HTTP Request

Security Filters Chain

AuthenticationManager

AuthenticationProvider

DaoAuthenticationProvider

UserDetailService

PasswordEncoder

SecurityContext

1. incoming request

2. authentication reprehensibility is delegated

3. use the AuthenticationProvider according to the login request

4. Return the authenticated user

5. Get the authenticated user

6. set authenticated user in context

7. Dispatcher Servlet and controllers