Package org.springframework.security.web.authentication.preauth.j2ee

Class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource

java.lang.Object
org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean, AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>
public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends Object implements AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>, org.springframework.beans.factory.InitializingBean
Implementation of AuthenticationDetailsSource which converts the user's J2EE roles (as obtained by calling HttpServletRequest.isUserInRole(String)) into GrantedAuthoritys and stores these in the authentication details object.
Since:
2.0

  • Field Details

    • logger

      protected final org.apache.commons.logging.Log logger

    • j2eeMappableRoles

      protected Set<String> j2eeMappableRoles
      The role attributes returned by the configured MappableAttributesRetriever

    • j2eeUserRoles2GrantedAuthoritiesMapper

      protected Attributes2GrantedAuthoritiesMapper j2eeUserRoles2GrantedAuthoritiesMapper

  • Constructor Details

    • J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource

      public J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource()

  • Method Details

    • afterPropertiesSet

      public void afterPropertiesSet()
      Check that all required properties have been set.
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

    • getUserRoles

      protected Collection<String> getUserRoles(jakarta.servlet.http.HttpServletRequest request)
      Obtains the list of user roles based on the current user's JEE roles. The HttpServletRequest.isUserInRole(String) method is called for each of the values in the j2eeMappableRoles set to determine if that role should be assigned to the user.
      Parameters:
      request - the request which should be used to extract the user's roles.
      Returns:
      The subset of j2eeMappableRoles which applies to the current user making the request.

    • buildDetails

      public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails buildDetails(jakarta.servlet.http.HttpServletRequest context)
      Builds the authentication details object.
      Specified by:
      buildDetails in interface AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>
      Parameters:
      context - the request object, which may be used by the authentication details object
      Returns:
      a fully-configured authentication details instance
      See Also:

    • setMappableRolesRetriever

      public void setMappableRolesRetriever(MappableAttributesRetriever aJ2eeMappableRolesRetriever)
      Parameters:
      aJ2eeMappableRolesRetriever - The MappableAttributesRetriever to use

    • setUserRoles2GrantedAuthoritiesMapper

      public void setUserRoles2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper mapper)
      Parameters:
      mapper - The Attributes2GrantedAuthoritiesMapper to use