| java.lang.Object
 org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider
All known Subclasses: org.acegisecurity.providers.siteminder.SiteminderAuthenticationProvider, org.acegisecurity.providers.ldap.LdapAuthenticationProvider, org.acegisecurity.providers.dao.DaoAuthenticationProvider,
| AbstractUserDetailsAuthenticationProvider | | abstract public class AbstractUserDetailsAuthenticationProvider implements AuthenticationProvider,InitializingBean,MessageSourceAware(Code) | | A base
AuthenticationProvider that allows subclasses to override and work with
org.acegisecurity.userdetails.UserDetails objects. The class is designed to respond to
UsernamePasswordAuthenticationToken authentication requests.
Upon successful validation, a UsernamePasswordAuthenticationToken will be created and returned to the
caller. The token will include as its principal either a String representation of the username, or the
UserDetails that was returned from the authentication repository. Using String is appropriate
if a container adapter is being used, as it expects String representations of the username.
Using UserDetails is appropriate if you require access to additional properties of the authenticated
user, such as email addresses, human-friendly names etc. As container adapters are not recommended to be used,
and UserDetails implementations provide additional flexibility, by default a UserDetails
is returned. To override this
default, set the
AbstractUserDetailsAuthenticationProvider.setForcePrincipalAsString to true.
Caching is handled via the UserDetails object being placed in the
UserCache . This
ensures that subsequent requests with the same username can be validated without needing to query the
UserDetailsService . It should be noted that if a user appears to present an incorrect password, the
UserDetailsService will be queried to confirm the most up-to-date password was used for comparison.
author:
Ben Alex
version:
$Id: AbstractUserDetailsAuthenticationProvider.java 1784 2007-02-24 21:00:24Z luke_t $ |
| hideUserNotFoundExceptions | | protected boolean hideUserNotFoundExceptions(Code) | | |
| messages | | protected MessageSourceAccessor messages(Code) | | |
| afterPropertiesSet | | final public void afterPropertiesSet() throws Exception(Code) | | |
| createSuccessAuthentication | | protected Authentication createSuccessAuthentication(Object principal, Authentication authentication, UserDetails user)(Code) | | Creates a successful
Authentication object. Protected so subclasses can override.
Subclasses will usually store the original credentials the user supplied (not salted or encoded
passwords) in the returned Authentication object.
Parameters:
principal - that should be the principal in the returned object (defined by the AbstractUserDetailsAuthenticationProvider.isForcePrincipalAsString() method)
Parameters:
authentication - that was presented to the provider for validation
Parameters:
user - that was loaded by the implementation the successful authentication token |
| doAfterPropertiesSet | | protected void doAfterPropertiesSet() throws Exception(Code) | | |
| isForcePrincipalAsString | | public boolean isForcePrincipalAsString()(Code) | | |
| isHideUserNotFoundExceptions | | public boolean isHideUserNotFoundExceptions()(Code) | | |
| retrieveUser | | abstract protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException(Code) | | Allows subclasses to actually retrieve the UserDetails from an implementation-specific
location, with the option of throwing an AuthenticationException immediately if the presented
credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in
order to obtain or generate a UserDetails).Subclasses are not required to perform any
caching, as the AbstractUserDetailsAuthenticationProvider will by default cache the
UserDetails. The caching of UserDetails does present additional complexity as this
means subsequent requests that rely on the cache will need to still have their credentials validated, even if
the correctness of credentials was assured by subclasses adopting a binding-based strategy in this method.
Accordingly it is important that subclasses either disable caching (if they want to ensure that this method is
the only method that is capable of authenticating a request, as no UserDetails will ever be
cached) or ensure subclasses implement
AbstractUserDetailsAuthenticationProvider.additionalAuthenticationChecks(UserDetails,UsernamePasswordAuthenticationToken) to compare the credentials of a cached UserDetails with
subsequent authentication requests.
Most of the time subclasses will not perform credentials inspection in this method, instead
performing it in
AbstractUserDetailsAuthenticationProvider.additionalAuthenticationChecks(UserDetails,UsernamePasswordAuthenticationToken) so
that code related to credentials validation need not be duplicated across two methods.
Parameters:
username - The username to retrieve
Parameters:
authentication - The authentication request, which subclasses may need to perform a binding-basedretrieval of the UserDetails the user information (never null - instead an exception should the thrown)
throws:
AuthenticationException - if the credentials could not be validated (generally aBadCredentialsException, an AuthenticationServiceException orUsernameNotFoundException) |
| setForcePrincipalAsString | | public void setForcePrincipalAsString(boolean forcePrincipalAsString)(Code) | | |
| setHideUserNotFoundExceptions | | public void setHideUserNotFoundExceptions(boolean hideUserNotFoundExceptions)(Code) | | By default the AbstractUserDetailsAuthenticationProvider throws a
BadCredentialsException if a username is not found or the password is incorrect. Setting this
property to false will cause UsernameNotFoundExceptions to be thrown instead for the
former. Note this is considered less secure than throwing BadCredentialsException for both
exceptions.
Parameters:
hideUserNotFoundExceptions - set to false if you wish UsernameNotFoundExceptionsto be thrown instead of the non-specific BadCredentialsException (defaults totrue) |
| setMessageSource | | public void setMessageSource(MessageSource messageSource)(Code) | | |
| supports | | public boolean supports(Class authentication)(Code) | | |
|
|