java.lang.Object | ||
↳ | org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider | |
↳ | org.springframework.security.authentication.jaas.JaasAuthenticationProvider |
An AuthenticationProvider
implementation that retrieves user details from a JAAS login configuration.
This AuthenticationProvider
is capable of validating UsernamePasswordAuthenticationToken
requests contain the correct username and
password.
This implementation is backed by a JAAS configuration. The
loginConfig property must be set to a given JAAS configuration file. This setter accepts a Spring org.springframework.core.io.Resource instance. It should point to a JAAS configuration file containing an index
matching the loginContextName
property.
For example: If this JaasAuthenticationProvider were configured in a Spring WebApplicationContext the xml to set the loginConfiguration could be as follows...
<property name="loginConfig"> <value>/WEB-INF/login.conf</value> </property>
The loginContextName should coincide with a given index in the loginConfig specifed. The loginConfig file used in the JUnit tests appears as the following...
JAASTest { org.springframework.security.authentication.jaas.TestLoginModule required; };Using the example login configuration above, the loginContextName property would be set as JAASTest...
<property name="loginContextName"> <value>JAASTest</value> </property>
When using JAAS login modules as the authentication source, sometimes the
LoginContext will
require CallbackHandlers. The JaasAuthenticationProvider uses an internal
CallbackHandler
to wrap the JaasAuthenticationCallbackHandler
s configured in the ApplicationContext.
When the LoginContext calls the internal CallbackHandler, control is passed to each
JaasAuthenticationCallbackHandler
for each Callback passed.
JaasAuthenticationCallbackHandler
s are passed to the JaasAuthenticationProvider through the callbackHandlers
property.
<property name="callbackHandlers"> <list> <bean class="org.springframework.security.authentication.jaas.TestCallbackHandler"/> <bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler
"/> <bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler
"/> </list> </property>
After calling LoginContext.login(), the JaasAuthenticationProvider will retrieve the returned Principals
from the Subject (LoginContext.getSubject().getPrincipals). Each returned principal is then passed to the
configured AuthorityGranter
s. An AuthorityGranter is a mapping between a returned Principal, and a role
name. If an AuthorityGranter wishes to grant an Authorization a role, it returns that role name from it's grant(java.security.Principal)
method. The returned role will be applied to the Authorization
object as a GrantedAuthority
.
AuthorityGranters are configured in spring xml as follows...
<property name="authorityGranters"> <list> <bean class="org.springframework.security.authentication.jaas.TestAuthorityGranter"/> </list> </property>A configuration note: The JaasAuthenticationProvider uses the security properites "e;login.config.url.X"e; to configure jaas. If you would like to customize the way Jaas gets configured, create a subclass of this and override the
configureJaas(Resource)
method.
Fields | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
log |
[Expand]
Inherited Fields | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
|
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Validates the required properties are set.
| |||||||||||
Set the JAAS login configuration file.
| |||||||||||
If set, a call to
Configuration#refresh() will be made by #configureJaas(Resource)
method. |
Protected Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Hook method for configuring Jaas.
| |||||||||||
Creates the LoginContext to be used for authentication.
| |||||||||||
Publishes the
JaasAuthenticationFailedEvent . |
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
| |||||||||||
From class
java.lang.Object
| |||||||||||
From interface
org.springframework.beans.factory.InitializingBean
| |||||||||||
From interface
org.springframework.context.ApplicationEventPublisherAware
| |||||||||||
From interface
org.springframework.security.authentication.AuthenticationProvider
|
Validates the required properties are set. In addition, if
setCallbackHandlers(JaasAuthenticationCallbackHandler[])
has not
been called with valid handlers, initializes to use
JaasNameCallbackHandler
and JaasPasswordCallbackHandler
.
Exception |
---|
Set the JAAS login configuration file.
If set, a call to Configuration#refresh()
will be made by #configureJaas(Resource)
method. Defaults to true
.
refresh | set to false to disable reloading of the configuration.
May be useful in some environments.
|
---|
Hook method for configuring Jaas.
loginConfig | URL to Jaas login configuration |
---|
IOException | if there is a problem reading the config resource. |
---|
Creates the LoginContext to be used for authentication.
handler | The CallbackHandler that should be used for the LoginContext (never null ). |
---|
LoginException |
---|
Publishes the JaasAuthenticationFailedEvent
. Can be overridden by subclasses for different
functionality
token | The authentication token being processed |
---|---|
ase | The excetion that caused the authentication failure |