Class OpenIDAuthenticationProvider
- java.lang.Object
-
- org.springframework.security.openid.OpenIDAuthenticationProvider
-
- All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean
,AuthenticationProvider
public class OpenIDAuthenticationProvider extends java.lang.Object implements AuthenticationProvider, org.springframework.beans.factory.InitializingBean
Finalises the OpenID authentication by obtaining local authorities for the authenticated user.The authorities are obtained by calling the configured
UserDetailsService
. TheUserDetails
it returns must, at minimum, contain the username andGrantedAuthority
objects applicable to the authenticated user. Note that by default, Spring Security ignores the password and enabled/disabled status of theUserDetails
because this is authentication-related and should have been enforced by another provider server.The
UserDetails
returned by implementations is stored in the generatedAuthentication
token, so additional properties such as email addresses, telephone numbers etc can easily be stored.
-
-
Constructor Summary
Constructors Constructor Description OpenIDAuthenticationProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
afterPropertiesSet()
Authentication
authenticate(Authentication authentication)
Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication)
.protected Authentication
createSuccessfulAuthentication(UserDetails userDetails, OpenIDAuthenticationToken auth)
Handles the creation of the final Authentication object which will be returned by the provider.void
setAuthenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken> userDetailsService)
Used to load theUserDetails
for the authenticated OpenID user.void
setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
void
setUserDetailsService(UserDetailsService userDetailsService)
Used to load theUserDetails
for the authenticated OpenID user.boolean
supports(java.lang.Class<?> authentication)
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.
-
-
-
Method Detail
-
afterPropertiesSet
public void afterPropertiesSet()
- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
-
authenticate
public Authentication authenticate(Authentication authentication) throws AuthenticationException
Description copied from interface:AuthenticationProvider
Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication)
.- Specified by:
authenticate
in interfaceAuthenticationProvider
- Parameters:
authentication
- the authentication request object.- Returns:
- a fully authenticated object including credentials. May return
null
if theAuthenticationProvider
is unable to support authentication of the passedAuthentication
object. In such a case, the nextAuthenticationProvider
that supports the presentedAuthentication
class will be tried. - Throws:
AuthenticationException
- if authentication fails.
-
createSuccessfulAuthentication
protected Authentication createSuccessfulAuthentication(UserDetails userDetails, OpenIDAuthenticationToken auth)
Handles the creation of the final Authentication object which will be returned by the provider.The default implementation just creates a new OpenIDAuthenticationToken from the original, but with the UserDetails as the principal and including the authorities loaded by the UserDetailsService.
- Parameters:
userDetails
- the loaded UserDetails objectauth
- the token passed to the authenticate method, containing- Returns:
- the token which will represent the authenticated user.
-
setUserDetailsService
public void setUserDetailsService(UserDetailsService userDetailsService)
Used to load theUserDetails
for the authenticated OpenID user.
-
setAuthenticationUserDetailsService
public void setAuthenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken> userDetailsService)
Used to load theUserDetails
for the authenticated OpenID user.
-
supports
public boolean supports(java.lang.Class<?> authentication)
Description copied from interface:AuthenticationProvider
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.Returning
true
does not guarantee anAuthenticationProvider
will be able to authenticate the presented instance of theAuthentication
class. It simply indicates it can support closer evaluation of it. AnAuthenticationProvider
can still returnnull
from theAuthenticationProvider.authenticate(Authentication)
method to indicate anotherAuthenticationProvider
should be tried.Selection of an
AuthenticationProvider
capable of performing authentication is conducted at runtime theProviderManager
.- Specified by:
supports
in interfaceAuthenticationProvider
- Returns:
true
if the implementation can more closely evaluate theAuthentication
class presented
-
setAuthoritiesMapper
public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
-
-