public abstract class

AbstractLdapAuthenticationProvider

extends Object
implements MessageSourceAware AuthenticationProvider
java.lang.Object
   ↳ org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
Known Direct Subclasses

Class Overview

Base class for the standard LdapAuthenticationProvider and the ActiveDirectoryLdapAuthenticationProvider.

Summary

Fields
protected final Log logger
protected MessageSourceAccessor messages
protected UserDetailsContextMapper userDetailsContextMapper
Public Constructors
AbstractLdapAuthenticationProvider()
Public Methods
Authentication authenticate(Authentication authentication)
Performs authentication with the same contract as authenticate(Authentication).
void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
void setMessageSource(MessageSource messageSource)
void setUseAuthenticationRequestCredentials(boolean useAuthenticationRequestCredentials)
Determines whether the supplied password will be used as the credentials in the successful authentication token.
void setUserDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper)
Allows a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication returned by the createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails) method.
boolean supports(Class<?> authentication)
Returns true if this AuthenticationProvider supports the indicated Authentication object.
Protected Methods
Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication, UserDetails user)
Creates the final Authentication object which will be returned from the authenticate method.
abstract DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken auth)
UserDetailsContextMapper getUserDetailsContextMapper()
Provides access to the injected UserDetailsContextMapper strategy for use by subclasses.
abstract Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations userData, String username, String password)
[Expand]
Inherited Methods
From class java.lang.Object
From interface org.springframework.context.MessageSourceAware
From interface org.springframework.security.authentication.AuthenticationProvider

Fields

protected final Log logger

protected MessageSourceAccessor messages

protected UserDetailsContextMapper userDetailsContextMapper

Public Constructors

public AbstractLdapAuthenticationProvider ()

Public Methods

public Authentication authenticate (Authentication authentication)

Performs authentication with the same contract as authenticate(Authentication).

Parameters
authentication the authentication request object.
Returns
  • a fully authenticated object including credentials. May return null if the AuthenticationProvider is unable to support authentication of the passed Authentication object. In such a case, the next AuthenticationProvider that supports the presented Authentication class will be tried.
Throws
AuthenticationException

public void setAuthoritiesMapper (GrantedAuthoritiesMapper authoritiesMapper)

public void setMessageSource (MessageSource messageSource)

public void setUseAuthenticationRequestCredentials (boolean useAuthenticationRequestCredentials)

Determines whether the supplied password will be used as the credentials in the successful authentication token. If set to false, then the password will be obtained from the UserDetails object created by the configured UserDetailsContextMapper. Often it will not be possible to read the password from the directory, so defaults to true.

public void setUserDetailsContextMapper (UserDetailsContextMapper userDetailsContextMapper)

Allows a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication returned by the createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails) method.

Parameters
userDetailsContextMapper the strategy instance. If not set, defaults to a simple LdapUserDetailsMapper.

public boolean supports (Class<?> authentication)

Returns true if this AuthenticationProvider supports the indicated Authentication object.

Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented instance of the Authentication class. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.

Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

Returns
  • true if the implementation can more closely evaluate the Authentication class presented

Protected Methods

protected Authentication createSuccessfulAuthentication (UsernamePasswordAuthenticationToken authentication, UserDetails user)

Creates the final Authentication object which will be returned from the authenticate method.

Parameters
authentication the original authentication request token
user the UserDetails instance returned by the configured UserDetailsContextMapper.
Returns
  • the Authentication object for the fully authenticated user.

protected abstract DirContextOperations doAuthentication (UsernamePasswordAuthenticationToken auth)

protected UserDetailsContextMapper getUserDetailsContextMapper ()

Provides access to the injected UserDetailsContextMapper strategy for use by subclasses.

protected abstract Collection<? extends GrantedAuthority> loadUserAuthorities (DirContextOperations userData, String username, String password)