|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
public abstract class AbstractJaasAuthenticationProvider
An AuthenticationProvider
implementation that retrieves user details from a JAAS login configuration.
This AuthenticationProvider
is capable of validating UsernamePasswordAuthenticationToken
requests contain the correct username and
password.
This implementation is backed by a JAAS configuration that is provided by
a subclass's implementation of createLoginContext(CallbackHandler)
.
When using JAAS login modules as the authentication source, sometimes the
LoginContext will
require CallbackHandlers. The AbstractJaasAuthenticationProvider uses an internal
CallbackHandler
to wrap the JaasAuthenticationCallbackHandler
s configured in the ApplicationContext.
When the LoginContext calls the internal CallbackHandler, control is passed to each
JaasAuthenticationCallbackHandler
for each Callback passed.
JaasAuthenticationCallbackHandler
s are passed to the AbstractJaasAuthenticationProvider through the callbackHandlers
property.
<property name="callbackHandlers"> <list> <bean class="org.springframework.security.authentication.jaas.TestCallbackHandler"/> <bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler
"/> <bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler
"/> </list> </property>
After calling LoginContext.login(), the AbstractJaasAuthenticationProvider will retrieve the returned Principals
from the Subject (LoginContext.getSubject().getPrincipals). Each returned principal is then passed to the
configured AuthorityGranter
s. An AuthorityGranter is a mapping between a returned Principal, and a role
name. If an AuthorityGranter wishes to grant an Authorization a role, it returns that role name from it's AuthorityGranter.grant(java.security.Principal)
method. The returned role will be applied to the Authorization
object as a GrantedAuthority
.
AuthorityGranters are configured in spring xml as follows...
<property name="authorityGranters"> <list> <bean class="org.springframework.security.authentication.jaas.TestAuthorityGranter"/> </list> </property>
Field Summary | |
---|---|
protected org.apache.commons.logging.Log |
log
|
Constructor Summary | |
---|---|
AbstractJaasAuthenticationProvider()
|
Method Summary | |
---|---|
void |
afterPropertiesSet()
Validates the required properties are set. |
Authentication |
authenticate(Authentication auth)
Attempts to login the user given the Authentication objects principal and credential |
protected abstract LoginContext |
createLoginContext(CallbackHandler handler)
Creates the LoginContext to be used for authentication. |
protected ApplicationEventPublisher |
getApplicationEventPublisher()
|
protected void |
handleLogout(SessionDestroyedEvent event)
Handles the logout by getting the security contexts for the destroyed session and invoking LoginContext.logout() for any which contain a JaasAuthenticationToken . |
void |
onApplicationEvent(SessionDestroyedEvent event)
|
protected void |
publishFailureEvent(UsernamePasswordAuthenticationToken token,
AuthenticationException ase)
Publishes the JaasAuthenticationFailedEvent . |
protected void |
publishSuccessEvent(UsernamePasswordAuthenticationToken token)
Publishes the JaasAuthenticationSuccessEvent . |
void |
setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher)
|
void |
setAuthorityGranters(AuthorityGranter[] authorityGranters)
Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication. |
void |
setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers)
Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the LoginContext.login method. |
void |
setLoginContextName(String loginContextName)
Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property. |
void |
setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver)
|
boolean |
supports(Class<?> aClass)
Returns true if this AuthenticationProvider supports the indicated
Authentication object. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected final org.apache.commons.logging.Log log
Constructor Detail |
---|
public AbstractJaasAuthenticationProvider()
Method Detail |
---|
public void afterPropertiesSet() throws Exception
setCallbackHandlers(JaasAuthenticationCallbackHandler[])
has not
been called with valid handlers, initializes to use
JaasNameCallbackHandler
and JaasPasswordCallbackHandler
.
afterPropertiesSet
in interface InitializingBean
Exception
public Authentication authenticate(Authentication auth) throws AuthenticationException
authenticate
in interface AuthenticationProvider
auth
- The Authentication object to be authenticated.
AuthenticationException
- This implementation does not handle 'locked' or 'disabled' accounts. This method
only throws a AuthenticationServiceException, with the message of the LoginException that will be
thrown, should the loginContext.login() method fail.protected abstract LoginContext createLoginContext(CallbackHandler handler) throws LoginException
handler
- The CallbackHandler that should be used for the LoginContext (never null
).
LoginException
protected void handleLogout(SessionDestroyedEvent event)
LoginContext.logout()
for any which contain a JaasAuthenticationToken
.
event
- the session event which contains the current sessionpublic void onApplicationEvent(SessionDestroyedEvent event)
onApplicationEvent
in interface ApplicationListener<SessionDestroyedEvent>
protected void publishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase)
JaasAuthenticationFailedEvent
. Can be overridden by subclasses for different
functionality
token
- The authentication token being processedase
- The excetion that caused the authentication failureprotected void publishSuccessEvent(UsernamePasswordAuthenticationToken token)
JaasAuthenticationSuccessEvent
. Can be overridden by subclasses for different
functionality.
token
- The token being processedpublic void setAuthorityGranters(AuthorityGranter[] authorityGranters)
authorityGranters
- AuthorityGranter arrayJaasAuthenticationProvider
public void setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers)
callbackHandlers
- Array of JAASAuthenticationCallbackHandlerspublic void setLoginContextName(String loginContextName)
loginContextName
- public void setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver)
public boolean supports(Class<?> aClass)
AuthenticationProvider
true
if this AuthenticationProvider
supports the indicated
Authentication
object.
Returning true
does not guarantee an AuthenticationProvider
will be able to
authenticate the presented instance of the Authentication
class. It simply indicates it can support
closer evaluation of it. An AuthenticationProvider
can still return null
from the
AuthenticationProvider.authenticate(Authentication)
method to indicate another AuthenticationProvider
should be
tried.
Selection of an AuthenticationProvider
capable of performing authentication is
conducted at runtime the ProviderManager
.
supports
in interface AuthenticationProvider
true
if the implementation can more closely evaluate the Authentication
class
presentedpublic void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher)
setApplicationEventPublisher
in interface ApplicationEventPublisherAware
protected ApplicationEventPublisher getApplicationEventPublisher()
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |