org.springframework.security.providers.openid
Class OpenIDAuthenticationProvider

java.lang.Object
  org.springframework.security.providers.openid.OpenIDAuthenticationProvider

All Implemented Interfaces:

InitializingBean, AuthenticationProvider

public class OpenIDAuthenticationProvider
extends Object
implements AuthenticationProvider, InitializingBean

Finalises the OpenID authentication by obtaining local authorities for the authenticated user.

The authorities are obtained by calling the configured UserDetailsService. The UserDetails it returns must, at minimum, contain the username and GrantedAuthority[] objects applicable to the authenticated user. Note that by default, Spring Security ignores the password and enabled/disabled status of the UserDetails because this is authentication-related and should have been enforced by another provider server.

The UserDetails returned by implementations is stored in the generated AuthenticationToken, so additional properties such as email addresses, telephone numbers etc can easily be stored.

Author:

Robin Bramley, Opsera Ltd.

Constructor Summary

OpenIDAuthenticationProvider()

Method Summary

void	afterPropertiesSet()
Authentication	authenticate(Authentication authentication) Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication).
void	setUserDetailsService(UserDetailsService userDetailsService) Used to load the authorities for the authenticated OpenID user.
boolean	supports(Class authentication) Returns true if this AuthenticationProvider supports the indicated Authentication object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OpenIDAuthenticationProvider

public OpenIDAuthenticationProvider()

Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface InitializingBean

Throws:

Exception

authenticate

public Authentication authenticate(Authentication authentication)
                            throws AuthenticationException

Description copied from interface: AuthenticationProvider

Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication).

Specified by:

authenticate in interface AuthenticationProvider

Parameters:

authentication - the authentication request object.

Returns:

a fully authenticated object including credentials. May return null if the AuthenticationProvider is unable to support authentication of the passed Authentication object. In such a case, the next AuthenticationProvider that supports the presented Authentication class will be tried.

Throws:

AuthenticationException - if authentication fails.

setUserDetailsService

public void setUserDetailsService(UserDetailsService userDetailsService)

Used to load the authorities for the authenticated OpenID user.

supports

public boolean supports(Class authentication)

Description copied from interface: AuthenticationProvider

Returns true if this AuthenticationProvider supports the indicated Authentication object.

Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented instance of the Authentication class. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the AuthenticationProvider.authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.

Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

Specified by:

supports in interface AuthenticationProvider

Parameters:

authentication - DOCUMENT ME!

Returns:

true if the implementation can more closely evaluate the Authentication class presented