Class PasswordComparisonAuthenticator

  extended by
      extended by
All Implemented Interfaces:
InitializingBean, MessageSourceAware, LdapAuthenticator

public final class PasswordComparisonAuthenticator
extends AbstractLdapAuthenticator

An LdapAuthenticator which compares the login password with the value stored in the directory using a remote LDAP "compare" operation.

If passwords are stored in digest form in the repository, then a suitable PasswordEncoder implementation must be supplied. By default, passwords are encoded using the LdapShaPasswordEncoder. Note that compare operations will not work if salted-SHA (SSHA) passwords are used, as it is not possible to know the salt value which is a random byte sequence generated by the directory.

Field Summary
Fields inherited from class
Constructor Summary
PasswordComparisonAuthenticator(BaseLdapPathContextSource contextSource)
Method Summary
 DirContextOperations authenticate(Authentication authentication)
          Authenticates as a user and obtains additional user information from the directory.
 void setPasswordAttributeName(String passwordAttribute)
 void setPasswordEncoder(PasswordEncoder passwordEncoder)
Methods inherited from class
afterPropertiesSet, getContextSource, getUserAttributes, getUserDns, getUserSearch, setMessageSource, setUserAttributes, setUserDnPatterns, setUserSearch
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail


public PasswordComparisonAuthenticator(BaseLdapPathContextSource contextSource)
Method Detail


public DirContextOperations authenticate(Authentication authentication)
Description copied from interface: LdapAuthenticator
Authenticates as a user and obtains additional user information from the directory.

the details of the successfully authenticated user.


public void setPasswordAttributeName(String passwordAttribute)


public void setPasswordEncoder(PasswordEncoder passwordEncoder)