Package org.springframework.security.ldap.authentication

Class AbstractLdapAuthenticationProvider

java.lang.Object

org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

All Implemented Interfaces:

org.springframework.beans.factory.Aware, org.springframework.context.MessageSourceAware, org.springframework.security.authentication.AuthenticationProvider

Direct Known Subclasses:

ActiveDirectoryLdapAuthenticationProvider, LdapAuthenticationProvider

public abstract class AbstractLdapAuthenticationProvider
extends Object
implements org.springframework.security.authentication.AuthenticationProvider, org.springframework.context.MessageSourceAware

Base class for the standard LdapAuthenticationProvider and the ActiveDirectoryLdapAuthenticationProvider.

Since:

3.1

Field Summary

Fields

Modifier and Type	Field	Description
protected final org.apache.commons.logging.Log	logger
protected org.springframework.context.support.MessageSourceAccessor	messages
protected UserDetailsContextMapper	userDetailsContextMapper

Constructor Summary

Constructors

Constructor	Description
AbstractLdapAuthenticationProvider()

Method Summary

Modifier and Type	Method	Description
org.springframework.security.core.Authentication	authenticate(org.springframework.security.core.Authentication authentication)
protected org.springframework.security.core.Authentication	createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication, org.springframework.security.core.userdetails.UserDetails user)	Creates the final Authentication object which will be returned from the authenticate method.
protected abstract org.springframework.ldap.core.DirContextOperations	doAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken auth)
protected UserDetailsContextMapper	getUserDetailsContextMapper()	Provides access to the injected UserDetailsContextMapper strategy for use by subclasses.
protected abstract Collection<? extends org.springframework.security.core.GrantedAuthority>	loadUserAuthorities(org.springframework.ldap.core.DirContextOperations userData, String username, String password)
void	setAuthoritiesMapper(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper authoritiesMapper)	Sets the GrantedAuthoritiesMapper used for converting the authorities loaded from storage to a new set of authorities which will be associated to the UsernamePasswordAuthenticationToken.
void	setMessageSource(org.springframework.context.MessageSource messageSource)
void	setUseAuthenticationRequestCredentials(boolean useAuthenticationRequestCredentials)	Determines whether the supplied password will be used as the credentials in the successful authentication token.
void	setUserDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper)	Allows a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication returned by the createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails) method.
boolean	supports(Class<?> authentication)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

logger

protected final org.apache.commons.logging.Log logger

messages

protected org.springframework.context.support.MessageSourceAccessor messages

userDetailsContextMapper

protected UserDetailsContextMapper userDetailsContextMapper

Constructor Details

AbstractLdapAuthenticationProvider

public AbstractLdapAuthenticationProvider()

Method Details

authenticate

public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication)
                                                              throws org.springframework.security.core.AuthenticationException

Specified by:

authenticate in interface org.springframework.security.authentication.AuthenticationProvider

Throws:

org.springframework.security.core.AuthenticationException

doAuthentication

protected abstract org.springframework.ldap.core.DirContextOperations doAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken auth)

loadUserAuthorities

protected abstract Collection<? extends org.springframework.security.core.GrantedAuthority> loadUserAuthorities(org.springframework.ldap.core.DirContextOperations userData,
 String username,
 String password)

createSuccessfulAuthentication

protected org.springframework.security.core.Authentication createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication,
 org.springframework.security.core.userdetails.UserDetails user)

Creates the final Authentication object which will be returned from the authenticate method.

Parameters:

authentication - the original authentication request token

user - the UserDetails instance returned by the configured UserDetailsContextMapper.

Returns:

the Authentication object for the fully authenticated user.

supports

public boolean supports(Class<?> authentication)

Specified by:

supports in interface org.springframework.security.authentication.AuthenticationProvider

setUseAuthenticationRequestCredentials

public void setUseAuthenticationRequestCredentials(boolean useAuthenticationRequestCredentials)

Determines whether the supplied password will be used as the credentials in the successful authentication token. If set to false, then the password will be obtained from the UserDetails object created by the configured UserDetailsContextMapper. Often it will not be possible to read the password from the directory, so defaults to true.

Parameters:

useAuthenticationRequestCredentials - whether to use the credentials in the authentication request

setMessageSource

public void setMessageSource(@NonNull
 org.springframework.context.MessageSource messageSource)

Specified by:

setMessageSource in interface org.springframework.context.MessageSourceAware

setAuthoritiesMapper

public void setAuthoritiesMapper(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper authoritiesMapper)

Sets the GrantedAuthoritiesMapper used for converting the authorities loaded from storage to a new set of authorities which will be associated to the UsernamePasswordAuthenticationToken. If not set, defaults to a NullAuthoritiesMapper.

Parameters:

authoritiesMapper - the GrantedAuthoritiesMapper used for mapping the user's authorities

setUserDetailsContextMapper

public void setUserDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper)

Allows a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication returned by the createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails) method.

Parameters:

userDetailsContextMapper - the strategy instance. If not set, defaults to a simple LdapUserDetailsMapper.

getUserDetailsContextMapper

protected UserDetailsContextMapper getUserDetailsContextMapper()

Provides access to the injected UserDetailsContextMapper strategy for use by subclasses.