public class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider
AuthenticationProvider
implementation that retrieves user details from a
UserDetailsService
.hideUserNotFoundExceptions, logger, messages
Constructor and Description |
---|
DaoAuthenticationProvider() |
Modifier and Type | Method and Description |
---|---|
protected void |
additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication)
Allows subclasses to perform any additional checks of a returned (or cached)
UserDetails for a given authentication request. |
protected Authentication |
createSuccessAuthentication(java.lang.Object principal,
Authentication authentication,
UserDetails user)
Creates a successful
Authentication object. |
protected void |
doAfterPropertiesSet() |
protected PasswordEncoder |
getPasswordEncoder() |
protected UserDetailsService |
getUserDetailsService() |
protected UserDetails |
retrieveUser(java.lang.String username,
UsernamePasswordAuthenticationToken authentication)
Allows subclasses to actually retrieve the
UserDetails from an
implementation-specific location, with the option of throwing an
AuthenticationException immediately if the presented credentials are
incorrect (this is especially useful if it is necessary to bind to a resource as
the user in order to obtain or generate a UserDetails ). |
void |
setPasswordEncoder(PasswordEncoder passwordEncoder)
Sets the PasswordEncoder instance to be used to encode and validate passwords.
|
void |
setUserDetailsPasswordService(UserDetailsPasswordService userDetailsPasswordService) |
void |
setUserDetailsService(UserDetailsService userDetailsService) |
afterPropertiesSet, authenticate, getPostAuthenticationChecks, getPreAuthenticationChecks, getUserCache, isForcePrincipalAsString, isHideUserNotFoundExceptions, setAuthoritiesMapper, setForcePrincipalAsString, setHideUserNotFoundExceptions, setMessageSource, setPostAuthenticationChecks, setPreAuthenticationChecks, setUserCache, supports
protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException
AbstractUserDetailsAuthenticationProvider
UserDetails
for a given authentication request. Generally a subclass
will at least compare the Authentication.getCredentials()
with a
UserDetails.getPassword()
. If custom logic is needed to compare additional
properties of UserDetails
and/or
UsernamePasswordAuthenticationToken
, these should also appear in this
method.additionalAuthenticationChecks
in class AbstractUserDetailsAuthenticationProvider
userDetails
- as retrieved from the
AbstractUserDetailsAuthenticationProvider.retrieveUser(String, UsernamePasswordAuthenticationToken)
or
UserCache
authentication
- the current request that needs to be authenticatedAuthenticationException
- AuthenticationException if the credentials could
not be validated (generally a BadCredentialsException
, an
AuthenticationServiceException
)protected void doAfterPropertiesSet() throws java.lang.Exception
doAfterPropertiesSet
in class AbstractUserDetailsAuthenticationProvider
java.lang.Exception
protected final UserDetails retrieveUser(java.lang.String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException
AbstractUserDetailsAuthenticationProvider
UserDetails
from an
implementation-specific location, with the option of throwing an
AuthenticationException
immediately if the presented credentials are
incorrect (this is especially useful if it is necessary to bind to a resource as
the user in order to obtain or generate a UserDetails
).
Subclasses are not required to perform any caching, as the
AbstractUserDetailsAuthenticationProvider
will by default cache the
UserDetails
. The caching of UserDetails
does present
additional complexity as this means subsequent requests that rely on the cache will
need to still have their credentials validated, even if the correctness of
credentials was assured by subclasses adopting a binding-based strategy in this
method. Accordingly it is important that subclasses either disable caching (if they
want to ensure that this method is the only method that is capable of
authenticating a request, as no UserDetails
will ever be cached) or
ensure subclasses implement
AbstractUserDetailsAuthenticationProvider.additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken)
to compare the credentials of a cached UserDetails
with subsequent
authentication requests.
Most of the time subclasses will not perform credentials inspection in this method,
instead performing it in
AbstractUserDetailsAuthenticationProvider.additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken)
so that code related to credentials validation need not be duplicated across two
methods.
retrieveUser
in class AbstractUserDetailsAuthenticationProvider
username
- The username to retrieveauthentication
- The authentication request, which subclasses may
need to perform a binding-based retrieval of the UserDetails
null
- instead an exception should
the thrown)AuthenticationException
- if the credentials could not be validated
(generally a BadCredentialsException
, an
AuthenticationServiceException
or
UsernameNotFoundException
)protected Authentication createSuccessAuthentication(java.lang.Object principal, Authentication authentication, UserDetails user)
AbstractUserDetailsAuthenticationProvider
Authentication
object.
Protected so subclasses can override.
Subclasses will usually store the original credentials the user supplied (not
salted or encoded passwords) in the returned Authentication
object.
createSuccessAuthentication
in class AbstractUserDetailsAuthenticationProvider
principal
- that should be the principal in the returned object (defined by
the AbstractUserDetailsAuthenticationProvider.isForcePrincipalAsString()
method)authentication
- that was presented to the provider for validationuser
- that was loaded by the implementationpublic void setPasswordEncoder(PasswordEncoder passwordEncoder)
PasswordEncoderFactories.createDelegatingPasswordEncoder()
passwordEncoder
- must be an instance of one of the PasswordEncoder
types.protected PasswordEncoder getPasswordEncoder()
public void setUserDetailsService(UserDetailsService userDetailsService)
protected UserDetailsService getUserDetailsService()
public void setUserDetailsPasswordService(UserDetailsPasswordService userDetailsPasswordService)