Ive got some questions to Spring Security.
I read that the necessary filters for securing a webapplications are the following:
Furthermore I read that by using the http-element of the security namespace these filters are automatically generated:
-> Now Im wondering: Where is the UsernamePasswordAuthenticationFilter generated? Maybe by using the authentication-manager-element?
Also Ive got one problem. I use Spring 3 and Hibernate. I have a DAO-Class which contains the data access methods.
I store the users in a database. I wrote my own UserDetailsServiceImpl, where I use the DAO-Methods to load the necessary informations.
Now Im thinking that maybe something is wrong with my configuration. As I wrote my own implementation, I have my own AuthenticationProvider, is that correct?
In my applicationContext.xml I have the following code. I use user-service-ref which I thought means that I use an DaoAuthenticationProvider.
Did I make something wrong? Am I using a DaoAuthenticationProvider, although I wrote my own implementation? Im confused.
At the moment my database tables are the ones which are recommended (users and authorities), but what if I change them, does my application then not work anymore?
I would be very grateful for an answer! Thank you! :-)
<sec:authentication-provider user-service-ref="myUserDetailsService" >
<sec:password-encoder hash="md5" ref="passwordEncoder">
<bean id="myUserDetailsService" class="project.business.logic.UserDetailsServiceImpl">
<property name="projectDao" ref="projectDao"/>