Package org.springframework.security.authentication.jaas

Class DefaultJaasAuthenticationProvider

java.lang.Object

org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider

All Implemented Interfaces:

EventListener, org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.ApplicationListener<SessionDestroyedEvent>, AuthenticationProvider

public class DefaultJaasAuthenticationProvider
extends AbstractJaasAuthenticationProvider

Creates a LoginContext using the Configuration provided to it. This allows the configuration to be injected regardless of the value of Configuration.getConfiguration().

While not bound to any particular Configuration implementation, an in memory version of a JAAS configuration can be represented using InMemoryConfiguration.

The following JAAS configuration:

 SPRINGSECURITY {
    sample.SampleLoginModule required;
  };
 

Can be represented as follows:

 <bean id="jaasAuthProvider" class="org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider">
   <property name="configuration">
     <bean class="org.springframework.security.authentication.jaas.memory.InMemoryConfiguration">
       <constructor-arg>
         <map>
           <!-- SPRINGSECURITY is the default loginContextName for AbstractJaasAuthenticationProvider-->
           <entry key="SPRINGSECURITY">
             <array>
               <bean class="javax.security.auth.login.AppConfigurationEntry">
                 <constructor-arg value="sample.SampleLoginModule" />
                 <constructor-arg>
                   <util:constant static-field="javax.security.auth.login.AppConfigurationEntry$LoginModuleControlFlag.REQUIRED" />
                 </constructor-arg>
                 <constructor-arg>
                   <map></map>
                 </constructor-arg>
               </bean>
             </array>
           </entry>
         </map>
       </constructor-arg>
     </bean>
   </property>
   <property name="authorityGranters">
     <list>
       <!-- You will need to write your own implementation of AuthorityGranter -->
       <bean class="org.springframework.security.authentication.jaas.TestAuthorityGranter"/>
     </list>
   </property>
 </bean>
 

See Also:

• AbstractJaasAuthenticationProvider
• InMemoryConfiguration

Field Summary

Fields inherited from class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

log

Constructor Summary

Constructors

Constructor	Description
DefaultJaasAuthenticationProvider()

Method Summary

Modifier and Type	Method	Description
void	afterPropertiesSet()	Validates the required properties are set.
protected LoginContext	createLoginContext(CallbackHandler handler)	Creates a LoginContext using the Configuration that was specified in setConfiguration(Configuration).
protected Configuration	getConfiguration()
void	setConfiguration(Configuration configuration)	Sets the Configuration to use for Authentication.

Methods inherited from class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

authenticate, getApplicationEventPublisher, handleLogout, onApplicationEvent, publishFailureEvent, publishSuccessEvent, setApplicationEventPublisher, setAuthorityGranters, setCallbackHandlers, setLoginContextName, setLoginExceptionResolver, supports

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.context.ApplicationListener

supportsAsyncExecution

Constructor Details

DefaultJaasAuthenticationProvider

public DefaultJaasAuthenticationProvider()

Method Details

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Description copied from class: AbstractJaasAuthenticationProvider

Validates the required properties are set. In addition, if AbstractJaasAuthenticationProvider.setCallbackHandlers(JaasAuthenticationCallbackHandler[]) has not been called with valid handlers, initializes to use JaasNameCallbackHandler and JaasPasswordCallbackHandler.

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Overrides:

afterPropertiesSet in class AbstractJaasAuthenticationProvider

Throws:

Exception

createLoginContext

protected LoginContext createLoginContext(CallbackHandler handler)
                                   throws LoginException

Creates a LoginContext using the Configuration that was specified in setConfiguration(Configuration).

Specified by:

createLoginContext in class AbstractJaasAuthenticationProvider

Parameters:

handler - The CallbackHandler that should be used for the LoginContext (never null).

Returns:

the LoginContext to use for authentication.

Throws:

LoginException

getConfiguration

protected Configuration getConfiguration()

setConfiguration

public void setConfiguration(Configuration configuration)

Sets the Configuration to use for Authentication.

Parameters:

configuration - the Configuration that is used when createLoginContext(CallbackHandler) is called.