Class AbstractJaasAuthenticationProvider
- All Implemented Interfaces:
EventListener
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.ApplicationListener<SessionDestroyedEvent>
,AuthenticationProvider
- Direct Known Subclasses:
DefaultJaasAuthenticationProvider
,JaasAuthenticationProvider
AuthenticationProvider
implementation that retrieves user details from a
JAAS login configuration.
This AuthenticationProvider
is capable of validating
UsernamePasswordAuthenticationToken
requests contain the correct username and password.
This implementation is backed by a
JAAS configuration that is provided by a subclass's implementation of
createLoginContext(CallbackHandler)
.
When using JAAS login modules as the authentication source, sometimes the LoginContext will require CallbackHandlers. The
AbstractJaasAuthenticationProvider uses an internal CallbackHandler to wrap the JaasAuthenticationCallbackHandler
s configured
in the ApplicationContext. When the LoginContext calls the internal CallbackHandler,
control is passed to each JaasAuthenticationCallbackHandler
for each Callback
passed.
JaasAuthenticationCallbackHandler
s are passed to the
AbstractJaasAuthenticationProvider through the
callbackHandlers
property.
<property name="callbackHandlers"> <list> <bean class="org.springframework.security.authentication.jaas.TestCallbackHandler"/> <bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler
"/> <bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler
"/> </list> </property>
After calling LoginContext.login(), the AbstractJaasAuthenticationProvider will
retrieve the returned Principals from the Subject
(LoginContext.getSubject().getPrincipals). Each returned principal is then passed to
the configured AuthorityGranter
s. An AuthorityGranter is a mapping between a
returned Principal, and a role name. If an AuthorityGranter wishes to grant an
Authorization a role, it returns that role name from it's
AuthorityGranter.grant(java.security.Principal)
method. The returned role will
be applied to the Authorization object as a GrantedAuthority
.
AuthorityGranters are configured in spring xml as follows...
<property name="authorityGranters"> <list> <bean class="org.springframework.security.authentication.jaas.TestAuthorityGranter"/> </list> </property>
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
Validates the required properties are set.authenticate
(Authentication auth) Attempts to login the user given the Authentication objects principal and credentialprotected abstract LoginContext
createLoginContext
(CallbackHandler handler) Creates the LoginContext to be used for authentication.protected org.springframework.context.ApplicationEventPublisher
protected void
Handles the logout by getting the security contexts for the destroyed session and invokingLoginContext.logout()
for any which contain aJaasAuthenticationToken
.void
protected void
Publishes theJaasAuthenticationFailedEvent
.protected void
Publishes theJaasAuthenticationSuccessEvent
.void
setApplicationEventPublisher
(org.springframework.context.ApplicationEventPublisher applicationEventPublisher) void
setAuthorityGranters
(AuthorityGranter[] authorityGranters) Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.void
setCallbackHandlers
(JaasAuthenticationCallbackHandler[] callbackHandlers) Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the LoginContext.login method.void
setLoginContextName
(String loginContextName) Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property.void
setLoginExceptionResolver
(LoginExceptionResolver loginExceptionResolver) boolean
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.
-
Field Details
-
log
protected final org.apache.commons.logging.Log log
-
-
Constructor Details
-
AbstractJaasAuthenticationProvider
public AbstractJaasAuthenticationProvider()
-
-
Method Details
-
afterPropertiesSet
Validates the required properties are set. In addition, ifsetCallbackHandlers(JaasAuthenticationCallbackHandler[])
has not been called with valid handlers, initializes to useJaasNameCallbackHandler
andJaasPasswordCallbackHandler
.- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
- Throws:
Exception
-
authenticate
Attempts to login the user given the Authentication objects principal and credential- Specified by:
authenticate
in interfaceAuthenticationProvider
- Parameters:
auth
- The Authentication object to be authenticated.- Returns:
- The authenticated Authentication object, with it's grantedAuthorities set.
- Throws:
AuthenticationException
- This implementation does not handle 'locked' or 'disabled' accounts. This method only throws a AuthenticationServiceException, with the message of the LoginException that will be thrown, should the loginContext.login() method fail.
-
createLoginContext
Creates the LoginContext to be used for authentication.- Parameters:
handler
- The CallbackHandler that should be used for the LoginContext (nevernull
).- Returns:
- the LoginContext to use for authentication.
- Throws:
LoginException
-
handleLogout
Handles the logout by getting the security contexts for the destroyed session and invokingLoginContext.logout()
for any which contain aJaasAuthenticationToken
.- Parameters:
event
- the session event which contains the current session
-
onApplicationEvent
- Specified by:
onApplicationEvent
in interfaceorg.springframework.context.ApplicationListener<SessionDestroyedEvent>
-
publishFailureEvent
protected void publishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase) Publishes theJaasAuthenticationFailedEvent
. Can be overridden by subclasses for different functionality- Parameters:
token
- The authentication token being processedase
- The exception that caused the authentication failure
-
publishSuccessEvent
Publishes theJaasAuthenticationSuccessEvent
. Can be overridden by subclasses for different functionality.- Parameters:
token
- The token being processed
-
setAuthorityGranters
Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.- Parameters:
authorityGranters
- AuthorityGranter array- See Also:
-
setCallbackHandlers
Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the LoginContext.login method.- Parameters:
callbackHandlers
- Array of JAASAuthenticationCallbackHandlers
-
setLoginContextName
Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property.- Parameters:
loginContextName
-
-
setLoginExceptionResolver
-
supports
Description copied from interface:AuthenticationProvider
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.Returning
true
does not guarantee anAuthenticationProvider
will be able to authenticate the presented instance of theAuthentication
class. It simply indicates it can support closer evaluation of it. AnAuthenticationProvider
can still returnnull
from theAuthenticationProvider.authenticate(Authentication)
method to indicate anotherAuthenticationProvider
should be tried.Selection of an
AuthenticationProvider
capable of performing authentication is conducted at runtime theProviderManager
.- Specified by:
supports
in interfaceAuthenticationProvider
- Returns:
true
if the implementation can more closely evaluate theAuthentication
class presented
-
setApplicationEventPublisher
public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher) - Specified by:
setApplicationEventPublisher
in interfaceorg.springframework.context.ApplicationEventPublisherAware
-
getApplicationEventPublisher
protected org.springframework.context.ApplicationEventPublisher getApplicationEventPublisher()
-