public class KerberosServiceAuthenticationProvider
extends java.lang.Object
implements org.springframework.security.authentication.AuthenticationProvider, org.springframework.beans.factory.InitializingBean
Authentication Provider which validates Kerberos Service Tickets or SPNEGO Tokens (which includes Kerberos Service Tickets).
It needs a KerberosTicketValidator
, which contains the
code to validate the ticket, as this code is different between
SUN and IBM JRE.
It also needs an UserDetailsService
to load the user properties
and the GrantedAuthorities
, as we only get back the username
from Kerbeos
SpnegoAuthenticationProcessingFilter
.KerberosTicketValidator
,
UserDetailsService
Constructor and Description |
---|
KerberosServiceAuthenticationProvider() |
Modifier and Type | Method and Description |
---|---|
protected void |
additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails,
KerberosServiceRequestToken authentication)
Allows subclasses to perform any additional checks of a returned
UserDetails
for a given authentication request. |
void |
afterPropertiesSet() |
org.springframework.security.core.Authentication |
authenticate(org.springframework.security.core.Authentication authentication) |
void |
setTicketValidator(KerberosTicketValidator ticketValidator)
The
KerberosTicketValidator to use, for validating
the Kerberos/SPNEGO tickets. |
void |
setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
The
UserDetailsService to use, for loading the user properties
and the GrantedAuthorities . |
boolean |
supports(java.lang.Class<? extends java.lang.Object> auth) |
public KerberosServiceAuthenticationProvider()
public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
authenticate
in interface org.springframework.security.authentication.AuthenticationProvider
org.springframework.security.core.AuthenticationException
public boolean supports(java.lang.Class<? extends java.lang.Object> auth)
supports
in interface org.springframework.security.authentication.AuthenticationProvider
public void afterPropertiesSet() throws java.lang.Exception
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
java.lang.Exception
public void setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
UserDetailsService
to use, for loading the user properties
and the GrantedAuthorities
.userDetailsService
- the new user details servicepublic void setTicketValidator(KerberosTicketValidator ticketValidator)
KerberosTicketValidator
to use, for validating
the Kerberos/SPNEGO tickets.ticketValidator
- the new ticket validatorprotected void additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails, KerberosServiceRequestToken authentication) throws org.springframework.security.core.AuthenticationException
UserDetails
for a given authentication request.userDetails
- as retrieved from the UserDetailsService
authentication
- validated KerberosServiceRequestToken
org.springframework.security.core.AuthenticationException
- AuthenticationException if the credentials could not be validated (generally a
BadCredentialsException
, an AuthenticationServiceException
)