AbstractLdapAuthenticationProvider (Spring Security 3.1.3 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.ldap.authentication
Class AbstractLdapAuthenticationProvider

java.lang.Object
  org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

All Implemented Interfaces:: MessageSourceAware, AuthenticationProvider

Direct Known Subclasses:: ActiveDirectoryLdapAuthenticationProvider, LdapAuthenticationProvider

public abstract class AbstractLdapAuthenticationProvider
extends Object
implements AuthenticationProvider, MessageSourceAware
extends Object
implements AuthenticationProvider, MessageSourceAware

Base class for the standard LdapAuthenticationProvider and the ActiveDirectoryLdapAuthenticationProvider.

Since:: 3.1

Field Summary
`protected org.apache.commons.logging.Log`	`logger`
`protected MessageSourceAccessor`	`messages`
`protected UserDetailsContextMapper`	`userDetailsContextMapper`

Constructor Summary
`AbstractLdapAuthenticationProvider()`

Method Summary
`Authentication`	`authenticate(Authentication authentication)` Performs authentication with the same contract as `AuthenticationManager.authenticate(Authentication)`.
`protected Authentication`	`createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication, UserDetails user)` Creates the final `Authentication` object which will be returned from the `authenticate` method.
`protected abstract DirContextOperations`	`doAuthentication(UsernamePasswordAuthenticationToken auth)`
`protected UserDetailsContextMapper`	`getUserDetailsContextMapper()` Provides access to the injected `UserDetailsContextMapper` strategy for use by subclasses.
`protected abstract Collection<? extends GrantedAuthority>`	`loadUserAuthorities(DirContextOperations userData, String username, String password)`
`void`	`setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)`
`void`	`setMessageSource(MessageSource messageSource)`
`void`	`setUseAuthenticationRequestCredentials(boolean useAuthenticationRequestCredentials)` Determines whether the supplied password will be used as the credentials in the successful authentication token.
`void`	`setUserDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper)` Allows a custom strategy to be used for creating the `UserDetails` which will be stored as the principal in the `Authentication` returned by the `createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails)` method.
`boolean`	`supports(Class<?> authentication)` Returns `true` if this `AuthenticationProvider` supports the indicated `Authentication` object.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

logger

protected final org.apache.commons.logging.Log logger

messages

protected MessageSourceAccessor messages

userDetailsContextMapper

protected UserDetailsContextMapper userDetailsContextMapper

Constructor Detail

AbstractLdapAuthenticationProvider

public AbstractLdapAuthenticationProvider()

Method Detail

authenticate

public Authentication authenticate(Authentication authentication)
                            throws AuthenticationException

Description copied from interface: AuthenticationProvider

Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication).

Specified by:: authenticate in interface AuthenticationProvider

Parameters:: authentication - the authentication request object.
Returns:: a fully authenticated object including credentials. May return null if the AuthenticationProvider is unable to support authentication of the passed Authentication object. In such a case, the next AuthenticationProvider that supports the presented Authentication class will be tried.
Throws:: AuthenticationException - if authentication fails.

doAuthentication

protected abstract DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken auth)

loadUserAuthorities

protected abstract Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations userData,
                                                                              String username,
                                                                              String password)

createSuccessfulAuthentication

protected Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication,
                                                        UserDetails user)

Creates the final Authentication object which will be returned from the authenticate method.

Parameters:: authentication - the original authentication request token; user - the UserDetails instance returned by the configured UserDetailsContextMapper.
Returns:: the Authentication object for the fully authenticated user.

supports

public boolean supports(Class<?> authentication)

Description copied from interface: AuthenticationProvider

Returns true if this AuthenticationProvider supports the indicated Authentication object.

Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented instance of the Authentication class. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the AuthenticationProvider.authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.

Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

Specified by:: supports in interface AuthenticationProvider

Returns:: true if the implementation can more closely evaluate the Authentication class presented

setUseAuthenticationRequestCredentials

public void setUseAuthenticationRequestCredentials(boolean useAuthenticationRequestCredentials)

Determines whether the supplied password will be used as the credentials in the successful authentication token. If set to false, then the password will be obtained from the UserDetails object created by the configured UserDetailsContextMapper. Often it will not be possible to read the password from the directory, so defaults to true.

Parameters:: useAuthenticationRequestCredentials -

setMessageSource

public void setMessageSource(MessageSource messageSource)

Specified by:: setMessageSource in interface MessageSourceAware

setAuthoritiesMapper

public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)

setUserDetailsContextMapper

public void setUserDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper)

Allows a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication returned by the

createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails)

method.

Parameters:: userDetailsContextMapper - the strategy instance. If not set, defaults to a simple LdapUserDetailsMapper.

getUserDetailsContextMapper

protected UserDetailsContextMapper getUserDetailsContextMapper()

Provides access to the injected UserDetailsContextMapper strategy for use by subclasses.