Package com.foreach.across.modules.user.security

Class AbstractUserInDirectoryAuthenticationProvider

java.lang.Object
com.foreach.across.modules.user.security.AbstractUserInDirectoryAuthenticationProvider
All Implemented Interfaces:
org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware, org.springframework.security.authentication.AuthenticationProvider
Direct Known Subclasses:
InternalUserDirectoryAuthenticationProvider
public abstract class AbstractUserInDirectoryAuthenticationProvider extends Object implements org.springframework.security.authentication.AuthenticationProvider, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware
Alternative for AbstractUserDetailsAuthenticationProvider that fetches a User by username from a single UserDirectory. It also allows disabling of exception throwing if user is not found, making it useful for iterating over multiple providers.
Since:
2.0.0
Author:
Arne Vandamme
See Also:

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected final org.apache.commons.logging.Log
    LOG
     
    protected org.springframework.context.support.MessageSourceAccessor
    messages
     
    protected UserDirectory
    userDirectory
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    AbstractUserInDirectoryAuthenticationProvider()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected abstract void
    additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication)
    Allows subclasses to perform any additional checks of a returned (or cached) UserDetails for a given authentication request.
    final void
    afterPropertiesSet()
     
    org.springframework.security.core.Authentication
    authenticate(org.springframework.security.core.Authentication authentication)
     
    protected abstract org.springframework.security.core.userdetails.UserDetails
    buildUserDetails(User user, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication)
    Allows subclasses to build the UserDetails for a given User.
    protected org.springframework.security.core.Authentication
    createSuccessAuthentication(Object principal, org.springframework.security.core.Authentication authentication, org.springframework.security.core.userdetails.UserDetails user)
    Creates a successful Authentication object.
    protected void
    doAfterPropertiesSet()
     
    protected User
    retrieveUser(String username)
    Retrieve the user instance from the user directory.
    void
    setAuthoritiesMapper(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper authoritiesMapper)
     
    void
    setForcePrincipalAsString(boolean forcePrincipalAsString)
     
    void
    setMessageSource(org.springframework.context.MessageSource messageSource)
     
    void
    setPostAuthenticationChecks(org.springframework.security.core.userdetails.UserDetailsChecker postAuthenticationChecks)
     
    void
    setPreAuthenticationChecks(org.springframework.security.core.userdetails.UserDetailsChecker preAuthenticationChecks)
    Sets the policy will be used to verify the status of the loaded UserDetails before validation of the credentials takes place.
    void
    setThrowExceptionIfUserNotFound(boolean throwExceptionIfUserNotFound)
     
    void
    setUserCache(org.springframework.security.core.userdetails.UserCache userCache)
     
    void
    setUserDirectory(UserDirectory userDirectory)
     
    void
    setUserService(UserService userService)
     
    boolean
    supports(Class<?> authentication)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • LOG

      protected final org.apache.commons.logging.Log LOG

    • messages

      protected org.springframework.context.support.MessageSourceAccessor messages

    • userDirectory

      protected UserDirectory userDirectory

  • Constructor Details

    • AbstractUserInDirectoryAuthenticationProvider

      public AbstractUserInDirectoryAuthenticationProvider()

  • Method Details

    • setMessageSource

      public void setMessageSource(org.springframework.context.MessageSource messageSource)
      Specified by:
      setMessageSource in interface org.springframework.context.MessageSourceAware

    • setUserDirectory

      public void setUserDirectory(UserDirectory userDirectory)

    • setUserService

      public void setUserService(UserService userService)

    • setUserCache

      public void setUserCache(org.springframework.security.core.userdetails.UserCache userCache)

    • setForcePrincipalAsString

      public void setForcePrincipalAsString(boolean forcePrincipalAsString)

    • setPreAuthenticationChecks

      public void setPreAuthenticationChecks(org.springframework.security.core.userdetails.UserDetailsChecker preAuthenticationChecks)
      Sets the policy will be used to verify the status of the loaded UserDetails before validation of the credentials takes place.
      Parameters:
      preAuthenticationChecks - strategy to be invoked prior to authentication.

    • setPostAuthenticationChecks

      public void setPostAuthenticationChecks(org.springframework.security.core.userdetails.UserDetailsChecker postAuthenticationChecks)

    • setAuthoritiesMapper

      public void setAuthoritiesMapper(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper authoritiesMapper)

    • setThrowExceptionIfUserNotFound

      public void setThrowExceptionIfUserNotFound(boolean throwExceptionIfUserNotFound)

    • additionalAuthenticationChecks

      protected abstract void additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication) throws org.springframework.security.core.AuthenticationException
      Allows subclasses to perform any additional checks of a returned (or cached) UserDetails for a given authentication request. Generally a subclass will at least compare the Authentication.getCredentials() with a UserDetails.getPassword(). If custom logic is needed to compare additional properties of UserDetails and/or UsernamePasswordAuthenticationToken, these should also appear in this method.
      Parameters:
      userDetails - as retrieved from the buildUserDetails(User, UsernamePasswordAuthenticationToken) or UserCache
      authentication - the current request that needs to be authenticated
      Throws:
      org.springframework.security.core.AuthenticationException - AuthenticationException if the credentials could not be validated (generally a BadCredentialsException, an AuthenticationServiceException)

    • afterPropertiesSet

      public final void afterPropertiesSet() throws Exception
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
      Throws:
      Exception

    • authenticate

      public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
      Specified by:
      authenticate in interface org.springframework.security.authentication.AuthenticationProvider
      Throws:
      org.springframework.security.core.AuthenticationException

    • createSuccessAuthentication

      protected org.springframework.security.core.Authentication createSuccessAuthentication(Object principal, org.springframework.security.core.Authentication authentication, org.springframework.security.core.userdetails.UserDetails user)
      Creates a successful Authentication object.

      Protected so subclasses can override.

      Subclasses will usually store the original credentials the user supplied (not salted or encoded passwords) in the returned Authentication object.

      Parameters:
      principal - that should be the principal in the returned object
      authentication - that was presented to the provider for validation
      user - that was loaded by the implementation
      Returns:
      the successful authentication token

    • doAfterPropertiesSet

      protected void doAfterPropertiesSet() throws Exception
      Throws:
      Exception

    • buildUserDetails

      protected abstract org.springframework.security.core.userdetails.UserDetails buildUserDetails(User user, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication) throws org.springframework.security.core.AuthenticationException
      Allows subclasses to build the UserDetails for a given User. Actual credential validation can be performed and an AuthenticationException thrown if validation fails. In case the method returns null this will end in a null Authentication being returned by this provider.

      Note that User already implements UserDetails. If validation is successful, that same user instance can be returned by the method implementation.

      Parameters:
      user - The user found with the username from the authentication
      authentication - The authentication request, which subclasses may need to perform a binding-based retrieval of the UserDetails
      Returns:
      the user information, can be null to fall back to being "unable to authenticate"
      Throws:
      org.springframework.security.core.AuthenticationException - if the credentials could not be validated

    • retrieveUser

      protected User retrieveUser(String username) throws org.springframework.security.core.AuthenticationException
      Retrieve the user instance from the user directory.
      Parameters:
      username - The username to retrieve
      Returns:
      user instance or null if not found
      Throws:
      org.springframework.security.core.AuthenticationException - if no user found and throwExceptionIfUserNotFound is true

    • supports

      public boolean supports(Class<?> authentication)
      Specified by:
      supports in interface org.springframework.security.authentication.AuthenticationProvider