KerberosServiceAuthenticationProvider (Spring Security Kerberos Extension 1.0.1.RELEASE API)

java.lang.Object
- org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, org.springframework.security.authentication.AuthenticationProvider
```
public class KerberosServiceAuthenticationProvider
extends java.lang.Object
implements org.springframework.security.authentication.AuthenticationProvider, org.springframework.beans.factory.InitializingBean
```
Authentication Provider which validates Kerberos Service Tickets or SPNEGO Tokens (which includes Kerberos Service Tickets).

It needs a KerberosTicketValidator, which contains the code to validate the ticket, as this code is different between SUN and IBM JRE.
It also needs an UserDetailsService to load the user properties and the GrantedAuthorities, as we only get back the username from Kerbeos
You can see an example configuration in SpnegoAuthenticationProcessingFilter.

Since:

1.0

Author:

Mike Wiesner, Jeremy Stone

See Also:
KerberosTicketValidator, UserDetailsService

Constructor Summary

Constructors
Constructor and Description

KerberosServiceAuthenticationProvider()

Constructors
Constructor and Description
`KerberosServiceAuthenticationProvider()`

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails, KerberosServiceRequestToken authentication)` Allows subclasses to perform any additional checks of a returned `UserDetails` for a given authentication request.
`void`	`afterPropertiesSet()`
`org.springframework.security.core.Authentication`	`authenticate(org.springframework.security.core.Authentication authentication)`
`void`	`setTicketValidator(KerberosTicketValidator ticketValidator)` The `KerberosTicketValidator` to use, for validating the Kerberos/SPNEGO tickets.
`void`	`setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)` The `UserDetailsService` to use, for loading the user properties and the `GrantedAuthorities`.
`boolean`	`supports(java.lang.Class<? extends java.lang.Object> auth)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - KerberosServiceAuthenticationProvider
```
public KerberosServiceAuthenticationProvider()
```
- Method Detail
  - authenticate
```
public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication)
                                                              throws org.springframework.security.core.AuthenticationException
```
    Specified by:
    
    authenticate in interface org.springframework.security.authentication.AuthenticationProvider
    
    Throws:
    
    org.springframework.security.core.AuthenticationException
  - supports
```
public boolean supports(java.lang.Class<? extends java.lang.Object> auth)
```
    Specified by:
    
    supports in interface org.springframework.security.authentication.AuthenticationProvider
  - afterPropertiesSet
```
public void afterPropertiesSet()
                        throws java.lang.Exception
```
    Specified by:
    
    afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
    
    Throws:
    
    java.lang.Exception
  - setUserDetailsService
```
public void setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
```
    The UserDetailsService to use, for loading the user properties and the GrantedAuthorities.
    
    Parameters:
    userDetailsService - the new user details service
  - setTicketValidator
```
public void setTicketValidator(KerberosTicketValidator ticketValidator)
```
    The KerberosTicketValidator to use, for validating the Kerberos/SPNEGO tickets.
    
    Parameters:
    ticketValidator - the new ticket validator
  - additionalAuthenticationChecks
```
protected void additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails,
                                  KerberosServiceRequestToken authentication)
                                       throws org.springframework.security.core.AuthenticationException
```
    Allows subclasses to perform any additional checks of a returned UserDetails for a given authentication request.
    
    Parameters:
    userDetails - as retrieved from the UserDetailsService
    authentication - validated KerberosServiceRequestToken
    
    Throws:
    
    org.springframework.security.core.AuthenticationException - AuthenticationException if the credentials could not be validated (generally a BadCredentialsException, an AuthenticationServiceException)

Class KerberosServiceAuthenticationProvider

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

KerberosServiceAuthenticationProvider

Method Detail

authenticate

supports

afterPropertiesSet

setUserDetailsService

setTicketValidator

additionalAuthenticationChecks