org.springframework.security.authentication.jaas

Class AbstractJaasAuthenticationProvider

java.lang.Object

org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

All Implemented Interfaces:

EventListener, Aware, InitializingBean, ApplicationEventPublisherAware, ApplicationListener<SessionDestroyedEvent>, AuthenticationProvider

Direct Known Subclasses:

DefaultJaasAuthenticationProvider, JaasAuthenticationProvider

public abstract class AbstractJaasAuthenticationProvider
extends Object
implements AuthenticationProvider, ApplicationEventPublisherAware, InitializingBean, ApplicationListener<SessionDestroyedEvent>

An AuthenticationProvider implementation that retrieves user details from a JAAS login configuration.

This AuthenticationProvider is capable of validating UsernamePasswordAuthenticationToken requests contain the correct username and password.

This implementation is backed by a JAAS configuration that is provided by a subclass's implementation of createLoginContext(CallbackHandler).

When using JAAS login modules as the authentication source, sometimes the LoginContext will require CallbackHandlers. The AbstractJaasAuthenticationProvider uses an internal CallbackHandler to wrap the JaasAuthenticationCallbackHandlers configured in the ApplicationContext. When the LoginContext calls the internal CallbackHandler, control is passed to each JaasAuthenticationCallbackHandler for each Callback passed.

JaasAuthenticationCallbackHandlers are passed to the AbstractJaasAuthenticationProvider through the callbackHandlers property.

 <property name="callbackHandlers">
   <list>
     <bean class="org.springframework.security.authentication.jaas.TestCallbackHandler"/>
     <bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler"/>
     <bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler"/>
  </list>
 </property>
 

After calling LoginContext.login(), the AbstractJaasAuthenticationProvider will retrieve the returned Principals from the Subject (LoginContext.getSubject().getPrincipals). Each returned principal is then passed to the configured AuthorityGranters. An AuthorityGranter is a mapping between a returned Principal, and a role name. If an AuthorityGranter wishes to grant an Authorization a role, it returns that role name from it's AuthorityGranter.grant(java.security.Principal) method. The returned role will be applied to the Authorization object as a GrantedAuthority.

AuthorityGranters are configured in spring xml as follows...

 <property name="authorityGranters">
   <list>
     <bean class="org.springframework.security.authentication.jaas.TestAuthorityGranter"/>
   </list>
  </property>
 

Field Summary

Fields

Modifier and Type	Field and Description
protected org.apache.commons.logging.Log	log

Constructor Summary

Constructors

Constructor and Description
AbstractJaasAuthenticationProvider()

Method Summary

Methods

Modifier and Type	Method and Description
void	afterPropertiesSet() Validates the required properties are set.
Authentication	authenticate(Authentication auth) Attempts to login the user given the Authentication objects principal and credential
protected abstract LoginContext	createLoginContext(CallbackHandler handler) Creates the LoginContext to be used for authentication.
protected ApplicationEventPublisher	getApplicationEventPublisher()
protected void	handleLogout(SessionDestroyedEvent event) Handles the logout by getting the security contexts for the destroyed session and invoking LoginContext.logout() for any which contain a JaasAuthenticationToken.
void	onApplicationEvent(SessionDestroyedEvent event)
protected void	publishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase) Publishes the JaasAuthenticationFailedEvent.
protected void	publishSuccessEvent(UsernamePasswordAuthenticationToken token) Publishes the JaasAuthenticationSuccessEvent.
void	setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher)
void	setAuthorityGranters(AuthorityGranter[] authorityGranters) Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.
void	setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers) Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the LoginContext.login method.
void	setLoginContextName(String loginContextName) Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property.
void	setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver)
boolean	supports(Class<?> aClass) Returns true if this AuthenticationProvider supports the indicated Authentication object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

protected final org.apache.commons.logging.Log log

Constructor Detail

AbstractJaasAuthenticationProvider

public AbstractJaasAuthenticationProvider()

Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Validates the required properties are set. In addition, if setCallbackHandlers(JaasAuthenticationCallbackHandler[]) has not been called with valid handlers, initializes to use JaasNameCallbackHandler and JaasPasswordCallbackHandler.

Specified by:

afterPropertiesSet in interface InitializingBean

Throws:

Exception

authenticate

public Authentication authenticate(Authentication auth)
                            throws AuthenticationException

Attempts to login the user given the Authentication objects principal and credential

Specified by:

authenticate in interface AuthenticationProvider

Parameters:

auth - The Authentication object to be authenticated.

Returns:

The authenticated Authentication object, with it's grantedAuthorities set.

Throws:

AuthenticationException - This implementation does not handle 'locked' or 'disabled' accounts. This method only throws a AuthenticationServiceException, with the message of the LoginException that will be thrown, should the loginContext.login() method fail.

createLoginContext

protected abstract LoginContext createLoginContext(CallbackHandler handler)
                                            throws LoginException

Creates the LoginContext to be used for authentication.

Parameters:

handler - The CallbackHandler that should be used for the LoginContext (never null).

Returns:

the LoginContext to use for authentication.

Throws:

LoginException

handleLogout

protected void handleLogout(SessionDestroyedEvent event)

Handles the logout by getting the security contexts for the destroyed session and invoking LoginContext.logout() for any which contain a JaasAuthenticationToken.

Parameters:

event - the session event which contains the current session

onApplicationEvent

public void onApplicationEvent(SessionDestroyedEvent event)

Specified by:

onApplicationEvent in interface ApplicationListener<SessionDestroyedEvent>

publishFailureEvent

protected void publishFailureEvent(UsernamePasswordAuthenticationToken token,
                       AuthenticationException ase)

Publishes the JaasAuthenticationFailedEvent. Can be overridden by subclasses for different functionality

Parameters:

token - The authentication token being processed

ase - The excetion that caused the authentication failure

publishSuccessEvent

protected void publishSuccessEvent(UsernamePasswordAuthenticationToken token)

Publishes the JaasAuthenticationSuccessEvent. Can be overridden by subclasses for different functionality.

Parameters:

token - The token being processed

setAuthorityGranters

public void setAuthorityGranters(AuthorityGranter[] authorityGranters)

Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.

Parameters:

authorityGranters - AuthorityGranter array

See Also:

JaasAuthenticationProvider

setCallbackHandlers

public void setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers)

Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the LoginContext.login method.

Parameters:

callbackHandlers - Array of JAASAuthenticationCallbackHandlers

setLoginContextName

public void setLoginContextName(String loginContextName)

Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property.

Parameters:

loginContextName -

setLoginExceptionResolver

public void setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver)

supports

public boolean supports(Class<?> aClass)

Description copied from interface: AuthenticationProvider

Returns true if this AuthenticationProvider supports the indicated Authentication object.

Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented instance of the Authentication class. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the AuthenticationProvider.authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.

Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

Specified by:

supports in interface AuthenticationProvider

Returns:

true if the implementation can more closely evaluate the Authentication class presented

setApplicationEventPublisher

public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher)

Specified by:

setApplicationEventPublisher in interface ApplicationEventPublisherAware

getApplicationEventPublisher

protected ApplicationEventPublisher getApplicationEventPublisher()