Package org.springframework.security.kerberos.authentication

Class KerberosServiceAuthenticationProvider

java.lang.Object
org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean, org.springframework.security.authentication.AuthenticationProvider
public class KerberosServiceAuthenticationProvider extends Object implements org.springframework.security.authentication.AuthenticationProvider, org.springframework.beans.factory.InitializingBean

Authentication Provider which validates Kerberos Service Tickets or SPNEGO Tokens (which includes Kerberos Service Tickets).

It needs a KerberosTicketValidator, which contains the code to validate the ticket, as this code is different between SUN and IBM JRE.
It also needs an UserDetailsService to load the user properties and the GrantedAuthorities, as we only get back the username from Kerbeos

You can see an example configuration in SpnegoAuthenticationProcessingFilter.
Since:
1.0
See Also:

  • Constructor Details

    • KerberosServiceAuthenticationProvider

      public KerberosServiceAuthenticationProvider()

  • Method Details

    • authenticate

      public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
      Specified by:
      authenticate in interface org.springframework.security.authentication.AuthenticationProvider
      Throws:
      org.springframework.security.core.AuthenticationException

    • supports

      public boolean supports(Class<? extends Object> auth)
      Specified by:
      supports in interface org.springframework.security.authentication.AuthenticationProvider

    • afterPropertiesSet

      public void afterPropertiesSet() throws Exception
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
      Throws:
      Exception

    • setUserDetailsService

      public void setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
      The UserDetailsService to use, for loading the user properties and the GrantedAuthorities.
      Parameters:
      userDetailsService - the new user details service

    • setTicketValidator

      public void setTicketValidator(KerberosTicketValidator ticketValidator)
      The KerberosTicketValidator to use, for validating the Kerberos/SPNEGO tickets.
      Parameters:
      ticketValidator - the new ticket validator

    • additionalAuthenticationChecks

      protected void additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails, KerberosServiceRequestToken authentication) throws org.springframework.security.core.AuthenticationException
      Allows subclasses to perform any additional checks of a returned UserDetails for a given authentication request.
      Parameters:
      userDetails - as retrieved from the UserDetailsService
      authentication - validated KerberosServiceRequestToken
      Throws:
      org.springframework.security.core.AuthenticationException - AuthenticationException if the credentials could not be validated (generally a BadCredentialsException, an AuthenticationServiceException)