public class ProviderManager extends java.lang.Object implements AuthenticationManager, org.springframework.context.MessageSourceAware, org.springframework.beans.factory.InitializingBean
Authentication request through a list of
AuthenticationProviders.
AuthenticationProviders are usually tried in order until one provides a
non-null response. A non-null response indicates the provider had authority to decide
on the authentication request and no further providers are tried. If a subsequent
provider successfully authenticates the request, the earlier authentication exception
is disregarded and the successful authentication will be used. If no subsequent
provider provides a non-null response, or a new AuthenticationException,
the last AuthenticationException received will be used. If no provider
returns a non-null response, or indicates it can even process an
Authentication, the ProviderManager will throw a
ProviderNotFoundException. A parent AuthenticationManager can also
be set, and this will also be tried if none of the configured providers can perform the
authentication. This is intended to support namespace configuration options though and
is not a feature that should normally be required.
The exception to this process is when a provider throws an
AccountStatusException, in which case no further providers in the list will be
queried.
Post-authentication, the credentials will be cleared from the returned
Authentication object, if it implements the CredentialsContainer
interface. This behaviour can be controlled by modifying the
eraseCredentialsAfterAuthentication property.
Authentication event publishing is delegated to the configured
AuthenticationEventPublisher which defaults to a null implementation which
doesn't publish events, so if you are configuring the bean yourself you must inject a
publisher bean if you want to receive events. The standard implementation is
DefaultAuthenticationEventPublisher which maps common exceptions to events (in
the case of authentication failure) and publishes an
AuthenticationSuccessEvent if authentication succeeds. If you are using the namespace
then an instance of this bean will be used automatically by the <http>
configuration, so you will receive events from the web part of your application
automatically.
Note that the implementation also publishes authentication failure events when it
obtains an authentication result (or an exception) from the "parent"
AuthenticationManager if one has been set. So in this situation, the parent
should not generally be configured to publish events or there will be duplicates.
DefaultAuthenticationEventPublisher| Modifier and Type | Field and Description |
|---|---|
protected org.springframework.context.support.MessageSourceAccessor |
messages |
| Constructor and Description |
|---|
ProviderManager(java.util.List<AuthenticationProvider> providers) |
ProviderManager(java.util.List<AuthenticationProvider> providers,
AuthenticationManager parent) |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
Authentication |
authenticate(Authentication authentication)
Attempts to authenticate the passed
Authentication object. |
java.util.List<AuthenticationProvider> |
getProviders() |
boolean |
isEraseCredentialsAfterAuthentication() |
void |
setAuthenticationEventPublisher(AuthenticationEventPublisher eventPublisher) |
void |
setEraseCredentialsAfterAuthentication(boolean eraseSecretData)
If set to, a resulting
Authentication which implements the
CredentialsContainer interface will have its
eraseCredentials method called
before it is returned from the authenticate() method. |
void |
setMessageSource(org.springframework.context.MessageSource messageSource) |
public ProviderManager(java.util.List<AuthenticationProvider> providers)
public ProviderManager(java.util.List<AuthenticationProvider> providers, AuthenticationManager parent)
public void afterPropertiesSet()
throws java.lang.Exception
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBeanjava.lang.Exceptionpublic Authentication authenticate(Authentication authentication) throws AuthenticationException
Authentication object.
The list of AuthenticationProviders will be successively tried until an
AuthenticationProvider indicates it is capable of authenticating the
type of Authentication object passed. Authentication will then be
attempted with that AuthenticationProvider.
If more than one AuthenticationProvider supports the passed
Authentication object, the first one able to successfully
authenticate the Authentication object determines the
result, overriding any possible AuthenticationException
thrown by earlier supporting AuthenticationProviders.
On successful authentication, no subsequent AuthenticationProviders
will be tried.
If authentication was not successful by any supporting
AuthenticationProvider the last thrown
AuthenticationException will be rethrown.
authenticate in interface AuthenticationManagerauthentication - the authentication request object.AuthenticationException - if authentication fails.public java.util.List<AuthenticationProvider> getProviders()
public void setMessageSource(org.springframework.context.MessageSource messageSource)
setMessageSource in interface org.springframework.context.MessageSourceAwarepublic void setAuthenticationEventPublisher(AuthenticationEventPublisher eventPublisher)
public void setEraseCredentialsAfterAuthentication(boolean eraseSecretData)
Authentication which implements the
CredentialsContainer interface will have its
eraseCredentials method called
before it is returned from the authenticate() method.eraseSecretData - set to false to retain the credentials data in
memory. Defaults to true.public boolean isEraseCredentialsAfterAuthentication()