Class KerberosServiceAuthenticationProvider
- All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean
,AuthenticationProvider
Authentication Provider which validates Kerberos Service Tickets or SPNEGO Tokens (which includes Kerberos Service Tickets).
It needs a KerberosTicketValidator
, which contains the code to validate
the ticket, as this code is different between SUN and IBM JRE.
It also needs an UserDetailsService
to load the user properties and the
GrantedAuthorities
, as we only get back the username from Kerbeos
SpnegoAuthenticationProcessingFilter
.- Since:
- 1.0
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected void
additionalAuthenticationChecks
(UserDetails userDetails, KerberosServiceRequestToken authentication) Allows subclasses to perform any additional checks of a returnedUserDetails
for a given authentication request.void
authenticate
(Authentication authentication) Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication)
.void
setTicketValidator
(KerberosTicketValidator ticketValidator) TheKerberosTicketValidator
to use, for validating the Kerberos/SPNEGO tickets.void
setUserDetailsService
(UserDetailsService userDetailsService) TheUserDetailsService
to use, for loading the user properties and theGrantedAuthorities
.boolean
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.
-
Constructor Details
-
KerberosServiceAuthenticationProvider
public KerberosServiceAuthenticationProvider()
-
-
Method Details
-
authenticate
Description copied from interface:AuthenticationProvider
Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication)
.- Specified by:
authenticate
in interfaceAuthenticationProvider
- Parameters:
authentication
- the authentication request object.- Returns:
- a fully authenticated object including credentials. May return
null
if theAuthenticationProvider
is unable to support authentication of the passedAuthentication
object. In such a case, the nextAuthenticationProvider
that supports the presentedAuthentication
class will be tried. - Throws:
AuthenticationException
- if authentication fails.
-
supports
Description copied from interface:AuthenticationProvider
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.Returning
true
does not guarantee anAuthenticationProvider
will be able to authenticate the presentedAuthentication
object. It simply indicates it can support closer evaluation of it. AnAuthenticationProvider
can still returnnull
from theAuthenticationProvider.authenticate(Authentication)
method to indicate anotherAuthenticationProvider
should be tried.Selection of an
AuthenticationProvider
capable of performing authentication is conducted at runtime theProviderManager
.- Specified by:
supports
in interfaceAuthenticationProvider
- Returns:
true
if the implementation can more closely evaluate theAuthentication
class presented
-
afterPropertiesSet
- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
- Throws:
Exception
-
setUserDetailsService
TheUserDetailsService
to use, for loading the user properties and theGrantedAuthorities
.- Parameters:
userDetailsService
- the new user details service
-
setTicketValidator
TheKerberosTicketValidator
to use, for validating the Kerberos/SPNEGO tickets.- Parameters:
ticketValidator
- the new ticket validator
-
additionalAuthenticationChecks
protected void additionalAuthenticationChecks(UserDetails userDetails, KerberosServiceRequestToken authentication) throws AuthenticationException Allows subclasses to perform any additional checks of a returnedUserDetails
for a given authentication request.- Parameters:
userDetails
- as retrieved from theUserDetailsService
authentication
- validatedKerberosServiceRequestToken
- Throws:
AuthenticationException
- AuthenticationException if the credentials could not be validated (generally aBadCredentialsException
, anAuthenticationServiceException
)
-