public class

OpenIDAuthenticationProvider

extends Object
implements InitializingBean AuthenticationProvider
java.lang.Object
   ↳ org.springframework.security.openid.OpenIDAuthenticationProvider

Class Overview

Finalises the OpenID authentication by obtaining local authorities for the authenticated user.

The authorities are obtained by calling the configured UserDetailsService. The UserDetails it returns must, at minimum, contain the username and GrantedAuthority objects applicable to the authenticated user. Note that by default, Spring Security ignores the password and enabled/disabled status of the UserDetails because this is authentication-related and should have been enforced by another provider server.

The UserDetails returned by implementations is stored in the generated Authentication token, so additional properties such as email addresses, telephone numbers etc can easily be stored.

Summary

Public Constructors
OpenIDAuthenticationProvider()
Public Methods
void afterPropertiesSet()
Authentication authenticate(Authentication authentication)
Performs authentication with the same contract as authenticate(Authentication).
void setAuthenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken> userDetailsService)
Used to load the UserDetails for the authenticated OpenID user.
void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
void setUserDetailsService(UserDetailsService userDetailsService)
Used to load the UserDetails for the authenticated OpenID user.
boolean supports(Class<?> authentication)
Returns true if this AuthenticationProvider supports the indicated Authentication object.
Protected Methods
Authentication createSuccessfulAuthentication(UserDetails userDetails, OpenIDAuthenticationToken auth)
Handles the creation of the final Authentication object which will be returned by the provider.
[Expand]
Inherited Methods
From class java.lang.Object
From interface org.springframework.beans.factory.InitializingBean
From interface org.springframework.security.authentication.AuthenticationProvider

Public Constructors

public OpenIDAuthenticationProvider ()

Public Methods

public void afterPropertiesSet ()

Throws
Exception

public Authentication authenticate (Authentication authentication)

Performs authentication with the same contract as authenticate(Authentication).

Parameters
authentication the authentication request object.
Returns
  • a fully authenticated object including credentials. May return null if the AuthenticationProvider is unable to support authentication of the passed Authentication object. In such a case, the next AuthenticationProvider that supports the presented Authentication class will be tried.
Throws
AuthenticationException

public void setAuthenticationUserDetailsService (AuthenticationUserDetailsService<OpenIDAuthenticationToken> userDetailsService)

Used to load the UserDetails for the authenticated OpenID user.

public void setAuthoritiesMapper (GrantedAuthoritiesMapper authoritiesMapper)

public void setUserDetailsService (UserDetailsService userDetailsService)

Used to load the UserDetails for the authenticated OpenID user.

public boolean supports (Class<?> authentication)

Returns true if this AuthenticationProvider supports the indicated Authentication object.

Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented instance of the Authentication class. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.

Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

Returns
  • true if the implementation can more closely evaluate the Authentication class presented

Protected Methods

protected Authentication createSuccessfulAuthentication (UserDetails userDetails, OpenIDAuthenticationToken auth)

Handles the creation of the final Authentication object which will be returned by the provider.

The default implementation just creates a new OpenIDAuthenticationToken from the original, but with the UserDetails as the principal and including the authorities loaded by the UserDetailsService.

Parameters
userDetails the loaded UserDetails object
auth the token passed to the authenticate method, containing
Returns
  • the token which will represent the authenticated user.