org.springframework.security.extensions.kerberos
Class KerberosServiceAuthenticationProvider

java.lang.Object
  extended by org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider
All Implemented Interfaces:
InitializingBean, AuthenticationProvider

public class KerberosServiceAuthenticationProvider
extends Object
implements AuthenticationProvider, InitializingBean

Authentication Provider which validates Kerberos Service Tickets or SPNEGO Tokens (which includes Kerberos Service Tickets).

It needs a KerberosTicketValidator, which contains the code to validate the ticket, as this code is different between SUN and IBM JRE.
It also needs an UserDetailsService to load the user properties and the GrantedAuthorities, as we only get back the username from Kerbeos

You can see an example configuration in SpnegoAuthenticationProcessingFilter.

Since:
1.0
Version:
$Id: KerberosServiceAuthenticationProvider.java 35 2009-09-03 18:15:03Z mwiesner $
Author:
Mike Wiesner
See Also:
KerberosTicketValidator, UserDetailsService, SpnegoAuthenticationProcessingFilter

Constructor Summary
KerberosServiceAuthenticationProvider()
           
 
Method Summary
protected  void additionalAuthenticationChecks(UserDetails userDetails, KerberosServiceRequestToken authentication)
          Allows subclasses to perform any additional checks of a returned UserDetails for a given authentication request.
 void afterPropertiesSet()
           
 Authentication authenticate(Authentication authentication)
           
 void setTicketValidator(KerberosTicketValidator ticketValidator)
          The KerberosTicketValidator to use, for validating the Kerberos/SPNEGO tickets.
 void setUserDetailsService(UserDetailsService userDetailsService)
          The UserDetailsService to use, for loading the user properties and the GrantedAuthorities.
 boolean supports(Class<? extends Object> auth)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

KerberosServiceAuthenticationProvider

public KerberosServiceAuthenticationProvider()
Method Detail

setUserDetailsService

public void setUserDetailsService(UserDetailsService userDetailsService)
The UserDetailsService to use, for loading the user properties and the GrantedAuthorities.


setTicketValidator

public void setTicketValidator(KerberosTicketValidator ticketValidator)
The KerberosTicketValidator to use, for validating the Kerberos/SPNEGO tickets.


authenticate

public Authentication authenticate(Authentication authentication)
                            throws AuthenticationException
Specified by:
authenticate in interface AuthenticationProvider
Throws:
AuthenticationException

additionalAuthenticationChecks

protected void additionalAuthenticationChecks(UserDetails userDetails,
                                              KerberosServiceRequestToken authentication)
                                       throws AuthenticationException
Allows subclasses to perform any additional checks of a returned UserDetails for a given authentication request.

Parameters:
userDetails - as retrieved from the UserDetailsService
authentication - validated KerberosServiceRequestToken
Throws:
AuthenticationException - AuthenticationException if the credentials could not be validated (generally a BadCredentialsException, an AuthenticationServiceException)

supports

public boolean supports(Class<? extends Object> auth)
Specified by:
supports in interface AuthenticationProvider

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Specified by:
afterPropertiesSet in interface InitializingBean
Throws:
Exception


Copyright © 2009 SpringSource, Inc. All Rights Reserved.