notes/pl/java/libfws/spring/security/concepts.txt

@Configuration
public class SomeWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
        @Bean
        @Override
        public AuthenticationManager authenticationManagerBean() throws Exception {
            return super.authenticationManagerBean();
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .csrf(AbstractHttpConfigurer::disable)
                .addFilterBefore(someFilterObj, SomeFilterClass.class)
                .authenticationProvider(someAuthenticationProvider)
                .sessionManagement(AbstractHttpConfigurer::disable)
                .exceptionHandling(exceptionHandling -> exceptionHandling
                        .authenticationEntryPoint(customAuthenticationEntryPoint)
                        .accessDeniedHandler(customAccessDeniedHandler))
                .requestMatchers(requestMatchers -> requestMatchers
                        .antMatchers(
                                "/oauth/status", ...
                                "/oauth/client_details/**",
                                "/openid/config/**", "/openid/jwks/**", "/openid/token"))
                .authorizeRequests(authorizeRequests -> authorizeRequests
                        .antMatchers("/oauth/status").permitAll()
                        .antMatchers("/oauth/client_details").hasRole("AUTH_ADMIN")
                        .antMatchers("/openid/config/**").permitAll()
                        .anyRequest().authenticated())
                .httpBasic();
        }

        // ???
        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.authenticationProvider(someAuthenticationProvider);
        }
}

UserDetailsService
    - loadUserByUsername() throws AuthenticationException
    ??? LdapUserDetailsService
    SAMLUserDetailsService

AuthenticationManager
    delegates to one or more
    AuthenticationProvider
        - supports() method
        - authenticate() methods which returns null or throws AuthenticationException
            which modifies (if success)
            Authentication object (isAuthenticated(), ...) for
                Principal (user, who requested authentication)

??? PreAuthenticatedAuthenticationProvider
    DaoAuthenticationProvider,
    LdapAuthenticationProvider

5.2 using SecurityContext