Class AbstractLdapAuthenticationProvider
java.lang.Object
org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
- All Implemented Interfaces:
org.springframework.beans.factory.Aware
,org.springframework.context.MessageSourceAware
,AuthenticationProvider
- Direct Known Subclasses:
ActiveDirectoryLdapAuthenticationProvider
,LdapAuthenticationProvider
public abstract class AbstractLdapAuthenticationProvider
extends Object
implements AuthenticationProvider, org.springframework.context.MessageSourceAware
Base class for the standard
LdapAuthenticationProvider
and the
ActiveDirectoryLdapAuthenticationProvider
.- Since:
- 3.1
-
Field Summary
Modifier and TypeFieldDescriptionprotected final org.apache.commons.logging.Log
protected org.springframework.context.support.MessageSourceAccessor
protected UserDetailsContextMapper
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionauthenticate
(Authentication authentication) Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication)
.protected Authentication
createSuccessfulAuthentication
(UsernamePasswordAuthenticationToken authentication, UserDetails user) Creates the finalAuthentication
object which will be returned from theauthenticate
method.protected abstract org.springframework.ldap.core.DirContextOperations
protected UserDetailsContextMapper
Provides access to the injectedUserDetailsContextMapper
strategy for use by subclasses.protected abstract Collection<? extends GrantedAuthority>
loadUserAuthorities
(org.springframework.ldap.core.DirContextOperations userData, String username, String password) void
setAuthoritiesMapper
(GrantedAuthoritiesMapper authoritiesMapper) Sets theGrantedAuthoritiesMapper
used for converting the authorities loaded from storage to a new set of authorities which will be associated to theUsernamePasswordAuthenticationToken
.void
setMessageSource
(org.springframework.context.MessageSource messageSource) void
setUseAuthenticationRequestCredentials
(boolean useAuthenticationRequestCredentials) Determines whether the supplied password will be used as the credentials in the successful authentication token.void
setUserDetailsContextMapper
(UserDetailsContextMapper userDetailsContextMapper) Allows a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication returned by thecreateSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails)
method.boolean
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.
-
Field Details
-
logger
protected final org.apache.commons.logging.Log logger -
messages
protected org.springframework.context.support.MessageSourceAccessor messages -
userDetailsContextMapper
-
-
Constructor Details
-
AbstractLdapAuthenticationProvider
public AbstractLdapAuthenticationProvider()
-
-
Method Details
-
authenticate
Description copied from interface:AuthenticationProvider
Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication)
.- Specified by:
authenticate
in interfaceAuthenticationProvider
- Parameters:
authentication
- the authentication request object.- Returns:
- a fully authenticated object including credentials. May return
null
if theAuthenticationProvider
is unable to support authentication of the passedAuthentication
object. In such a case, the nextAuthenticationProvider
that supports the presentedAuthentication
class will be tried. - Throws:
AuthenticationException
- if authentication fails.
-
doAuthentication
protected abstract org.springframework.ldap.core.DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken auth) -
loadUserAuthorities
protected abstract Collection<? extends GrantedAuthority> loadUserAuthorities(org.springframework.ldap.core.DirContextOperations userData, String username, String password) -
createSuccessfulAuthentication
protected Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication, UserDetails user) Creates the finalAuthentication
object which will be returned from theauthenticate
method.- Parameters:
authentication
- the original authentication request tokenuser
- the UserDetails instance returned by the configured UserDetailsContextMapper.- Returns:
- the Authentication object for the fully authenticated user.
-
supports
Description copied from interface:AuthenticationProvider
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.Returning
true
does not guarantee anAuthenticationProvider
will be able to authenticate the presentedAuthentication
object. It simply indicates it can support closer evaluation of it. AnAuthenticationProvider
can still returnnull
from theAuthenticationProvider.authenticate(Authentication)
method to indicate anotherAuthenticationProvider
should be tried.Selection of an
AuthenticationProvider
capable of performing authentication is conducted at runtime theProviderManager
.- Specified by:
supports
in interfaceAuthenticationProvider
- Returns:
true
if the implementation can more closely evaluate theAuthentication
class presented
-
setUseAuthenticationRequestCredentials
public void setUseAuthenticationRequestCredentials(boolean useAuthenticationRequestCredentials) Determines whether the supplied password will be used as the credentials in the successful authentication token. If set to false, then the password will be obtained from the UserDetails object created by the configuredUserDetailsContextMapper
. Often it will not be possible to read the password from the directory, so defaults to true.- Parameters:
useAuthenticationRequestCredentials
- whether to use the credentials in the authentication request
-
setMessageSource
public void setMessageSource(@NonNull org.springframework.context.MessageSource messageSource) - Specified by:
setMessageSource
in interfaceorg.springframework.context.MessageSourceAware
-
setAuthoritiesMapper
Sets theGrantedAuthoritiesMapper
used for converting the authorities loaded from storage to a new set of authorities which will be associated to theUsernamePasswordAuthenticationToken
. If not set, defaults to aNullAuthoritiesMapper
.- Parameters:
authoritiesMapper
- theGrantedAuthoritiesMapper
used for mapping the user's authorities
-
setUserDetailsContextMapper
Allows a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication returned by thecreateSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails)
method.- Parameters:
userDetailsContextMapper
- the strategy instance. If not set, defaults to a simple LdapUserDetailsMapper.
-
getUserDetailsContextMapper
Provides access to the injectedUserDetailsContextMapper
strategy for use by subclasses.
-