public abstract class AbstractJaasAuthenticationProvider extends java.lang.Object implements AuthenticationProvider, org.springframework.context.ApplicationEventPublisherAware, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationListener<SessionDestroyedEvent>
AuthenticationProvider implementation that retrieves user details from a
JAAS login configuration.
This AuthenticationProvider is capable of validating
UsernamePasswordAuthenticationToken
requests contain the correct username and password.
This implementation is backed by a
JAAS configuration that is provided by a subclass's implementation of
createLoginContext(CallbackHandler).
When using JAAS login modules as the authentication source, sometimes the
LoginContext will require CallbackHandlers. The
AbstractJaasAuthenticationProvider uses an internal CallbackHandler to wrap the JaasAuthenticationCallbackHandlers configured
in the ApplicationContext. When the LoginContext calls the internal CallbackHandler,
control is passed to each JaasAuthenticationCallbackHandler for each Callback
passed.
JaasAuthenticationCallbackHandlers are passed to the
AbstractJaasAuthenticationProvider through the
callbackHandlers property.
<property name="callbackHandlers">
<list>
<bean class="org.springframework.security.authentication.jaas.TestCallbackHandler"/>
<bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler"/>
<bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler"/>
</list>
</property>
After calling LoginContext.login(), the AbstractJaasAuthenticationProvider will
retrieve the returned Principals from the Subject
(LoginContext.getSubject().getPrincipals). Each returned principal is then passed to
the configured AuthorityGranters. An AuthorityGranter is a mapping between a
returned Principal, and a role name. If an AuthorityGranter wishes to grant an
Authorization a role, it returns that role name from it's
AuthorityGranter.grant(java.security.Principal) method. The returned role will
be applied to the Authorization object as a GrantedAuthority.
AuthorityGranters are configured in spring xml as follows...
<property name="authorityGranters">
<list>
<bean class="org.springframework.security.authentication.jaas.TestAuthorityGranter"/>
</list>
</property>
| Modifier and Type | Field and Description |
|---|---|
protected org.apache.commons.logging.Log |
log |
| Constructor and Description |
|---|
AbstractJaasAuthenticationProvider() |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet()
Validates the required properties are set.
|
Authentication |
authenticate(Authentication auth)
Attempts to login the user given the Authentication objects principal and
credential
|
protected abstract javax.security.auth.login.LoginContext |
createLoginContext(javax.security.auth.callback.CallbackHandler handler)
Creates the LoginContext to be used for authentication.
|
protected org.springframework.context.ApplicationEventPublisher |
getApplicationEventPublisher() |
protected void |
handleLogout(SessionDestroyedEvent event)
Handles the logout by getting the security contexts for the destroyed session and
invoking
LoginContext.logout() for any which contain a
JaasAuthenticationToken. |
void |
onApplicationEvent(SessionDestroyedEvent event) |
protected void |
publishFailureEvent(UsernamePasswordAuthenticationToken token,
AuthenticationException ase)
Publishes the
JaasAuthenticationFailedEvent. |
protected void |
publishSuccessEvent(UsernamePasswordAuthenticationToken token)
Publishes the
JaasAuthenticationSuccessEvent. |
void |
setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher) |
void |
setAuthorityGranters(AuthorityGranter[] authorityGranters)
Set the AuthorityGranters that should be consulted for role names to be granted to
the Authentication.
|
void |
setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers)
Set the JAASAuthentcationCallbackHandler array to handle callback objects generated
by the LoginContext.login method.
|
void |
setLoginContextName(java.lang.String loginContextName)
Set the loginContextName, this name is used as the index to the configuration
specified in the loginConfig property.
|
void |
setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver) |
boolean |
supports(java.lang.Class<?> aClass)
Returns
true if this AuthenticationProvider supports the
indicated Authentication object. |
public void afterPropertiesSet()
throws java.lang.Exception
setCallbackHandlers(JaasAuthenticationCallbackHandler[]) has not been
called with valid handlers, initializes to use JaasNameCallbackHandler and
JaasPasswordCallbackHandler.afterPropertiesSet in interface org.springframework.beans.factory.InitializingBeanjava.lang.Exceptionpublic Authentication authenticate(Authentication auth) throws AuthenticationException
authenticate in interface AuthenticationProviderauth - The Authentication object to be authenticated.AuthenticationException - This implementation does not handle 'locked' or
'disabled' accounts. This method only throws a AuthenticationServiceException, with
the message of the LoginException that will be thrown, should the
loginContext.login() method fail.protected abstract javax.security.auth.login.LoginContext createLoginContext(javax.security.auth.callback.CallbackHandler handler)
throws javax.security.auth.login.LoginException
handler - The CallbackHandler that should be used for the LoginContext (never
null).javax.security.auth.login.LoginExceptionprotected void handleLogout(SessionDestroyedEvent event)
LoginContext.logout() for any which contain a
JaasAuthenticationToken.event - the session event which contains the current sessionpublic void onApplicationEvent(SessionDestroyedEvent event)
onApplicationEvent in interface org.springframework.context.ApplicationListener<SessionDestroyedEvent>protected void publishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase)
JaasAuthenticationFailedEvent. Can be overridden by
subclasses for different functionalitytoken - The authentication token being processedase - The excetion that caused the authentication failureprotected void publishSuccessEvent(UsernamePasswordAuthenticationToken token)
JaasAuthenticationSuccessEvent. Can be overridden by
subclasses for different functionality.token - The token being processedpublic void setAuthorityGranters(AuthorityGranter[] authorityGranters)
authorityGranters - AuthorityGranter arrayJaasAuthenticationProviderpublic void setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers)
callbackHandlers - Array of JAASAuthenticationCallbackHandlerspublic void setLoginContextName(java.lang.String loginContextName)
loginContextName - public void setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver)
public boolean supports(java.lang.Class<?> aClass)
AuthenticationProvidertrue if this AuthenticationProvider supports the
indicated Authentication object.
Returning true does not guarantee an
AuthenticationProvider will be able to authenticate the presented
instance of the Authentication class. It simply indicates it can
support closer evaluation of it. An AuthenticationProvider can still
return null from the AuthenticationProvider.authenticate(Authentication) method to
indicate another AuthenticationProvider should be tried.
Selection of an AuthenticationProvider capable of performing
authentication is conducted at runtime the ProviderManager.
supports in interface AuthenticationProvidertrue if the implementation can more closely evaluate the
Authentication class presentedpublic void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)
setApplicationEventPublisher in interface org.springframework.context.ApplicationEventPublisherAwareprotected org.springframework.context.ApplicationEventPublisher getApplicationEventPublisher()