Class AbstractJaasAuthenticationProvider
- java.lang.Object
-
- org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
-
- All Implemented Interfaces:
java.util.EventListener,org.springframework.beans.factory.Aware,org.springframework.beans.factory.InitializingBean,org.springframework.context.ApplicationEventPublisherAware,org.springframework.context.ApplicationListener<SessionDestroyedEvent>,AuthenticationProvider
- Direct Known Subclasses:
DefaultJaasAuthenticationProvider,JaasAuthenticationProvider
public abstract class AbstractJaasAuthenticationProvider extends java.lang.Object implements AuthenticationProvider, org.springframework.context.ApplicationEventPublisherAware, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationListener<SessionDestroyedEvent>
AnAuthenticationProviderimplementation that retrieves user details from a JAAS login configuration.This
AuthenticationProvideris capable of validatingUsernamePasswordAuthenticationTokenrequests contain the correct username and password.This implementation is backed by a JAAS configuration that is provided by a subclass's implementation of
createLoginContext(CallbackHandler).When using JAAS login modules as the authentication source, sometimes the LoginContext will require CallbackHandlers. The AbstractJaasAuthenticationProvider uses an internal CallbackHandler to wrap the
JaasAuthenticationCallbackHandlers configured in the ApplicationContext. When the LoginContext calls the internal CallbackHandler, control is passed to eachJaasAuthenticationCallbackHandlerfor each Callback passed.JaasAuthenticationCallbackHandlers are passed to the AbstractJaasAuthenticationProvider through thecallbackHandlersproperty.<property name="callbackHandlers"> <list> <bean class="org.springframework.security.authentication.jaas.TestCallbackHandler"/> <bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler"/> <bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler"/> </list> </property>After calling LoginContext.login(), the AbstractJaasAuthenticationProvider will retrieve the returned Principals from the Subject (LoginContext.getSubject().getPrincipals). Each returned principal is then passed to the configured
AuthorityGranters. An AuthorityGranter is a mapping between a returned Principal, and a role name. If an AuthorityGranter wishes to grant an Authorization a role, it returns that role name from it'sAuthorityGranter.grant(java.security.Principal)method. The returned role will be applied to the Authorization object as aGrantedAuthority.AuthorityGranters are configured in spring xml as follows...
<property name="authorityGranters"> <list> <bean class="org.springframework.security.authentication.jaas.TestAuthorityGranter"/> </list> </property>
-
-
Field Summary
Fields Modifier and Type Field Description protected org.apache.commons.logging.Loglog
-
Constructor Summary
Constructors Constructor Description AbstractJaasAuthenticationProvider()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description voidafterPropertiesSet()Validates the required properties are set.Authenticationauthenticate(Authentication auth)Attempts to login the user given the Authentication objects principal and credentialprotected abstract javax.security.auth.login.LoginContextcreateLoginContext(javax.security.auth.callback.CallbackHandler handler)Creates the LoginContext to be used for authentication.protected org.springframework.context.ApplicationEventPublishergetApplicationEventPublisher()protected voidhandleLogout(SessionDestroyedEvent event)Handles the logout by getting the security contexts for the destroyed session and invokingLoginContext.logout()for any which contain aJaasAuthenticationToken.voidonApplicationEvent(SessionDestroyedEvent event)protected voidpublishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase)Publishes theJaasAuthenticationFailedEvent.protected voidpublishSuccessEvent(UsernamePasswordAuthenticationToken token)Publishes theJaasAuthenticationSuccessEvent.voidsetApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)voidsetAuthorityGranters(AuthorityGranter[] authorityGranters)Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.voidsetCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers)Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the LoginContext.login method.voidsetLoginContextName(java.lang.String loginContextName)Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property.voidsetLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver)booleansupports(java.lang.Class<?> aClass)Returnstrueif thisAuthenticationProvidersupports the indicatedAuthenticationobject.
