@startuml skinparam Shadowing false skinparam class { BackgroundColor White } hide empty members interface AuthenticationManager { + Authentication authenticate(Authentication authentication) } class ProviderManager { - AuthenticationEventPublisher eventPublisher - List providers - MessageSourceAccessor messages - AuthenticationManager parent - boolean eraseCredentialsAfterAuthentication + ProviderManager(AuthenticationProvider... providers) + ProviderManager(List providers) + ProviderManager(List providers, AuthenticationManager parent) + void afterPropertiesSet() - void checkState() - void copyDetails(Authentication source, Authentication dest) + List getProviders() + void setMessageSource(MessageSource messageSource) + void setAuthenticationEventPublisher(AuthenticationEventPublisher eventPublisher) + void setEraeseCredentialsAfterAuthentication(boolean eraseSecretData) + boolean isEraseCredentialsAfterAuthentication() } class NullEventPublisher interface AuthenticationEventPublisher { + void publishAuthenticationFailure(AuthenticationException exception, Authentication authentication) + void publishAuthenticationSuccess(Authentication authentication) } interface AuthenticationProvider { + Authentication authenticate(Authentication authentication) + boolean supports(Class authentication) } abstract AbstractUserDetailsAuthenticationProvider { # MessageSourceAccessor messages - UserCache userCache - boolean forcePrincipalAsString - boolean hideUserNotFoundException - UserDetailsChecker preAuthenticationChecks - UserDetailsChecker postAuthenticationChecks - GrantedAuthoritiesMapper authoritiesMapper #{abstract} void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) + void afterPropertiesSet() - String determineUsername(Authentication authentication) # Authentication createSuccessAuthentication(Object principal, Authentication authentication, UserDetails user) # void doAfterPropertiesSet() #{abstract} UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) } interface UserDetailsChecker { + void check(UserDetails toCheck) } class DefaultPreAuthenticationChecks class DefaultPostAuthenticationChecks interface UserCache { + UserDetails getUserFromCache(String username) + void putUserInCache(UserDetails user) + void removeUserFromCache(String username) } class UserDetails { + Collection getAuthorities() + String getPassword() + String getUsername() + boolean isAccountNonExpired() + boolean isAccountNonLocked() + boolean isCredentialsNonExpired() + boolean isEnabled() } interface GrantedAuthoritiesMapper { + Collection mapAuthorities(Collection authorities) } interface GrantedAuthority { + String getAuthority() } class SimpleGrantedAuthority { - String role } class SpringCacheBasedUserCache class UsernamePasswordAuthenticationToken { - Object principal - Object credentials } abstract AbstractAuthenticationToken { - Collection authorities - Object details - boolean authenticated } interface Authentication interface CredentialsContainer { + void eraseCredentials() } AuthenticationManager <|.. ProviderManager ProviderManager +-- NullEventPublisher NullEventPublisher ..|> AuthenticationEventPublisher AuthenticationProvider "1..*" --* "1" ProviderManager AbstractUserDetailsAuthenticationProvider ..|> AuthenticationProvider DefaultPreAuthenticationChecks --+ AbstractUserDetailsAuthenticationProvider DefaultPostAuthenticationChecks --+ AbstractUserDetailsAuthenticationProvider UserDetailsChecker <|.. DefaultPreAuthenticationChecks UserDetailsChecker <|.. DefaultPostAuthenticationChecks UserCache --* AbstractUserDetailsAuthenticationProvider UserDetails --* AbstractUserDetailsAuthenticationProvider UserDetails --* UserDetailsChecker UserDetails --* UserCache AbstractUserDetailsAuthenticationProvider *--- GrantedAuthoritiesMapper GrantedAuthoritiesMapper *-- GrantedAuthority GrantedAuthority <|.. SimpleGrantedAuthority UserCache <|.. SpringCacheBasedUserCache UsernamePasswordAuthenticationToken --* AbstractUserDetailsAuthenticationProvider AbstractAuthenticationToken <|-- UsernamePasswordAuthenticationToken Authentication <|.. AbstractAuthenticationToken CredentialsContainer <|.. AbstractAuthenticationToken @enduml