Notes

• ProviderManager.authenticate(Authentication) is the entry point for authentication.

  All available AuthenticationProvider beans can be examined here.

• org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.attemptAuthentication

  Performs HTTP-based authentication, and populates the Authentication object.

API

SecurityConfigurer

Cheatsheet

Enable debugging

@Configuration
@EnableWebSecurity(debug = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter

References

• Spring blog - Spring Security without the WebSecurityConfigurerAdapter (opens in a new tab)