There are two ways to learn anything: by reading first and working later or by reading and working bit by bit at the same time. We would like to mix these two by giving you the big picture first and then moving to a working example.
So we've got this thing for authentication and authorization. Let's see who is responsible and what for.
There is an
AccessDecisionManager, which, as the name suggests, is responsible for deciding whether we can access something or not; if not, an
InsufficientAuthenticationException is thrown.
AuthenticationManager is another crucial interface. It is responsible for confirming who we are.
Both are just interfaces, so we can swap ...