JaasAuthenticationProvider

Class Overview

An AuthenticationProvider implementation that retrieves user details from a JAAS login configuration.

This AuthenticationProvider is capable of validating UsernamePasswordAuthenticationToken requests contain the correct username and password.

This implementation is backed by a JAAS configuration. The loginConfig property must be set to a given JAAS configuration file. This setter accepts a Spring org.springframework.core.io.Resource instance. It should point to a JAAS configuration file containing an index matching the loginContextName property.

For example: If this JaasAuthenticationProvider were configured in a Spring WebApplicationContext the xml to set the loginConfiguration could be as follows...

 <property name="loginConfig">
   <value>/WEB-INF/login.conf</value>
 </property>
 

The loginContextName should coincide with a given index in the loginConfig specifed. The loginConfig file used in the JUnit tests appears as the following...

 JAASTest {
   org.springframework.security.authentication.jaas.TestLoginModule required;
 };
 

Using the example login configuration above, the loginContextName property would be set as JAASTest...

  <property name="loginContextName"> <value>JAASTest</value> </property>
 

When using JAAS login modules as the authentication source, sometimes the LoginContext will require CallbackHandlers. The JaasAuthenticationProvider uses an internal CallbackHandler to wrap the JaasAuthenticationCallbackHandlers configured in the ApplicationContext. When the LoginContext calls the internal CallbackHandler, control is passed to each JaasAuthenticationCallbackHandler for each Callback passed.

JaasAuthenticationCallbackHandlers are passed to the JaasAuthenticationProvider through the callbackHandlers property.

 <property name="callbackHandlers">
   <list>
     <bean class="org.springframework.security.authentication.jaas.TestCallbackHandler"/>
     <bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler"/>
     <bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler"/>
  </list>
 </property>
 

After calling LoginContext.login(), the JaasAuthenticationProvider will retrieve the returned Principals from the Subject (LoginContext.getSubject().getPrincipals). Each returned principal is then passed to the configured AuthorityGranters. An AuthorityGranter is a mapping between a returned Principal, and a role name. If an AuthorityGranter wishes to grant an Authorization a role, it returns that role name from it's grant(java.security.Principal) method. The returned role will be applied to the Authorization object as a GrantedAuthority.

AuthorityGranters are configured in spring xml as follows...

 <property name="authorityGranters">
   <list>
     <bean class="org.springframework.security.authentication.jaas.TestAuthorityGranter"/>
   </list>
  </property>
 

A configuration note: The JaasAuthenticationProvider uses the security properites "e;login.config.url.X"e; to configure jaas. If you would like to customize the way Jaas gets configured, create a subclass of this and override the configureJaas(Resource) method.

Summary

Fields
protected static final Log	log

[Expand] Inherited Fields
From class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider protected final Log log

Public Constructors
	JaasAuthenticationProvider()

Public Methods
void	afterPropertiesSet() Validates the required properties are set.
Resource	getLoginConfig()
void	setLoginConfig(Resource loginConfig) Set the JAAS login configuration file.
void	setRefreshConfigurationOnStartup(boolean refresh) If set, a call to Configuration#refresh() will be made by #configureJaas(Resource) method.

Protected Methods
void	configureJaas(Resource loginConfig) Hook method for configuring Jaas.
LoginContext	createLoginContext(CallbackHandler handler) Creates the LoginContext to be used for authentication.
void	publishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase) Publishes the JaasAuthenticationFailedEvent.

[Expand] Inherited Methods
From class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider void afterPropertiesSet() Validates the required properties are set. Authentication authenticate(Authentication auth) Attempts to login the user given the Authentication objects principal and credential abstract LoginContext createLoginContext(CallbackHandler handler) Creates the LoginContext to be used for authentication. ApplicationEventPublisher getApplicationEventPublisher() void handleLogout(SessionDestroyedEvent event) Handles the logout by getting the security contexts for the destroyed session and invoking LoginContext.logout() for any which contain a JaasAuthenticationToken. void onApplicationEvent(SessionDestroyedEvent event) void publishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase) Publishes the JaasAuthenticationFailedEvent. void publishSuccessEvent(UsernamePasswordAuthenticationToken token) Publishes the JaasAuthenticationSuccessEvent. void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) void setAuthorityGranters(AuthorityGranter[] authorityGranters) Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication. void setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers) Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the LoginContext.login method. void setLoginContextName(String loginContextName) Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property. void setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver) boolean supports(Class<?> aClass) Returns true if this AuthenticationProvider supports the indicated Authentication object.
From class java.lang.Object Object clone() boolean equals(Object arg0) void finalize() final Class<?> getClass() int hashCode() final void notify() final void notifyAll() String toString() final void wait() final void wait(long arg0, int arg1) final void wait(long arg0)
From interface org.springframework.beans.factory.InitializingBean abstract void afterPropertiesSet()
From interface org.springframework.context.ApplicationEventPublisherAware abstract void setApplicationEventPublisher(ApplicationEventPublisher arg0)
From interface org.springframework.security.authentication.AuthenticationProvider abstract Authentication authenticate(Authentication authentication) Performs authentication with the same contract as authenticate(Authentication). abstract boolean supports(Class<?> authentication) Returns true if this AuthenticationProvider supports the indicated Authentication object.