Class DaoAuthenticationProvider
java.lang.Object
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
org.springframework.security.authentication.dao.DaoAuthenticationProvider
- All Implemented Interfaces:
org.springframework.beans.factory.Aware,org.springframework.beans.factory.InitializingBean,org.springframework.context.MessageSourceAware,AuthenticationProvider
An
AuthenticationProvider implementation that retrieves user details from a
UserDetailsService.-
Field Summary
Fields inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
hideUserNotFoundExceptions, logger, messages -
Constructor Summary
ConstructorsConstructorDescriptionDaoAuthenticationProvider(PasswordEncoder passwordEncoder) Creates a new instance using the providedPasswordEncoder -
Method Summary
Modifier and TypeMethodDescriptionprotected voidadditionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) Allows subclasses to perform any additional checks of a returned (or cached)UserDetailsfor a given authentication request.protected AuthenticationcreateSuccessAuthentication(Object principal, Authentication authentication, UserDetails user) Creates a successfulAuthenticationobject.protected voidprotected PasswordEncoderprotected UserDetailsServiceprotected final UserDetailsretrieveUser(String username, UsernamePasswordAuthenticationToken authentication) Allows subclasses to actually retrieve theUserDetailsfrom an implementation-specific location, with the option of throwing anAuthenticationExceptionimmediately if the presented credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in order to obtain or generate aUserDetails).voidsetCompromisedPasswordChecker(CompromisedPasswordChecker compromisedPasswordChecker) Sets theCompromisedPasswordCheckerto be used before creating a successful authentication.voidsetPasswordEncoder(PasswordEncoder passwordEncoder) Sets the PasswordEncoder instance to be used to encode and validate passwords.voidsetUserDetailsPasswordService(UserDetailsPasswordService userDetailsPasswordService) voidsetUserDetailsService(UserDetailsService userDetailsService) Methods inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
afterPropertiesSet, authenticate, getPostAuthenticationChecks, getPreAuthenticationChecks, getUserCache, isForcePrincipalAsString, isHideUserNotFoundExceptions, setAuthoritiesMapper, setForcePrincipalAsString, setHideUserNotFoundExceptions, setMessageSource, setPostAuthenticationChecks, setPreAuthenticationChecks, setUserCache, supports
-
Constructor Details
-
DaoAuthenticationProvider
public DaoAuthenticationProvider() -
DaoAuthenticationProvider
Creates a new instance using the providedPasswordEncoder- Parameters:
passwordEncoder- thePasswordEncoderto use. Cannot be null.- Since:
- 6.0.3
-
-
Method Details
-
additionalAuthenticationChecks
protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException Description copied from class:AbstractUserDetailsAuthenticationProviderAllows subclasses to perform any additional checks of a returned (or cached)UserDetailsfor a given authentication request. Generally a subclass will at least compare theAuthentication.getCredentials()with aUserDetails.getPassword(). If custom logic is needed to compare additional properties ofUserDetailsand/orUsernamePasswordAuthenticationToken, these should also appear in this method.- Specified by:
additionalAuthenticationChecksin classAbstractUserDetailsAuthenticationProvider- Parameters:
userDetails- as retrieved from theAbstractUserDetailsAuthenticationProvider.retrieveUser(String, UsernamePasswordAuthenticationToken)orUserCacheauthentication- the current request that needs to be authenticated- Throws:
AuthenticationException- AuthenticationException if the credentials could not be validated (generally aBadCredentialsException, anAuthenticationServiceException)
-
doAfterPropertiesSet
protected void doAfterPropertiesSet()- Overrides:
doAfterPropertiesSetin classAbstractUserDetailsAuthenticationProvider
-
retrieveUser
protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException Description copied from class:AbstractUserDetailsAuthenticationProviderAllows subclasses to actually retrieve theUserDetailsfrom an implementation-specific location, with the option of throwing anAuthenticationExceptionimmediately if the presented credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in order to obtain or generate aUserDetails).Subclasses are not required to perform any caching, as the
AbstractUserDetailsAuthenticationProviderwill by default cache theUserDetails. The caching ofUserDetailsdoes present additional complexity as this means subsequent requests that rely on the cache will need to still have their credentials validated, even if the correctness of credentials was assured by subclasses adopting a binding-based strategy in this method. Accordingly it is important that subclasses either disable caching (if they want to ensure that this method is the only method that is capable of authenticating a request, as noUserDetailswill ever be cached) or ensure subclasses implementAbstractUserDetailsAuthenticationProvider.additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken)to compare the credentials of a cachedUserDetailswith subsequent authentication requests.Most of the time subclasses will not perform credentials inspection in this method, instead performing it in
AbstractUserDetailsAuthenticationProvider.additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken)so that code related to credentials validation need not be duplicated across two methods.- Specified by:
retrieveUserin classAbstractUserDetailsAuthenticationProvider- Parameters:
username- The username to retrieveauthentication- The authentication request, which subclasses may need to perform a binding-based retrieval of theUserDetails- Returns:
- the user information (never
null- instead an exception should the thrown) - Throws:
AuthenticationException- if the credentials could not be validated (generally aBadCredentialsException, anAuthenticationServiceExceptionorUsernameNotFoundException)
-
createSuccessAuthentication
protected Authentication createSuccessAuthentication(Object principal, Authentication authentication, UserDetails user) Description copied from class:AbstractUserDetailsAuthenticationProviderCreates a successfulAuthenticationobject.Protected so subclasses can override.
Subclasses will usually store the original credentials the user supplied (not salted or encoded passwords) in the returned
Authenticationobject.- Overrides:
createSuccessAuthenticationin classAbstractUserDetailsAuthenticationProvider- Parameters:
principal- that should be the principal in the returned object (defined by theAbstractUserDetailsAuthenticationProvider.isForcePrincipalAsString()method)authentication- that was presented to the provider for validationuser- that was loaded by the implementation- Returns:
- the successful authentication token
-
setPasswordEncoder
Sets the PasswordEncoder instance to be used to encode and validate passwords. If not set, the password will be compared usingPasswordEncoderFactories.createDelegatingPasswordEncoder()- Parameters:
passwordEncoder- must be an instance of one of thePasswordEncodertypes.
-
getPasswordEncoder
-
setUserDetailsService
-
getUserDetailsService
-
setUserDetailsPasswordService
-
setCompromisedPasswordChecker
Sets theCompromisedPasswordCheckerto be used before creating a successful authentication. Defaults tonull.- Parameters:
compromisedPasswordChecker- theCompromisedPasswordCheckerto use- Since:
- 6.3
-