Authentication is the process of determining and verifying the identity of someone or something. In multi-user applications, the process of authentication for an application is needed to get knowledge about the person that is currently using the application. The widely used process for authentication is a login process during which the user is asked for his username and password. A user that knows one of this username/password-tuples is assumend to be the person belonging to that username. Besides username/password authentication there are other methods like public-key-authentication with a digital certificate, to name just one.
JPA Security uses an implementation of the net.sf.jpasecurity.configuration.SecurityContext interface to be aware of the currently authenticated user and other related information (like its roles, tenant, ...) at runtime.
By default JPA Security will try to auto-detect your security context. This is done via the indirection of an authentication provider. An authentication provider provides access to the current authenticated user and its roles. The detection follows the following rules (The first matching rule is taken):
When the described auto-detection strategy does not work for your environment, you may specify the class name of any implementation of the net.sf.jpasecurity.configuration.SecurityContext interface as value of the persistence-property net.sf.jpasecurity.security.context in your persistence.xml. To provide backward compatibility to JPA Security 0.3 net.sf.jpasecurity.security.authentication.provider is also valid, if you specify a class name of an implementation of the net.sf.jpasecurity.configuration.AuthenticationProvider interface, but any specification of the net.sf.jpasecurity.security.context property will take precedence.
