An
AuthenticationProvider implementation that retrieves user details from a JAAS login configuration.
This AuthenticationProvider is capable of validating
org.acegisecurity.providers.UsernamePasswordAuthenticationToken requests contain the correct username and
password.
This implementation is backed by a JAAS configuration. The
loginConfig property must be set to a given JAAS configuration file. This setter accepts a Spring
org.springframework.core.io.Resource instance. It should point to a JAAS configuration file containing an index
matching the
JaasAuthenticationProvider.setLoginContextName(java.lang.String) loginContextName property.
For example: If this JaasAuthenticationProvider were configured in a Spring WebApplicationContext the xml to
set the loginConfiguration could be as follows...
<property name="loginConfig">
<value>/WEB-INF/login.conf</value>
</property>
The loginContextName should coincide with a given index in the loginConfig specifed. The loginConfig file
used in the JUnit tests appears as the following...
JAASTest {
org.acegisecurity.providers.jaas.TestLoginModule required;
};
Using the example login configuration above, the loginContextName property would be set as JAASTest...
<property name="loginContextName"> <value>JAASTest</value> </property>
When using JAAS login modules as the authentication source, sometimes the
LoginContext will
require CallbackHandlers. The JaasAuthenticationProvider uses an internal
CallbackHandler
to wrap the
JaasAuthenticationCallbackHandler s configured in the ApplicationContext.
When the LoginContext calls the internal CallbackHandler, control is passed to each
JaasAuthenticationCallbackHandler for each Callback passed.
JaasAuthenticationCallbackHandler s are passed to the JaasAuthenticationProvider through the
JaasAuthenticationProvider.setCallbackHandlers(org.acegisecurity.providers.jaas.JaasAuthenticationCallbackHandler[]) callbackHandlers property.
<property name="callbackHandlers">
<list>
<bean class="org.acegisecurity.providers.jaas.TestCallbackHandler"/>
<bean class="
JaasNameCallbackHandler org.acegisecurity.providers.jaas.JaasNameCallbackHandler "/>
<bean class="
JaasPasswordCallbackHandler org.acegisecurity.providers.jaas.JaasPasswordCallbackHandler "/>
</list>
</property>
After calling LoginContext.login(), the JaasAuthenticationProvider will retrieve the returned Principals
from the Subject (LoginContext.getSubject().getPrincipals). Each returned principal is then passed to the
configured
AuthorityGranter s. An AuthorityGranter is a mapping between a returned Principal, and a role
name. If an AuthorityGranter wishes to grant an Authorization a role, it returns that role name from it's
AuthorityGranter.grant(java.security.Principal) method. The returned role will be applied to the Authorization
object as a
GrantedAuthority .
AuthorityGranters are configured in spring xml as follows...
<property name="authorityGranters">
<list>
<bean class="org.acegisecurity.providers.jaas.TestAuthorityGranter"/>
</list>
</property>
A configuration note: The JaasAuthenticationProvider uses the security properites
"e;login.config.url.X"e; to configure jaas. If you would like to customize the way Jaas gets configured,
create a subclass of this and override the
JaasAuthenticationProvider.configureJaas(Resource) method.
author: Ray Krueger version: $Id: JaasAuthenticationProvider.java 1985 2007-08-29 11:51:02Z luke_t $ |