Class AbstractLdapAuthenticationProvider
- java.lang.Object
-
- org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
-
- All Implemented Interfaces:
org.springframework.beans.factory.Aware
,org.springframework.context.MessageSourceAware
,AuthenticationProvider
- Direct Known Subclasses:
ActiveDirectoryLdapAuthenticationProvider
,LdapAuthenticationProvider
public abstract class AbstractLdapAuthenticationProvider extends java.lang.Object implements AuthenticationProvider, org.springframework.context.MessageSourceAware
Base class for the standardLdapAuthenticationProvider
and theActiveDirectoryLdapAuthenticationProvider
.- Since:
- 3.1
-
-
Field Summary
Fields Modifier and Type Field Description protected org.apache.commons.logging.Log
logger
protected org.springframework.context.support.MessageSourceAccessor
messages
protected UserDetailsContextMapper
userDetailsContextMapper
-
Constructor Summary
Constructors Constructor Description AbstractLdapAuthenticationProvider()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description Authentication
authenticate(Authentication authentication)
Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication)
.protected Authentication
createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication, UserDetails user)
Creates the finalAuthentication
object which will be returned from theauthenticate
method.protected abstract org.springframework.ldap.core.DirContextOperations
doAuthentication(UsernamePasswordAuthenticationToken auth)
protected UserDetailsContextMapper
getUserDetailsContextMapper()
Provides access to the injectedUserDetailsContextMapper
strategy for use by subclasses.protected abstract java.util.Collection<? extends GrantedAuthority>
loadUserAuthorities(org.springframework.ldap.core.DirContextOperations userData, java.lang.String username, java.lang.String password)
void
setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
void
setMessageSource(org.springframework.context.MessageSource messageSource)
void
setUseAuthenticationRequestCredentials(boolean useAuthenticationRequestCredentials)
Determines whether the supplied password will be used as the credentials in the successful authentication token.void
setUserDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper)
Allows a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication returned by thecreateSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails)
method.boolean
supports(java.lang.Class<?> authentication)
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.
-
-
-
Field Detail
-
logger
protected final org.apache.commons.logging.Log logger
-
messages
protected org.springframework.context.support.MessageSourceAccessor messages
-
userDetailsContextMapper
protected UserDetailsContextMapper userDetailsContextMapper
-
-
Method Detail
-
authenticate
public Authentication authenticate(Authentication authentication) throws AuthenticationException
Description copied from interface:AuthenticationProvider
Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication)
.- Specified by:
authenticate
in interfaceAuthenticationProvider
- Parameters:
authentication
- the authentication request object.- Returns:
- a fully authenticated object including credentials. May return
null
if theAuthenticationProvider
is unable to support authentication of the passedAuthentication
object. In such a case, the nextAuthenticationProvider
that supports the presentedAuthentication
class will be tried. - Throws:
AuthenticationException
- if authentication fails.
-
doAuthentication
protected abstract org.springframework.ldap.core.DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken auth)
-
loadUserAuthorities
protected abstract java.util.Collection<? extends GrantedAuthority> loadUserAuthorities(org.springframework.ldap.core.DirContextOperations userData, java.lang.String username, java.lang.String password)
-
createSuccessfulAuthentication
protected Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication, UserDetails user)
Creates the finalAuthentication
object which will be returned from theauthenticate
method.- Parameters:
authentication
- the original authentication request tokenuser
- the UserDetails instance returned by the configured UserDetailsContextMapper.- Returns:
- the Authentication object for the fully authenticated user.
-
supports
public boolean supports(java.lang.Class<?> authentication)
Description copied from interface:AuthenticationProvider
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.Returning
true
does not guarantee anAuthenticationProvider
will be able to authenticate the presented instance of theAuthentication
class. It simply indicates it can support closer evaluation of it. AnAuthenticationProvider
can still returnnull
from theAuthenticationProvider.authenticate(Authentication)
method to indicate anotherAuthenticationProvider
should be tried.Selection of an
AuthenticationProvider
capable of performing authentication is conducted at runtime theProviderManager
.- Specified by:
supports
in interfaceAuthenticationProvider
- Returns:
true
if the implementation can more closely evaluate theAuthentication
class presented
-
setUseAuthenticationRequestCredentials
public void setUseAuthenticationRequestCredentials(boolean useAuthenticationRequestCredentials)
Determines whether the supplied password will be used as the credentials in the successful authentication token. If set to false, then the password will be obtained from the UserDetails object created by the configuredUserDetailsContextMapper
. Often it will not be possible to read the password from the directory, so defaults to true.- Parameters:
useAuthenticationRequestCredentials
-
-
setMessageSource
public void setMessageSource(org.springframework.context.MessageSource messageSource)
- Specified by:
setMessageSource
in interfaceorg.springframework.context.MessageSourceAware
-
setAuthoritiesMapper
public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
-
setUserDetailsContextMapper
public void setUserDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper)
Allows a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication returned by thecreateSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails)
method.- Parameters:
userDetailsContextMapper
- the strategy instance. If not set, defaults to a simple LdapUserDetailsMapper.
-
getUserDetailsContextMapper
protected UserDetailsContextMapper getUserDetailsContextMapper()
Provides access to the injectedUserDetailsContextMapper
strategy for use by subclasses.
-
-