Authentication interface is one of the most core interface available in the Spring Security framework. There are different uses (implementations) of Authentication interface and those can be described as follows.
1. Submitting the Authentication request for the AuthenticationManager
authenticate( ) method of the AuthenticationManager, requires an Authentication object as its method parameter. This will be the authentication request submitted for the AuthenticationManager. There are several implementations available to represent this Authentication request and the most popular implementation is UsernamePasswordAuthenticationToken.
Here is the AuthenticationManager interface.
public interface AuthenticationManager { Authentication authenticate(Authentication authentication) throws AuthenticationException; }
2. Returning the Authentication response from the AuthenticationManager
Again you can notice that the return type of the authenticate() method of the AuthenticationManager is, in the form of Authentication interface. Therefore the authenticated response will also be represented by Authentication interface.
3. Storing the Authenticated Principal in the SecurityContext.
Authenticated Response will be stored in the SecurityContext using the Authentication interface.
SecurityContextHolder.getContext().setAuthentication(authentication);
Here is the diagram of Authentication request and response from AuthenticationManager
The Authentication object created as the authentication request contains only the username and password. it does not contain the authorities and authenticated attribute is set as FALSE.
but in the Authenticated response, authenticated attribute is set as TRUE. In addition, it contains the list of authorities granted/available for the authenticated principal.