{security-api-url}org/springframework/security/authentication/dao/DaoAuthenticationProvider.html[DaoAuthenticationProvider] is an AuthenticationProvider implementation that uses a UserDetailsService and PasswordEncoder to authenticate a username and password.
This section examines how DaoAuthenticationProvider works within Spring Security.
The following figure explains the workings of the AuthenticationManager in figures from the Reading the Username & Password section.
DaoAuthenticationProvider Usage
The authentication Filter from the Reading the Username & Password section passes a UsernamePasswordAuthenticationToken to the AuthenticationManager, which is implemented by ProviderManager.
The ProviderManager is configured to use an AuthenticationProvider of type DaoAuthenticationProvider.
DaoAuthenticationProvider looks up the UserDetails from the UserDetailsService.
DaoAuthenticationProvider uses the PasswordEncoder to validate the password on the UserDetails returned in the previous step.
When authentication is successful, the Authentication that is returned is of type UsernamePasswordAuthenticationToken and has a principal that is the UserDetails returned by the configured UserDetailsService.
Ultimately, the returned UsernamePasswordAuthenticationToken is set on the SecurityContextHolder by the authentication Filter.