Summary

This chapter has used real-world problems to introduce the basic building blocks used in Spring Security. It also demonstrates to us how we can make Spring Security authenticate against our custom domain objects by extending those basic building blocks. In short, we have learned that the SecurityContextHolder interface is the central location for determining the current user. Not only can it be used by developers to access the current user, but also to set the currently logged-in user.

We also explored how to create custom UserDetailsService and AuthenticationProvider objects and how to perform authentication with more than just a username and password.

In the next chapter, we will explore some of the built-in support for JDBC-based authentication.