|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.authentication.AbstractAuthenticationManager org.springframework.security.authentication.ProviderManager
public class ProviderManager
Iterates an Authentication
request through a list of AuthenticationProvider
s.
AuthenticationProviders are usually tried in order until one provides a non-null response.
A non-null response indicates the provider had authority to decide on the authentication request and no further
providers are tried.
If a subsequent provider successfully authenticates the request, the earlier authentication exception is disregarded
and the successful authentication will be used. If no subsequent provider provides a non-null response, or a new
AuthenticationException
, the last AuthenticationException
received will be used.
If no provider returns a non-null response, or indicates it can even process an Authentication
,
the ProviderManager
will throw a ProviderNotFoundException
.
A parent AuthenticationManager
can also be set, and this will also be tried if none of the configured
providers can perform the authentication. This is intended to support namespace configuration options though and
is not a feature that should normally be required.
The exception to this process is when a provider throws an AccountStatusException
, in which case no
further providers in the list will be queried.
Post-authentication, the credentials will be cleared from the returned Authentication
object, if it
implements the CredentialsContainer
interface. This behaviour can be controlled by modifying the
eraseCredentialsAfterAuthentication
property.
Authentication event publishing is delegated to the configured AuthenticationEventPublisher
which defaults
to a null implementation which doesn't publish events, so if you are configuring the bean yourself you must inject
a publisher bean if you want to receive events. The standard implementation is DefaultAuthenticationEventPublisher
which maps common exceptions to events (in the case of authentication failure) and publishes an
AuthenticationSuccessEvent
if
authentication succeeds. If you are using the namespace then an instance of this bean will be used automatically by
the <http> configuration, so you will receive events from the web part of your application automatically.
Note that the implementation also publishes authentication failure events when it obtains an authentication result
(or an exception) from the "parent" AuthenticationManager
if one has been set. So in this situation, the
parent should not generally be configured to publish events or there will be duplicates.
DefaultAuthenticationEventPublisher
Field Summary | |
---|---|
protected org.springframework.context.support.MessageSourceAccessor |
messages
|
Constructor Summary | |
---|---|
ProviderManager()
|
Method Summary | |
---|---|
void |
afterPropertiesSet()
|
Authentication |
doAuthentication(Authentication authentication)
Attempts to authenticate the passed Authentication object. |
java.util.List<AuthenticationProvider> |
getProviders()
|
boolean |
isEraseCredentialsAfterAuthentication()
|
void |
setAuthenticationEventPublisher(AuthenticationEventPublisher eventPublisher)
|
void |
setEraseCredentialsAfterAuthentication(boolean eraseSecretData)
If set to, a resulting Authentication which implements the CredentialsContainer interface
will have its eraseCredentials method called before it is returned
from the authenticate() method. |
void |
setMessageSource(org.springframework.context.MessageSource messageSource)
|
void |
setParent(AuthenticationManager parent)
|
void |
setProviders(java.util.List providers)
Sets the AuthenticationProvider objects to be used for authentication. |
Methods inherited from class org.springframework.security.authentication.AbstractAuthenticationManager |
---|
authenticate, setClearExtraInformation |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected org.springframework.context.support.MessageSourceAccessor messages
Constructor Detail |
---|
public ProviderManager()
Method Detail |
---|
public void afterPropertiesSet() throws java.lang.Exception
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
java.lang.Exception
public Authentication doAuthentication(Authentication authentication) throws AuthenticationException
Authentication
object.
The list of AuthenticationProvider
s will be successively tried until an
AuthenticationProvider
indicates it is capable of authenticating the type of
Authentication
object passed. Authentication will then be attempted with that
AuthenticationProvider
.
If more than one AuthenticationProvider
supports the passed Authentication
object, only the first AuthenticationProvider
tried will determine the result. No subsequent
AuthenticationProvider
s will be tried.
doAuthentication
in class AbstractAuthenticationManager
authentication
- the authentication request object.
AuthenticationException
- if authentication fails.public java.util.List<AuthenticationProvider> getProviders()
public void setMessageSource(org.springframework.context.MessageSource messageSource)
setMessageSource
in interface org.springframework.context.MessageSourceAware
public void setParent(AuthenticationManager parent)
public void setAuthenticationEventPublisher(AuthenticationEventPublisher eventPublisher)
public void setEraseCredentialsAfterAuthentication(boolean eraseSecretData)
Authentication
which implements the CredentialsContainer
interface
will have its eraseCredentials
method called before it is returned
from the authenticate()
method.
eraseSecretData
- set to false to retain the credentials data in memory.
Defaults to true.public boolean isEraseCredentialsAfterAuthentication()
public void setProviders(java.util.List providers)
AuthenticationProvider
objects to be used for authentication.
providers
- the list of authentication providers which will be used to process authentication requests.
java.lang.IllegalArgumentException
- if the list is empty or null, or any of the elements in the list is not an
AuthenticationProvider instance.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |