public abstract class AbstractLdapAuthenticationProvider extends Object implements AuthenticationProvider, MessageSourceAware
LdapAuthenticationProvider
and the
ActiveDirectoryLdapAuthenticationProvider
.Modifier and Type | Field and Description |
---|---|
protected org.apache.commons.logging.Log |
logger |
protected MessageSourceAccessor |
messages |
protected UserDetailsContextMapper |
userDetailsContextMapper |
Constructor and Description |
---|
AbstractLdapAuthenticationProvider() |
Modifier and Type | Method and Description |
---|---|
Authentication |
authenticate(Authentication authentication)
Performs authentication with the same contract as
AuthenticationManager.authenticate(Authentication)
. |
protected Authentication |
createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication,
UserDetails user)
Creates the final
Authentication object which will be returned from the
authenticate method. |
protected abstract DirContextOperations |
doAuthentication(UsernamePasswordAuthenticationToken auth) |
protected UserDetailsContextMapper |
getUserDetailsContextMapper()
Provides access to the injected
UserDetailsContextMapper strategy for use
by subclasses. |
protected abstract Collection<? extends GrantedAuthority> |
loadUserAuthorities(DirContextOperations userData,
String username,
String password) |
void |
setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) |
void |
setMessageSource(MessageSource messageSource) |
void |
setUseAuthenticationRequestCredentials(boolean useAuthenticationRequestCredentials)
Determines whether the supplied password will be used as the credentials in the
successful authentication token.
|
void |
setUserDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper)
Allows a custom strategy to be used for creating the UserDetails which
will be stored as the principal in the Authentication returned by the
createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails)
method. |
boolean |
supports(Class<?> authentication)
Returns
true if this AuthenticationProvider supports the
indicated Authentication object. |
protected final org.apache.commons.logging.Log logger
protected MessageSourceAccessor messages
protected UserDetailsContextMapper userDetailsContextMapper
public Authentication authenticate(Authentication authentication) throws AuthenticationException
AuthenticationProvider
AuthenticationManager.authenticate(Authentication)
.authenticate
in interface AuthenticationProvider
authentication
- the authentication request object.null
if the AuthenticationProvider
is unable to support
authentication of the passed Authentication
object. In such a case,
the next AuthenticationProvider
that supports the presented
Authentication
class will be tried.AuthenticationException
- if authentication fails.protected abstract DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken auth)
protected abstract Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations userData, String username, String password)
protected Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication, UserDetails user)
Authentication
object which will be returned from the
authenticate
method.authentication
- the original authentication request tokenuser
- the UserDetails instance returned by the configured
UserDetailsContextMapper.public boolean supports(Class<?> authentication)
AuthenticationProvider
true
if this AuthenticationProvider
supports the
indicated Authentication
object.
Returning true
does not guarantee an
AuthenticationProvider
will be able to authenticate the presented
instance of the Authentication
class. It simply indicates it can
support closer evaluation of it. An AuthenticationProvider
can still
return null
from the AuthenticationProvider.authenticate(Authentication)
method to
indicate another AuthenticationProvider
should be tried.
Selection of an AuthenticationProvider
capable of performing
authentication is conducted at runtime the ProviderManager
.
supports
in interface AuthenticationProvider
true
if the implementation can more closely evaluate the
Authentication
class presentedpublic void setUseAuthenticationRequestCredentials(boolean useAuthenticationRequestCredentials)
UserDetailsContextMapper
. Often it will not be possible to read the
password from the directory, so defaults to true.useAuthenticationRequestCredentials
- public void setMessageSource(MessageSource messageSource)
setMessageSource
in interface MessageSourceAware
public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
public void setUserDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper)
createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails)
method.userDetailsContextMapper
- the strategy instance. If not set, defaults to a
simple LdapUserDetailsMapper.protected UserDetailsContextMapper getUserDetailsContextMapper()
UserDetailsContextMapper
strategy for use
by subclasses.