PreAuthenticatedAuthenticationToken goal in Spring Security?

Question

PreAuthenticatedAuthenticationToken goal in Spring Security?

I validate the user using the UsernamePasswordAuthenticationToken in SpringBoot.

I am creating a token using JJWT for this user and returning it.

Now the user uses this token to send me other requests. After decrypting the token, should I use PreAuthenticatedAuthenticationToken and set it to SecurityContextHolder.getContext().setAuthentication() ?

What is the purpose of the PreAuthenticatedAuthenticationToken ?

+5

java spring-boot spring-security jwt

amitection Oct 6 '16 at 4:49

source share

1 answer

shazin · Accepted Answer · 2016-10-06T06:35:40+0000

The goal of PreAuthenticatedAuthenticationToken is to integrate third-party identity management systems into your Spring application with Spring protection.

A PreAuthenticatedAuthenticationToken can be in the form of an HTTP header, an HTTP parameter, etc. In this case, it does not have to be a full user registration in your application. Just saving this token and the corresponding data will be enough.

For more information, see the Spring Security Documentation.

For the JWT case, although after decryption you can even use the UsernamePasswordAuthenticationToken , as the decryption process will show username, password, credentials.

PreAuthenticatedAuthenticationToken goal in Spring Security?

More articles: