Credentials.”
3. If the username and password match, it will return a populated authentication instance.
4. The user sets a security context by calling the SecurityContextHolder.getContext().setAuthentication() method, where the object that returned from authenticationProvider.authenticate() is passed.