java.lang.Object
org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider
org.acegisecurity.providers.dao.DaoAuthenticationProvider
- All Implemented Interfaces:
- org.acegisecurity.providers.AuthenticationProvider, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware
- public class DaoAuthenticationProvider
- extends AbstractUserDetailsAuthenticationProvider
An org.acegisecurity.providers.AuthenticationProvider implementation that retrieves user details
from an org.acegisecurity.userdetails.UserDetailsService.
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
userDetailsService
private org.acegisecurity.userdetails.UserDetailsService userDetailsService
passwordEncoder
private org.acegisecurity.providers.encoding.PasswordEncoder passwordEncoder
saltSource
private SaltSource saltSource
hideUserNotFoundExceptions
private boolean hideUserNotFoundExceptions
DaoAuthenticationProvider
public DaoAuthenticationProvider()
additionalAuthenticationChecks
protected void additionalAuthenticationChecks(org.acegisecurity.userdetails.UserDetails userDetails,
org.acegisecurity.providers.UsernamePasswordAuthenticationToken authentication)
throws org.acegisecurity.AuthenticationException
- Description copied from class:
AbstractUserDetailsAuthenticationProvider
- Allows subclasses to perform any additional checks of a returned (or
cached)
UserDetails for a given authentication request.
Generally a subclass will at least compare the Authentication.getCredentials()>Authentication.getCredentials() 55 with a UserDetails.getPassword()>UserDetails.getPassword() 55 . If custom logic is needed to compare
additional properties of UserDetails and/or
UsernamePasswordAuthenticationToken, these should also
appear in this method.
- Specified by:
additionalAuthenticationChecks in class AbstractUserDetailsAuthenticationProvider
doAfterPropertiesSet
protected void doAfterPropertiesSet()
throws java.lang.Exception
- Overrides:
doAfterPropertiesSet in class AbstractUserDetailsAuthenticationProvider
getUserDetailsService
public org.acegisecurity.userdetails.UserDetailsService getUserDetailsService()
getPasswordEncoder
public org.acegisecurity.providers.encoding.PasswordEncoder getPasswordEncoder()
getSaltSource
public SaltSource getSaltSource()
isHideUserNotFoundExceptions
public boolean isHideUserNotFoundExceptions()
retrieveUser
protected final org.acegisecurity.userdetails.UserDetails retrieveUser(java.lang.String username,
org.acegisecurity.providers.UsernamePasswordAuthenticationToken authentication)
throws org.acegisecurity.AuthenticationException
- Description copied from class:
AbstractUserDetailsAuthenticationProvider
- Allows subclasses to actually retrieve the
UserDetails from
an implementation-specific location, with the option of throwing an
AuthenticationException immediately if the presented
credentials are incorrect (this is especially useful if it is necessary
to bind to a resource as the user in order to obtain or generate a
UserDetails).
Subclasses are not required to perform any caching, as the
AbstractUserDetailsAuthenticationProvider will by default
cache the UserDetails. The caching of
UserDetails does present additional complexity as this
means subsequent requests that rely on the cache will need to still
have their credentials validated, even if the correctness of
credentials was assured by subclasses adopting a binding-based strategy
in this method. Accordingly it is important that subclasses either
disable caching (if they want to ensure that this method is the only
method that is capable of authenticating a request, as no
UserDetails will ever be cached) or ensure subclasses
implement AbstractUserDetailsAuthenticationProvider.additionalAuthenticationChecks(UserDetails,
UsernamePasswordAuthenticationToken) 55 to compare the credentials of a
cached UserDetails with subsequent authentication
requests.
Most of the time subclasses will not perform credentials inspection in
this method, instead performing it in AbstractUserDetailsAuthenticationProvider.additionalAuthenticationChecks(UserDetails,
UsernamePasswordAuthenticationToken) 55 so that code related to
credentials validation need not be duplicated across two methods.
- Specified by:
retrieveUser in class AbstractUserDetailsAuthenticationProvider
setUserDetailsService
public void setUserDetailsService(org.acegisecurity.userdetails.UserDetailsService authenticationDao)
setHideUserNotFoundExceptions
public void setHideUserNotFoundExceptions(boolean hideUserNotFoundExceptions)
- By default the
DaoAuthenticationProvider throws a
BadCredentialsException if a username is not found or
the password is incorrect. Setting this property to
false will cause
UsernameNotFoundExceptions to be thrown instead for
the former. Note this is considered less secure than throwing
BadCredentialsException for both exceptions.
setPasswordEncoder
public void setPasswordEncoder(org.acegisecurity.providers.encoding.PasswordEncoder passwordEncoder)
- Sets the PasswordEncoder instance to be used to encode and validate
passwords. If not set, org.acegisecurity.providers.encoding.PlaintextPasswordEncoder will be
used by default.
setSaltSource
public void setSaltSource(SaltSource saltSource)
- The source of salts to use when decoding passwords.
null is a valid value, meaning the
DaoAuthenticationProvider will present
null to the relevant PasswordEncoder.
JAVADOC | 
SOURCE | 
DOWNLOAD | NESTED | FIELD | CONSTR | METHOD