public class OpenIDAuthenticationProvider extends java.lang.Object implements AuthenticationProvider, org.springframework.beans.factory.InitializingBean
The authorities are obtained by calling the configured UserDetailsService. The
UserDetails it returns must, at minimum, contain the username and
GrantedAuthority objects applicable to the authenticated user. Note that by
default, Spring Security ignores the password and enabled/disabled status of the
UserDetails because this is authentication-related and should have been
enforced by another provider server.
The UserDetails returned by implementations is stored in the generated
Authentication token, so additional properties such as email addresses,
telephone numbers etc can easily be stored.
| Constructor and Description |
|---|
OpenIDAuthenticationProvider() |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
Authentication |
authenticate(Authentication authentication)
Performs authentication with the same contract as
AuthenticationManager.authenticate(Authentication)
. |
protected Authentication |
createSuccessfulAuthentication(UserDetails userDetails,
OpenIDAuthenticationToken auth)
Handles the creation of the final Authentication object which will be
returned by the provider.
|
void |
setAuthenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken> userDetailsService)
Used to load the
UserDetails for the authenticated OpenID user. |
void |
setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) |
void |
setUserDetailsService(UserDetailsService userDetailsService)
Used to load the
UserDetails for the authenticated OpenID user. |
boolean |
supports(java.lang.Class<?> authentication)
Returns
true if this AuthenticationProvider supports the
indicated Authentication object. |
public void afterPropertiesSet()
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBeanpublic Authentication authenticate(Authentication authentication) throws AuthenticationException
AuthenticationProviderAuthenticationManager.authenticate(Authentication)
.authenticate in interface AuthenticationProviderauthentication - the authentication request object.null if the AuthenticationProvider is unable to support
authentication of the passed Authentication object. In such a case,
the next AuthenticationProvider that supports the presented
Authentication class will be tried.AuthenticationException - if authentication fails.protected Authentication createSuccessfulAuthentication(UserDetails userDetails, OpenIDAuthenticationToken auth)
The default implementation just creates a new OpenIDAuthenticationToken from the original, but with the UserDetails as the principal and including the authorities loaded by the UserDetailsService.
userDetails - the loaded UserDetails objectauth - the token passed to the authenticate method, containingpublic void setUserDetailsService(UserDetailsService userDetailsService)
UserDetails for the authenticated OpenID user.public void setAuthenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken> userDetailsService)
UserDetails for the authenticated OpenID user.public boolean supports(java.lang.Class<?> authentication)
AuthenticationProvidertrue if this AuthenticationProvider supports the
indicated Authentication object.
Returning true does not guarantee an
AuthenticationProvider will be able to authenticate the presented
instance of the Authentication class. It simply indicates it can
support closer evaluation of it. An AuthenticationProvider can still
return null from the AuthenticationProvider.authenticate(Authentication) method to
indicate another AuthenticationProvider should be tried.
Selection of an AuthenticationProvider capable of performing
authentication is conducted at runtime the ProviderManager.
supports in interface AuthenticationProvidertrue if the implementation can more closely evaluate the
Authentication class presentedpublic void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)