Class AbstractLdapAuthenticationProvider

java.lang.Object
org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
All Implemented Interfaces:
org.springframework.beans.factory.Aware, org.springframework.context.MessageSourceAware, AuthenticationProvider
Direct Known Subclasses:
ActiveDirectoryLdapAuthenticationProvider, LdapAuthenticationProvider

public abstract class AbstractLdapAuthenticationProvider extends Object implements AuthenticationProvider, org.springframework.context.MessageSourceAware
Base class for the standard LdapAuthenticationProvider and the ActiveDirectoryLdapAuthenticationProvider.
Since:
3.1
  • Field Details

    • logger

      protected final org.apache.commons.logging.Log logger
    • messages

      protected org.springframework.context.support.MessageSourceAccessor messages
    • userDetailsContextMapper

      protected UserDetailsContextMapper userDetailsContextMapper
  • Constructor Details

    • AbstractLdapAuthenticationProvider

      public AbstractLdapAuthenticationProvider()
  • Method Details

    • authenticate

      public Authentication authenticate(Authentication authentication) throws AuthenticationException
      Description copied from interface: AuthenticationProvider
      Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication) .
      Specified by:
      authenticate in interface AuthenticationProvider
      Parameters:
      authentication - the authentication request object.
      Returns:
      a fully authenticated object including credentials. May return null if the AuthenticationProvider is unable to support authentication of the passed Authentication object. In such a case, the next AuthenticationProvider that supports the presented Authentication class will be tried.
      Throws:
      AuthenticationException - if authentication fails.
    • doAuthentication

      protected abstract org.springframework.ldap.core.DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken auth)
    • loadUserAuthorities

      protected abstract Collection<? extends GrantedAuthority> loadUserAuthorities(org.springframework.ldap.core.DirContextOperations userData, String username, String password)
    • createSuccessfulAuthentication

      protected Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication, UserDetails user)
      Creates the final Authentication object which will be returned from the authenticate method.
      Parameters:
      authentication - the original authentication request token
      user - the UserDetails instance returned by the configured UserDetailsContextMapper.
      Returns:
      the Authentication object for the fully authenticated user.
    • supports

      public boolean supports(Class<?> authentication)
      Description copied from interface: AuthenticationProvider
      Returns true if this AuthenticationProvider supports the indicated Authentication object.

      Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented Authentication object. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the AuthenticationProvider.authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.

      Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

      Specified by:
      supports in interface AuthenticationProvider
      Returns:
      true if the implementation can more closely evaluate the Authentication class presented
    • setUseAuthenticationRequestCredentials

      public void setUseAuthenticationRequestCredentials(boolean useAuthenticationRequestCredentials)
      Determines whether the supplied password will be used as the credentials in the successful authentication token. If set to false, then the password will be obtained from the UserDetails object created by the configured UserDetailsContextMapper. Often it will not be possible to read the password from the directory, so defaults to true.
      Parameters:
      useAuthenticationRequestCredentials - whether to use the credentials in the authentication request
    • setMessageSource

      public void setMessageSource(@NonNull org.springframework.context.MessageSource messageSource)
      Specified by:
      setMessageSource in interface org.springframework.context.MessageSourceAware
    • setAuthoritiesMapper

      public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
      Sets the GrantedAuthoritiesMapper used for converting the authorities loaded from storage to a new set of authorities which will be associated to the UsernamePasswordAuthenticationToken. If not set, defaults to a NullAuthoritiesMapper.
      Parameters:
      authoritiesMapper - the GrantedAuthoritiesMapper used for mapping the user's authorities
    • setUserDetailsContextMapper

      public void setUserDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper)
      Allows a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication returned by the createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails) method.
      Parameters:
      userDetailsContextMapper - the strategy instance. If not set, defaults to a simple LdapUserDetailsMapper.
    • getUserDetailsContextMapper

      protected UserDetailsContextMapper getUserDetailsContextMapper()
      Provides access to the injected UserDetailsContextMapper strategy for use by subclasses.