Overview  Package   Class  Use  Deprecated  Index
Home >> All >> org >> acegisecurity >> providers >> [ dao overview ]	PREV CLASS  NEXT CLASS
SUMMARY:  JAVADOC |  SOURCE |  DOWNLOAD | NESTED | FIELD | CONSTR | METHOD	DETAIL: FIELD | CONSTR | METHOD

---

org.acegisecurity.providers.dao
Class AbstractUserDetailsAuthenticationProvider  

java.lang.Object
  org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider

All Implemented Interfaces:

org.acegisecurity.providers.AuthenticationProvider, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware

Direct Known Subclasses:

DaoAuthenticationProvider

---

public abstract class AbstractUserDetailsAuthenticationProvider

extends java.lang.Object

implements org.acegisecurity.providers.AuthenticationProvider, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware

A base org.acegisecurity.providers.AuthenticationProvider that allows subclasses to override and work with org.acegisecurity.userdetails.UserDetails objects. The class is designed to respond to org.acegisecurity.providers.UsernamePasswordAuthenticationToken authentication requests.

Upon successful validation, a UsernamePasswordAuthenticationToken will be created and returned to the caller. The token will include as its principal either a String representation of the username, or the org.acegisecurity.userdetails.UserDetails that was returned from the authentication repository. Using String is appropriate if a container adapter is being used, as it expects String representations of the username. Using UserDetails is appropriate if you require access to additional properties of the authenticated user, such as email addresses, human-friendly names etc. As container adapters are not recommended to be used, and UserDetails implementations provide additional flexibility, by default a UserDetails is returned. To override this default, set the setForcePrincipalAsString(boolean) 55 to true.

Caching is handled via the UserDetails object being placed in the UserCache. This ensures that subsequent requests with the same username can be validated without needing to query the org.acegisecurity.userdetails.UserDetailsService. It should be noted that if a user appears to present an incorrect password, the org.acegisecurity.userdetails.UserDetailsService will be queried to confirm the most up-to-date password was used for comparison.

---

Field Summary
private  boolean	forcePrincipalAsString
protected  org.springframework.context.support.MessageSourceAccessor	messages
private  UserCache	userCache

 

Constructor Summary

AbstractUserDetailsAuthenticationProvider()

 

Method Summary
protected abstract  void	additionalAuthenticationChecks(org.acegisecurity.userdetails.UserDetails userDetails, org.acegisecurity.providers.UsernamePasswordAuthenticationToken authentication)           Allows subclasses to perform any additional checks of a returned (or cached) UserDetails for a given authentication request.
void	afterPropertiesSet()           Invoked by a BeanFactory after it has set all bean properties supplied (and satisfied BeanFactoryAware and ApplicationContextAware).
org.acegisecurity.Authentication	authenticate(org.acegisecurity.Authentication authentication)           Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication)>AuthenticationManager.authenticate(Authentication) 55 .
protected  org.acegisecurity.Authentication	createSuccessAuthentication(java.lang.Object principal, org.acegisecurity.Authentication authentication, org.acegisecurity.userdetails.UserDetails user)           Creates a successful org.acegisecurity.Authentication object.
protected  void	doAfterPropertiesSet()
UserCache	getUserCache()
boolean	isForcePrincipalAsString()
protected abstract  org.acegisecurity.userdetails.UserDetails	retrieveUser(java.lang.String username, org.acegisecurity.providers.UsernamePasswordAuthenticationToken authentication)           Allows subclasses to actually retrieve the UserDetails from an implementation-specific location, with the option of throwing an AuthenticationException immediately if the presented credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in order to obtain or generate a UserDetails).
void	setForcePrincipalAsString(boolean forcePrincipalAsString)
void	setMessageSource(org.springframework.context.MessageSource messageSource)           Set the MessageSource that this object runs in.
void	setUserCache(UserCache userCache)
boolean	supports(java.lang.Class authentication)           Returns true if this AuthenticationProvider supports the indicated Authentication object.

 

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Field Detail

messages

protected org.springframework.context.support.MessageSourceAccessor messages

---

userCache

private UserCache userCache

---

forcePrincipalAsString

private boolean forcePrincipalAsString

Constructor Detail

AbstractUserDetailsAuthenticationProvider

public AbstractUserDetailsAuthenticationProvider()

Method Detail

additionalAuthenticationChecks

protected abstract void additionalAuthenticationChecks(org.acegisecurity.userdetails.UserDetails userDetails,
                                                       org.acegisecurity.providers.UsernamePasswordAuthenticationToken authentication)
                                                throws org.acegisecurity.AuthenticationException

Allows subclasses to perform any additional checks of a returned (or cached) UserDetails for a given authentication request. Generally a subclass will at least compare the Authentication.getCredentials()>Authentication.getCredentials() 55 with a UserDetails.getPassword()>UserDetails.getPassword() 55 . If custom logic is needed to compare additional properties of UserDetails and/or UsernamePasswordAuthenticationToken, these should also appear in this method.

