|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.authentication.ProviderManager
public class ProviderManager
Iterates an Authentication
request through a list of AuthenticationProvider
s.
AuthenticationProviders are usually tried in order until one provides a non-null response.
A non-null response indicates the provider had authority to decide on the authentication request and no further
providers are tried.
If a subsequent provider successfully authenticates the request, the earlier authentication exception is disregarded
and the successful authentication will be used. If no subsequent provider provides a non-null response, or a new
AuthenticationException
, the last AuthenticationException
received will be used.
If no provider returns a non-null response, or indicates it can even process an Authentication
,
the ProviderManager
will throw a ProviderNotFoundException
.
A parent AuthenticationManager
can also be set, and this will also be tried if none of the configured
providers can perform the authentication. This is intended to support namespace configuration options though and
is not a feature that should normally be required.
The exception to this process is when a provider throws an AccountStatusException
, in which case no
further providers in the list will be queried.
Post-authentication, the credentials will be cleared from the returned Authentication
object, if it
implements the CredentialsContainer
interface. This behaviour can be controlled by modifying the
eraseCredentialsAfterAuthentication
property.
Authentication event publishing is delegated to the configured AuthenticationEventPublisher
which defaults
to a null implementation which doesn't publish events, so if you are configuring the bean yourself you must inject
a publisher bean if you want to receive events. The standard implementation is DefaultAuthenticationEventPublisher
which maps common exceptions to events (in the case of authentication failure) and publishes an
AuthenticationSuccessEvent
if
authentication succeeds. If you are using the namespace then an instance of this bean will be used automatically by
the <http> configuration, so you will receive events from the web part of your application automatically.
Note that the implementation also publishes authentication failure events when it obtains an authentication result
(or an exception) from the "parent" AuthenticationManager
if one has been set. So in this situation, the
parent should not generally be configured to publish events or there will be duplicates.
DefaultAuthenticationEventPublisher
Field Summary | |
---|---|
protected MessageSourceAccessor |
messages
|
Constructor Summary | |
---|---|
ProviderManager()
Deprecated. Use constructor which takes provider list |
|
ProviderManager(List<AuthenticationProvider> providers)
|
|
ProviderManager(List<AuthenticationProvider> providers,
AuthenticationManager parent)
|
Method Summary | |
---|---|
void |
afterPropertiesSet()
|
Authentication |
authenticate(Authentication authentication)
Attempts to authenticate the passed Authentication object. |
List<AuthenticationProvider> |
getProviders()
|
boolean |
isEraseCredentialsAfterAuthentication()
|
void |
setAuthenticationEventPublisher(AuthenticationEventPublisher eventPublisher)
|
void |
setClearExtraInformation(boolean clearExtraInformation)
Deprecated. the extraInformation property is deprecated |
void |
setEraseCredentialsAfterAuthentication(boolean eraseSecretData)
If set to, a resulting Authentication which implements the CredentialsContainer interface
will have its eraseCredentials method called before it is returned
from the authenticate() method. |
void |
setMessageSource(MessageSource messageSource)
|
void |
setParent(AuthenticationManager parent)
Deprecated. Use constructor injection |
void |
setProviders(List providers)
Deprecated. Use constructor injection |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected MessageSourceAccessor messages
Constructor Detail |
---|
@Deprecated public ProviderManager()
public ProviderManager(List<AuthenticationProvider> providers)
public ProviderManager(List<AuthenticationProvider> providers, AuthenticationManager parent)
Method Detail |
---|
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface InitializingBean
Exception
public Authentication authenticate(Authentication authentication) throws AuthenticationException
Authentication
object.
The list of AuthenticationProvider
s will be successively tried until an
AuthenticationProvider
indicates it is capable of authenticating the type of
Authentication
object passed. Authentication will then be attempted with that
AuthenticationProvider
.
If more than one AuthenticationProvider
supports the passed Authentication
object, only the first AuthenticationProvider
tried will determine the result. No subsequent
AuthenticationProvider
s will be tried.
authenticate
in interface AuthenticationManager
authentication
- the authentication request object.
AuthenticationException
- if authentication fails.public List<AuthenticationProvider> getProviders()
public void setMessageSource(MessageSource messageSource)
setMessageSource
in interface MessageSourceAware
@Deprecated public void setParent(AuthenticationManager parent)
public void setAuthenticationEventPublisher(AuthenticationEventPublisher eventPublisher)
public void setEraseCredentialsAfterAuthentication(boolean eraseSecretData)
Authentication
which implements the CredentialsContainer
interface
will have its eraseCredentials
method called before it is returned
from the authenticate()
method.
eraseSecretData
- set to false to retain the credentials data in memory.
Defaults to true.public boolean isEraseCredentialsAfterAuthentication()
@Deprecated public void setProviders(List providers)
AuthenticationProvider
objects to be used for authentication.
providers
- the list of authentication providers which will be used to process authentication requests.
IllegalArgumentException
- if the list is empty or null, or any of the elements in the list is not an
AuthenticationProvider instance.@Deprecated public void setClearExtraInformation(boolean clearExtraInformation)
extraInformation
property is deprecated
extraInformation
set on an AuthenticationException
will be cleared
before rethrowing it. This is useful for use with remoting protocols where the information shouldn't
be serialized to the client. Defaults to 'false'.
AuthenticationException.getExtraInformation()
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |