Authentication And Authorization Internal Flow

Authentication And Authorization Filter Flow

• When the Client makes a request with the credentials, the authentication filter will intercept the request and validate. If the user is valid then at the post authentication, the filter will store the UserDetails in the SecurityContext. The UserDetails will have username, authorities etc. Now the authorization filter will intercept and decide whether the user has access to the given path based on this authorities stored in the SecurityContext. If authorized the request will be forwarded to the applicable controllers. See the image below:

See Also

• Spring Security With Authorization
• How Authorities Stored

References

• Spring Security Zero To Master