Package org.springframework.security.web.authentication.preauth.j2ee

Class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource

  • All Implemented Interfaces:
    org.springframework.beans.factory.InitializingBean, org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,​PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>
    public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
extends java.lang.Object
implements org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,​PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>, org.springframework.beans.factory.InitializingBean
    Implementation of AuthenticationDetailsSource which converts the user's J2EE roles (as obtained by calling HttpServletRequest.isUserInRole(String)) into GrantedAuthoritys and stores these in the authentication details object.
    Since:
    2.0

    • Field Detail

      • logger

        protected final org.apache.commons.logging.Log logger

      • j2eeMappableRoles

        protected java.util.Set<java.lang.String> j2eeMappableRoles
        The role attributes returned by the configured MappableAttributesRetriever

      • j2eeUserRoles2GrantedAuthoritiesMapper

        protected org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper j2eeUserRoles2GrantedAuthoritiesMapper

    • Constructor Detail

      • J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource

        public J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource()

    • Method Detail

      • afterPropertiesSet

        public void afterPropertiesSet()
        Check that all required properties have been set.
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

      • getUserRoles

        protected java.util.Collection<java.lang.String> getUserRoles​(javax.servlet.http.HttpServletRequest request)
        Obtains the list of user roles based on the current user's JEE roles. The HttpServletRequest.isUserInRole(String) method is called for each of the values in the j2eeMappableRoles set to determine if that role should be assigned to the user.
        Parameters:
        request - the request which should be used to extract the user's roles.
        Returns:
        The subset of j2eeMappableRoles which applies to the current user making the request.

      • setMappableRolesRetriever

        public void setMappableRolesRetriever​(org.springframework.security.core.authority.mapping.MappableAttributesRetriever aJ2eeMappableRolesRetriever)
        Parameters:
        aJ2eeMappableRolesRetriever - The MappableAttributesRetriever to use

      • setUserRoles2GrantedAuthoritiesMapper

        public void setUserRoles2GrantedAuthoritiesMapper​(org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper mapper)
        Parameters:
        mapper - The Attributes2GrantedAuthoritiesMapper to use