-
-
-
Method Detail
-
afterPropertiesSet
public void afterPropertiesSet() throws java.lang.ExceptionValidates the required properties are set. In addition, ifsetCallbackHandlers(JaasAuthenticationCallbackHandler[])has not been called with valid handlers, initializes to useJaasNameCallbackHandlerandJaasPasswordCallbackHandler.- Specified by:
afterPropertiesSetin interfaceorg.springframework.beans.factory.InitializingBean- Throws:
java.lang.Exception
-
authenticate
public Authentication authenticate(Authentication auth) throws AuthenticationException
Attempts to login the user given the Authentication objects principal and credential- Specified by:
authenticatein interfaceAuthenticationProvider- Parameters:
auth- The Authentication object to be authenticated.- Returns:
- The authenticated Authentication object, with it's grantedAuthorities set.
- Throws:
AuthenticationException- This implementation does not handle 'locked' or 'disabled' accounts. This method only throws a AuthenticationServiceException, with the message of the LoginException that will be thrown, should the loginContext.login() method fail.
-
createLoginContext
protected abstract javax.security.auth.login.LoginContext createLoginContext(javax.security.auth.callback.CallbackHandler handler) throws javax.security.auth.login.LoginExceptionCreates the LoginContext to be used for authentication.- Parameters:
handler- The CallbackHandler that should be used for the LoginContext (nevernull).- Returns:
- the LoginContext to use for authentication.
- Throws:
javax.security.auth.login.LoginException
-
handleLogout
protected void handleLogout(SessionDestroyedEvent event)
Handles the logout by getting the security contexts for the destroyed session and invokingLoginContext.logout()for any which contain aJaasAuthenticationToken.- Parameters:
event- the session event which contains the current session
-
onApplicationEvent
public void onApplicationEvent(SessionDestroyedEvent event)
- Specified by:
onApplicationEventin interfaceorg.springframework.context.ApplicationListener<SessionDestroyedEvent>
-
publishFailureEvent
protected void publishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase)
Publishes theJaasAuthenticationFailedEvent. Can be overridden by subclasses for different functionality- Parameters:
token- The authentication token being processedase- The exception that caused the authentication failure
-
publishSuccessEvent
protected void publishSuccessEvent(UsernamePasswordAuthenticationToken token)
Publishes theJaasAuthenticationSuccessEvent. Can be overridden by subclasses for different functionality.- Parameters:
token- The token being processed
-
setAuthorityGranters
public void setAuthorityGranters(AuthorityGranter[] authorityGranters)
Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.- Parameters:
authorityGranters- AuthorityGranter array- See Also:
JaasAuthenticationProvider
-
setCallbackHandlers
public void setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers)
Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the LoginContext.login method.- Parameters:
callbackHandlers- Array of JAASAuthenticationCallbackHandlers
-
setLoginContextName
public void setLoginContextName(java.lang.String loginContextName)
Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property.- Parameters:
loginContextName-
-
setLoginExceptionResolver
public void setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver)
-
supports
public boolean supports(java.lang.Class<?> aClass)
Description copied from interface:AuthenticationProviderReturnstrueif thisAuthenticationProvidersupports the indicatedAuthenticationobject.Returning
truedoes not guarantee anAuthenticationProviderwill be able to authenticate the presented instance of theAuthenticationclass. It simply indicates it can support closer evaluation of it. AnAuthenticationProvidercan still returnnullfrom theAuthenticationProvider.authenticate(Authentication)method to indicate anotherAuthenticationProvidershould be tried.Selection of an
AuthenticationProvidercapable of performing authentication is conducted at runtime theProviderManager.- Specified by:
supportsin interfaceAuthenticationProvider- Returns:
trueif the implementation can more closely evaluate theAuthenticationclass presented
-
setApplicationEventPublisher
public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)
- Specified by:
setApplicationEventPublisherin interfaceorg.springframework.context.ApplicationEventPublisherAware
-
getApplicationEventPublisher
protected org.springframework.context.ApplicationEventPublisher getApplicationEventPublisher()
-
-