What component provides AuthenticationToken in Spring Security?

I need to write a new authentication method for Spring Security for a rare authentication protocol. I can write an AuthenticationProvider that will support the new system, but I need to have the appropriate information passed in on the Authenticatio开发者_开发知识库n object. What object do I need to implement to handle the instantiation of the custom Authentication object?

Generally it will be a filter (specifically a subclass of AbstractAuthenticationProcessingFilter).

Check out the code for the attemptAuthentication() method of the UsernamePasswordAuthenticationFilter, the filter that handles the usual username/password authentication use case.

I would recommend extending AbstractAuthenticationToken to create token that you can pass to provider. You will also need to override supports method of your AuthenticationProvider to accept this token.