|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.authentication.jaas.JaasAuthenticationProvider
public class JaasAuthenticationProvider
An AuthenticationProvider
implementation that retrieves user details from a JAAS login configuration.
This AuthenticationProvider
is capable of validating UsernamePasswordAuthenticationToken
requests contain the correct username and
password.
This implementation is backed by a JAAS configuration. The
loginConfig property must be set to a given JAAS configuration file. This setter accepts a Spring Resource
instance. It should point to a JAAS configuration file containing an index
matching the loginContextName
property.
For example: If this JaasAuthenticationProvider were configured in a Spring WebApplicationContext the xml to set the loginConfiguration could be as follows...
<property name="loginConfig"> <value>/WEB-INF/login.conf</value> </property>
The loginContextName should coincide with a given index in the loginConfig specifed. The loginConfig file used in the JUnit tests appears as the following...
JAASTest { org.springframework.security.authentication.jaas.TestLoginModule required; };Using the example login configuration above, the loginContextName property would be set as JAASTest...
<property name="loginContextName"> <value>JAASTest</value> </property>
When using JAAS login modules as the authentication source, sometimes the
LoginContext will
require CallbackHandlers. The JaasAuthenticationProvider uses an internal
CallbackHandler
to wrap the JaasAuthenticationCallbackHandler
s configured in the ApplicationContext.
When the LoginContext calls the internal CallbackHandler, control is passed to each
JaasAuthenticationCallbackHandler
for each Callback passed.
JaasAuthenticationCallbackHandler
s are passed to the JaasAuthenticationProvider through the callbackHandlers
property.
<property name="callbackHandlers"> <list> <bean class="org.springframework.security.authentication.jaas.TestCallbackHandler"/> <bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler
"/> <bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler
"/> </list> </property>
After calling LoginContext.login(), the JaasAuthenticationProvider will retrieve the returned Principals
from the Subject (LoginContext.getSubject().getPrincipals). Each returned principal is then passed to the
configured AuthorityGranter
s. An AuthorityGranter is a mapping between a returned Principal, and a role
name. If an AuthorityGranter wishes to grant an Authorization a role, it returns that role name from it's AuthorityGranter.grant(java.security.Principal)
method. The returned role will be applied to the Authorization
object as a GrantedAuthority
.
AuthorityGranters are configured in spring xml as follows...
<property name="authorityGranters"> <list> <bean class="org.springframework.security.authentication.jaas.TestAuthorityGranter"/> </list> </property>A configuration note: The JaasAuthenticationProvider uses the security properites "e;login.config.url.X"e; to configure jaas. If you would like to customize the way Jaas gets configured, create a subclass of this and override the
configureJaas(Resource)
method.
Field Summary | |
---|---|
protected static org.apache.commons.logging.Log |
log
|
Constructor Summary | |
---|---|
JaasAuthenticationProvider()
|
Method Summary | |
---|---|
void |
afterPropertiesSet()
|
Authentication |
authenticate(Authentication auth)
Attempts to login the user given the Authentication objects principal and credential |
protected void |
configureJaas(Resource loginConfig)
Hook method for configuring Jaas. |
protected ApplicationEventPublisher |
getApplicationEventPublisher()
|
Resource |
getLoginConfig()
|
protected void |
handleLogout(SessionDestroyedEvent event)
Handles the logout by getting the SecurityContext for the session that was destroyed. |
void |
onApplicationEvent(SessionDestroyedEvent event)
|
protected void |
publishFailureEvent(UsernamePasswordAuthenticationToken token,
AuthenticationException ase)
Publishes the JaasAuthenticationFailedEvent . |
protected void |
publishSuccessEvent(UsernamePasswordAuthenticationToken token)
Publishes the JaasAuthenticationSuccessEvent . |
void |
setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher)
|
void |
setAuthorityGranters(AuthorityGranter[] authorityGranters)
Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication. |
void |
setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers)
Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the LoginContext.login method. |
void |
setLoginConfig(Resource loginConfig)
Set the JAAS login configuration file. |
void |
setLoginContextName(String loginContextName)
Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property. |
void |
setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver)
|
void |
setRefreshConfigurationOnStartup(boolean refresh)
If set, a call to Configuration#refresh() will be made by #configureJaas(Resource)
method. |
boolean |
supports(Class<? extends Object> aClass)
Returns true if this AuthenticationProvider supports the indicated
Authentication object. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected static final org.apache.commons.logging.Log log
Constructor Detail |
---|
public JaasAuthenticationProvider()
Method Detail |
---|
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface InitializingBean
Exception
public Authentication authenticate(Authentication auth) throws AuthenticationException
authenticate
in interface AuthenticationProvider
auth
- The Authentication object to be authenticated.
AuthenticationException
- This implementation does not handle 'locked' or 'disabled' accounts. This method
only throws a AuthenticationServiceException, with the message of the LoginException that will be
thrown, should the loginContext.login() method fail.protected void configureJaas(Resource loginConfig) throws IOException
loginConfig
- URL to Jaas login configuration
IOException
- if there is a problem reading the config resource.protected void handleLogout(SessionDestroyedEvent event)
event
- public void onApplicationEvent(SessionDestroyedEvent event)
onApplicationEvent
in interface ApplicationListener<SessionDestroyedEvent>
protected void publishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase)
JaasAuthenticationFailedEvent
. Can be overridden by subclasses for different
functionality
token
- The UsernamePasswordAuthenticationToken
being processedase
- The SpringSecurityException
that caused the failureprotected void publishSuccessEvent(UsernamePasswordAuthenticationToken token)
JaasAuthenticationSuccessEvent
. Can be overridden by subclasses for different
functionality.
token
- The UsernamePasswordAuthenticationToken
being processedpublic void setAuthorityGranters(AuthorityGranter[] authorityGranters)
authorityGranters
- AuthorityGranter arrayJaasAuthenticationProvider
public void setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers)
callbackHandlers
- Array of JAASAuthenticationCallbackHandlerspublic Resource getLoginConfig()
public void setLoginConfig(Resource loginConfig)
loginConfig
- public void setLoginContextName(String loginContextName)
loginContextName
- public void setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver)
public void setRefreshConfigurationOnStartup(boolean refresh)
Configuration#refresh()
will be made by #configureJaas(Resource)
method. Defaults to true.
refreshConfigurationOnStartup
- set to false to disable reloading of the configuration.
May be useful in some environments.public boolean supports(Class<? extends Object> aClass)
AuthenticationProvider
true
if this AuthenticationProvider
supports the indicated
Authentication
object.
Returning true
does not guarantee an AuthenticationProvider
will be able to
authenticate the presented instance of the Authentication
class. It simply indicates it can support
closer evaluation of it. An AuthenticationProvider
can still return null
from the
AuthenticationProvider.authenticate(Authentication)
method to indicate another AuthenticationProvider
should be
tried.
Selection of an AuthenticationProvider
capable of performing authentication is
conducted at runtime the ProviderManager
.
supports
in interface AuthenticationProvider
aClass
- DOCUMENT ME!
true
if the implementation can more closely evaluate the Authentication
class
presentedpublic void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher)
setApplicationEventPublisher
in interface ApplicationEventPublisherAware
protected ApplicationEventPublisher getApplicationEventPublisher()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |