AbstractJaasAuthenticationProvider
extends Objectimplements InitializingBean ApplicationEventPublisherAware AuthenticationProvider
| java.lang.Object | |
| ↳ | org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider |
 Known Direct Subclasses
|
Class Overview
An AuthenticationProvider implementation that retrieves user details from a JAAS login configuration.
This AuthenticationProvider is capable of validating UsernamePasswordAuthenticationToken requests contain the correct username and
password.
This implementation is backed by a JAAS configuration that is provided by
a subclass's implementation of createLoginContext(CallbackHandler).
When using JAAS login modules as the authentication source, sometimes the
LoginContext will
require CallbackHandlers. The AbstractJaasAuthenticationProvider uses an internal
CallbackHandler
to wrap the JaasAuthenticationCallbackHandlers configured in the ApplicationContext.
When the LoginContext calls the internal CallbackHandler, control is passed to each
JaasAuthenticationCallbackHandler for each Callback passed.
JaasAuthenticationCallbackHandlers are passed to the AbstractJaasAuthenticationProvider through the callbackHandlers
property.
<property name="callbackHandlers">
<list>
<bean class="org.springframework.security.authentication.jaas.TestCallbackHandler"/>
<bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler"/>
<bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler"/>
</list>
</property>
After calling LoginContext.login(), the AbstractJaasAuthenticationProvider will retrieve the returned Principals
from the Subject (LoginContext.getSubject().getPrincipals). Each returned principal is then passed to the
configured AuthorityGranters. An AuthorityGranter is a mapping between a returned Principal, and a role
name. If an AuthorityGranter wishes to grant an Authorization a role, it returns that role name from it's grant(java.security.Principal) method. The returned role will be applied to the Authorization
object as a GrantedAuthority.
AuthorityGranters are configured in spring xml as follows...
<property name="authorityGranters">
<list>
<bean class="org.springframework.security.authentication.jaas.TestAuthorityGranter"/>
</list>
</property>
Summary
| Fields | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| log | |||||||||||
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Validates the required properties are set.
| |||||||||||
Attempts to login the user given the Authentication objects principal and credential
| |||||||||||
Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.
| |||||||||||
Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the
LoginContext.login method.
| |||||||||||
Set the loginContextName, this name is used as the index to the configuration specified in the
loginConfig property.
| |||||||||||
Returns
true if this AuthenticationProvider supports the indicated
Authentication object. | |||||||||||
| Protected Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Creates the LoginContext to be used for authentication.
| |||||||||||
Handles the logout by getting the security contexts for the destroyed session and invoking
LoginContext.logout() for any which contain a JaasAuthenticationToken. | |||||||||||
Publishes the
JaasAuthenticationFailedEvent. | |||||||||||
Publishes the
JaasAuthenticationSuccessEvent. | |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
From class
java.lang.Object
| |||||||||||
|
From interface
org.springframework.beans.factory.InitializingBean
| |||||||||||
|
From interface
org.springframework.context.ApplicationEventPublisherAware
| |||||||||||
|
From interface
org.springframework.security.authentication.AuthenticationProvider
| |||||||||||
Fields
protected final Log log
Public Constructors
public AbstractJaasAuthenticationProvider ()
Public Methods
public void afterPropertiesSet ()
Validates the required properties are set. In addition, if
setCallbackHandlers(JaasAuthenticationCallbackHandler[]) has not
been called with valid handlers, initializes to use
JaasNameCallbackHandler and JaasPasswordCallbackHandler.
Throws
| Exception |
|---|
public Authentication authenticate (Authentication auth)
Attempts to login the user given the Authentication objects principal and credential
Parameters
| auth | The Authentication object to be authenticated. |
|---|
Returns
- The authenticated Authentication object, with it's grantedAuthorities set.
Throws
| AuthenticationException | This implementation does not handle 'locked' or 'disabled' accounts. This method only throws a AuthenticationServiceException, with the message of the LoginException that will be thrown, should the loginContext.login() method fail. |
|---|
public void setApplicationEventPublisher (ApplicationEventPublisher applicationEventPublisher)
public void setAuthorityGranters (AuthorityGranter[] authorityGranters)
Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.
Parameters
| authorityGranters | AuthorityGranter array |
|---|
See Also
public void setCallbackHandlers (JaasAuthenticationCallbackHandler[] callbackHandlers)
Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the LoginContext.login method.
Parameters
| callbackHandlers | Array of JAASAuthenticationCallbackHandlers |
|---|
public void setLoginContextName (String loginContextName)
Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property.
public boolean supports (Class<?> aClass)
Returns true if this AuthenticationProvider supports the indicated
Authentication object.
Returning true does not guarantee an AuthenticationProvider will be able to
authenticate the presented instance of the Authentication class. It simply indicates it can support
closer evaluation of it. An AuthenticationProvider can still return null from the
authenticate(Authentication) method to indicate another AuthenticationProvider should be
tried.
Selection of an AuthenticationProvider capable of performing authentication is
conducted at runtime the ProviderManager.
Returns
trueif the implementation can more closely evaluate theAuthenticationclass presented
Protected Methods
protected abstract LoginContext createLoginContext (CallbackHandler handler)
Creates the LoginContext to be used for authentication.
Parameters
| handler | The CallbackHandler that should be used for the LoginContext (never null). |
|---|
Returns
- the LoginContext to use for authentication.
Throws
| LoginException |
|---|
protected ApplicationEventPublisher getApplicationEventPublisher ()
protected void handleLogout (SessionDestroyedEvent event)
Handles the logout by getting the security contexts for the destroyed session and invoking
LoginContext.logout() for any which contain a JaasAuthenticationToken.
Parameters
| event | the session event which contains the current session |
|---|
protected void publishFailureEvent (UsernamePasswordAuthenticationToken token, AuthenticationException ase)
Publishes the JaasAuthenticationFailedEvent. Can be overridden by subclasses for different
functionality
Parameters
| token | The authentication token being processed |
|---|---|
| ase | The excetion that caused the authentication failure |
protected void publishSuccessEvent (UsernamePasswordAuthenticationToken token)
Publishes the JaasAuthenticationSuccessEvent. Can be overridden by subclasses for different
functionality.
Parameters
| token | The token being processed |
|---|