---

afterPropertiesSet

public final void afterPropertiesSet()
                              throws java.lang.Exception

Description copied from interface: org.springframework.beans.factory.InitializingBean

Invoked by a BeanFactory after it has set all bean properties supplied (and satisfied BeanFactoryAware and ApplicationContextAware).

This method allows the bean instance to perform initialization only possible when all bean properties have been set and to throw an exception in the event of misconfiguration.

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

---

authenticate

public org.acegisecurity.Authentication authenticate(org.acegisecurity.Authentication authentication)
                                              throws org.acegisecurity.AuthenticationException

Description copied from interface: org.acegisecurity.providers.AuthenticationProvider

Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication)>AuthenticationManager.authenticate(Authentication) 55 .

Specified by:

authenticate in interface org.acegisecurity.providers.AuthenticationProvider

---

createSuccessAuthentication

protected org.acegisecurity.Authentication createSuccessAuthentication(java.lang.Object principal,
                                                                       org.acegisecurity.Authentication authentication,
                                                                       org.acegisecurity.userdetails.UserDetails user)

Creates a successful org.acegisecurity.Authentication object.

Protected so subclasses can override.

Subclasses will usually store the original credentials the user supplied (not salted or encoded passwords) in the returned Authentication object.

---

doAfterPropertiesSet

protected void doAfterPropertiesSet()
                             throws java.lang.Exception

---

getUserCache

public UserCache getUserCache()

---

isForcePrincipalAsString

public boolean isForcePrincipalAsString()

---

retrieveUser

protected abstract org.acegisecurity.userdetails.UserDetails retrieveUser(java.lang.String username,
                                                                          org.acegisecurity.providers.UsernamePasswordAuthenticationToken authentication)
                                                                   throws org.acegisecurity.AuthenticationException

Allows subclasses to actually retrieve the UserDetails from an implementation-specific location, with the option of throwing an AuthenticationException immediately if the presented credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in order to obtain or generate a UserDetails).

Subclasses are not required to perform any caching, as the AbstractUserDetailsAuthenticationProvider will by default cache the UserDetails. The caching of UserDetails does present additional complexity as this means subsequent requests that rely on the cache will need to still have their credentials validated, even if the correctness of credentials was assured by subclasses adopting a binding-based strategy in this method. Accordingly it is important that subclasses either disable caching (if they want to ensure that this method is the only method that is capable of authenticating a request, as no UserDetails will ever be cached) or ensure subclasses implement additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken) 55 to compare the credentials of a cached UserDetails with subsequent authentication requests.

Most of the time subclasses will not perform credentials inspection in this method, instead performing it in additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken) 55 so that code related to credentials validation need not be duplicated across two methods.

---

setForcePrincipalAsString

public void setForcePrincipalAsString(boolean forcePrincipalAsString)

---

setMessageSource

public void setMessageSource(org.springframework.context.MessageSource messageSource)

Description copied from interface: org.springframework.context.MessageSourceAware

Set the MessageSource that this object runs in.

Invoked after population of normal bean properties but before an init callback like InitializingBean's afterPropertiesSet or a custom init-method. Invoked before ApplicationContextAware's setApplicationContext.

Specified by:

setMessageSource in interface org.springframework.context.MessageSourceAware

---

setUserCache

public void setUserCache(UserCache userCache)

---

supports

public boolean supports(java.lang.Class authentication)

Description copied from interface: org.acegisecurity.providers.AuthenticationProvider

Returns true if this AuthenticationProvider supports the indicated Authentication object.

Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented instance of the Authentication class. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the AuthenticationProvider.authenticate(Authentication)>AuthenticationProvider.authenticate(Authentication) 55 method to indicate another AuthenticationProvider should be tried.

Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

Specified by:

supports in interface org.acegisecurity.providers.AuthenticationProvider

---

Overview  Package   Class  Use  Deprecated  Index
Home >> All >> org >> acegisecurity >> providers >> [ dao overview ]	PREV CLASS  NEXT CLASS
SUMMARY:  JAVADOC |  SOURCE |  DOWNLOAD | NESTED | FIELD | CONSTR | METHOD	DETAIL: FIELD | CONSTR | METHOD

---