public class

DaoAuthenticationProvider

extends AbstractUserDetailsAuthenticationProvider
java.lang.Object
   ↳ org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
     ↳ org.springframework.security.authentication.dao.DaoAuthenticationProvider

Class Overview

An AuthenticationProvider implementation that retrieves user details from a UserDetailsService.

Summary

[Expand]
Inherited Fields
From class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
Public Constructors
DaoAuthenticationProvider()
Public Methods
void setPasswordEncoder(Object passwordEncoder)
Sets the PasswordEncoder instance to be used to encode and validate passwords.
void setSaltSource(SaltSource saltSource)
The source of salts to use when decoding passwords.
void setUserDetailsService(UserDetailsService userDetailsService)
Protected Methods
void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication)
Allows subclasses to perform any additional checks of a returned (or cached) UserDetails for a given authentication request.
void doAfterPropertiesSet()
PasswordEncoder getPasswordEncoder()
SaltSource getSaltSource()
UserDetailsService getUserDetailsService()
final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication)
Allows subclasses to actually retrieve the UserDetails from an implementation-specific location, with the option of throwing an AuthenticationException immediately if the presented credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in order to obtain or generate a UserDetails).
[Expand]
Inherited Methods
From class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
From class java.lang.Object
From interface org.springframework.beans.factory.InitializingBean
From interface org.springframework.context.MessageSourceAware
From interface org.springframework.security.authentication.AuthenticationProvider

Public Constructors

public DaoAuthenticationProvider ()

Public Methods

public void setPasswordEncoder (Object passwordEncoder)

Sets the PasswordEncoder instance to be used to encode and validate passwords. If not set, the password will be compared as plain text.

For systems which are already using salted password which are encoded with a previous release, the encoder should be of type org.springframework.security.authentication.encoding.PasswordEncoder. Otherwise, the recommended approach is to use org.springframework.security.crypto.password.PasswordEncoder.

Parameters
passwordEncoder must be an instance of one of the PasswordEncoder types.

public void setSaltSource (SaltSource saltSource)

The source of salts to use when decoding passwords. null is a valid value, meaning the DaoAuthenticationProvider will present null to the relevant PasswordEncoder.

Instead, it is recommended that you use an encoder which uses a random salt and combines it with the password field. This is the default approach taken in the org.springframework.security.crypto.password package.

Parameters
saltSource to use when attempting to decode passwords via the PasswordEncoder

public void setUserDetailsService (UserDetailsService userDetailsService)

Protected Methods

protected void additionalAuthenticationChecks (UserDetails userDetails, UsernamePasswordAuthenticationToken authentication)

Allows subclasses to perform any additional checks of a returned (or cached) UserDetails for a given authentication request. Generally a subclass will at least compare the getCredentials() with a getPassword(). If custom logic is needed to compare additional properties of UserDetails and/or UsernamePasswordAuthenticationToken, these should also appear in this method.

Parameters
userDetails as retrieved from the retrieveUser(String, UsernamePasswordAuthenticationToken) or UserCache
authentication the current request that needs to be authenticated
Throws
AuthenticationException

protected void doAfterPropertiesSet ()

Throws
Exception

protected PasswordEncoder getPasswordEncoder ()

protected SaltSource getSaltSource ()

protected UserDetailsService getUserDetailsService ()

protected final UserDetails retrieveUser (String username, UsernamePasswordAuthenticationToken authentication)

Allows subclasses to actually retrieve the UserDetails from an implementation-specific location, with the option of throwing an AuthenticationException immediately if the presented credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in order to obtain or generate a UserDetails).

Subclasses are not required to perform any caching, as the AbstractUserDetailsAuthenticationProvider will by default cache the UserDetails. The caching of UserDetails does present additional complexity as this means subsequent requests that rely on the cache will need to still have their credentials validated, even if the correctness of credentials was assured by subclasses adopting a binding-based strategy in this method. Accordingly it is important that subclasses either disable caching (if they want to ensure that this method is the only method that is capable of authenticating a request, as no UserDetails will ever be cached) or ensure subclasses implement additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken) to compare the credentials of a cached UserDetails with subsequent authentication requests.

Most of the time subclasses will not perform credentials inspection in this method, instead performing it in additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken) so that code related to credentials validation need not be duplicated across two methods.

Parameters
username The username to retrieve
authentication The authentication request, which subclasses may need to perform a binding-based retrieval of the UserDetails
Returns
  • the user information (never null - instead an exception should the thrown)
Throws
AuthenticationException