|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider org.springframework.security.authentication.dao.DaoAuthenticationProvider
public class DaoAuthenticationProvider
An AuthenticationProvider
implementation that retrieves user details
from an UserDetailsService
.
Field Summary |
---|
Fields inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider |
---|
hideUserNotFoundExceptions, logger, messages |
Constructor Summary | |
---|---|
DaoAuthenticationProvider()
|
Method Summary | |
---|---|
protected void |
additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication)
Allows subclasses to perform any additional checks of a returned (or cached) UserDetails
for a given authentication request. |
protected void |
doAfterPropertiesSet()
|
protected PasswordEncoder |
getPasswordEncoder()
|
protected SaltSource |
getSaltSource()
|
protected UserDetailsService |
getUserDetailsService()
|
protected boolean |
isIncludeDetailsObject()
|
protected UserDetails |
retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication)
Allows subclasses to actually retrieve the UserDetails from an implementation-specific
location, with the option of throwing an AuthenticationException immediately if the presented
credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in
order to obtain or generate a UserDetails ). |
void |
setIncludeDetailsObject(boolean includeDetailsObject)
Deprecated. use AbstractAuthenticationManager.setClearExtraInformation(boolean) |
void |
setPasswordEncoder(PasswordEncoder passwordEncoder)
Sets the PasswordEncoder instance to be used to encode and validate passwords. |
void |
setSaltSource(SaltSource saltSource)
The source of salts to use when decoding passwords. |
void |
setUserDetailsService(UserDetailsService userDetailsService)
|
Methods inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider |
---|
afterPropertiesSet, authenticate, createSuccessAuthentication, getPostAuthenticationChecks, getPreAuthenticationChecks, getUserCache, isForcePrincipalAsString, isHideUserNotFoundExceptions, setForcePrincipalAsString, setHideUserNotFoundExceptions, setMessageSource, setPostAuthenticationChecks, setPreAuthenticationChecks, setUserCache, supports |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public DaoAuthenticationProvider()
Method Detail |
---|
protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException
AbstractUserDetailsAuthenticationProvider
UserDetails
for a given authentication request. Generally a subclass will at least compare the Authentication.getCredentials()
with a UserDetails.getPassword()
. If custom logic is needed to compare
additional properties of UserDetails
and/or UsernamePasswordAuthenticationToken
,
these should also appear in this method.
additionalAuthenticationChecks
in class AbstractUserDetailsAuthenticationProvider
userDetails
- as retrieved from the AbstractUserDetailsAuthenticationProvider.retrieveUser(String, UsernamePasswordAuthenticationToken)
or
UserCache
authentication
- the current request that needs to be authenticated
AuthenticationException
- AuthenticationException if the credentials could not be validated (generally a
BadCredentialsException
, an AuthenticationServiceException
)protected void doAfterPropertiesSet() throws Exception
doAfterPropertiesSet
in class AbstractUserDetailsAuthenticationProvider
Exception
protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException
AbstractUserDetailsAuthenticationProvider
UserDetails
from an implementation-specific
location, with the option of throwing an AuthenticationException
immediately if the presented
credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in
order to obtain or generate a UserDetails
).Subclasses are not required to perform any
caching, as the AbstractUserDetailsAuthenticationProvider
will by default cache the
UserDetails
. The caching of UserDetails
does present additional complexity as this
means subsequent requests that rely on the cache will need to still have their credentials validated, even if
the correctness of credentials was assured by subclasses adopting a binding-based strategy in this method.
Accordingly it is important that subclasses either disable caching (if they want to ensure that this method is
the only method that is capable of authenticating a request, as no UserDetails
will ever be
cached) or ensure subclasses implement AbstractUserDetailsAuthenticationProvider.additionalAuthenticationChecks(UserDetails,
UsernamePasswordAuthenticationToken)
to compare the credentials of a cached UserDetails
with
subsequent authentication requests.
Most of the time subclasses will not perform credentials inspection in this method, instead
performing it in AbstractUserDetailsAuthenticationProvider.additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken)
so
that code related to credentials validation need not be duplicated across two methods.
retrieveUser
in class AbstractUserDetailsAuthenticationProvider
username
- The username to retrieveauthentication
- The authentication request, which subclasses may need to perform a binding-based
retrieval of the UserDetails
null
- instead an exception should the thrown)
AuthenticationException
- if the credentials could not be validated (generally a
BadCredentialsException
, an AuthenticationServiceException
or
UsernameNotFoundException
)public void setPasswordEncoder(PasswordEncoder passwordEncoder)
PlaintextPasswordEncoder
will be used by default.
passwordEncoder
- The passwordEncoder to useprotected PasswordEncoder getPasswordEncoder()
public void setSaltSource(SaltSource saltSource)
null
is a valid value, meaning the DaoAuthenticationProvider
will present null
to the relevant PasswordEncoder
.
saltSource
- to use when attempting to decode passwords via the PasswordEncoder
protected SaltSource getSaltSource()
public void setUserDetailsService(UserDetailsService userDetailsService)
protected UserDetailsService getUserDetailsService()
protected boolean isIncludeDetailsObject()
public void setIncludeDetailsObject(boolean includeDetailsObject)
AbstractAuthenticationManager.setClearExtraInformation(boolean)
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |