JaasAuthenticationProvider (Acegi Security System for Spring 1.0.0-RC1 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.providers.jaas
Class JaasAuthenticationProvider

java.lang.Object
  org.acegisecurity.providers.jaas.JaasAuthenticationProvider

All Implemented Interfaces:: EventListener, AuthenticationProvider, InitializingBean, ApplicationContextAware, ApplicationListener

public class JaasAuthenticationProvider
extends Object
implements AuthenticationProvider, InitializingBean, ApplicationContextAware, ApplicationListener
extends Object
implements AuthenticationProvider, InitializingBean, ApplicationContextAware, ApplicationListener

An AuthenticationProvider implementation that retrieves user details from a JAAS login configuration.

This AuthenticationProvider is capable of validating UsernamePasswordAuthenticationToken requests contain the correct username and password.

This implementation is backed by a JAAS configuration. The loginConfig property must be set to a given JAAS configuration file. This setter accepts a Spring Resource instance. It should point to a JAAS configuration file containing an index matching the loginContextName property.

For example: If this JaasAuthenticationProvider were configured in a Spring WebApplicationContext the xml to set the loginConfiguration could be as follows...

  <property name="loginConfig">
  <value>/WEB-INF/login.conf</value>
  </property>

The loginContextName should coincide with a given index in the loginConfig specifed. The loginConfig file used in the JUnit tests appears as the following...

  JAASTest {
  org.acegisecurity.providers.jaas.TestLoginModule required;
  };

Using the example login configuration above, the loginContextName property would be set as JAASTest...

  <property name="loginContextName">
  <value>JAASTest</value>
  </property>

When using JAAS login modules as the authentication source, sometimes the LoginContext will require CallbackHandlers. The JaasAuthenticationProvider uses an internal CallbackHandler to wrap the JaasAuthenticationCallbackHandlers configured in the ApplicationContext. When the LoginContext calls the internal CallbackHandler, control is passed to each JaasAuthenticationCallbackHandler for each Callback passed.

{JaasAuthenticationCallbackHandlers are passed to the JaasAuthenticationProvider through the callbackHandlers property. }

  <property name="callbackHandlers">
  <list>
  <bean class="org.acegisecurity.providers.jaas.TestCallbackHandler"/>
  <bean class="org.acegisecurity.providers.jaas.JaasNameCallbackHandler"/>
  <bean class="org.acegisecurity.providers.jaas.JaasPasswordCallbackHandler"/>
  </list>
  </property>

After calling LoginContext.login(), the JaasAuthenticationProvider will retrieve the returned Principals from the Subject (LoginContext.getSubject().getPrincipals). Each returned principal is then passed to the configured AuthorityGranters. An AuthorityGranter is a mapping between a returned Principal, and a role name. If an AuthorityGranter wishes to grant an Authorization a role, it returns that role name from it's AuthorityGranter.grant(java.security.Principal) method. The returned role will be applied to the Authorization object as a GrantedAuthority.

AuthorityGranters are configured in spring xml as follows...

  <property name="authorityGranters">
  <list>
  <bean class="org.acegisecurity.providers.jaas.TestAuthorityGranter"/>
  </list>
  </property>

A configuration note: The JaasAuthenticationProvider uses the security properites "e;login.config.url.X"e; to configure jaas. If you would like to customize the way Jaas gets configured, create a subclass of this and override the configureJaas(Resource) method.

Version:: $Id: JaasAuthenticationProvider.java,v 1.15 2005/11/17 00:55:52 benalex Exp $
Author:: Ray Krueger

Field Summary
`protected static org.apache.commons.logging.Log`	`log`

Constructor Summary
`JaasAuthenticationProvider()`

Method Summary
`void`	`afterPropertiesSet()`
`Authentication`	`authenticate(Authentication auth)` Attempts to login the user given the Authentication objects principal and credential
`protected void`	`configureJaas(Resource loginConfig)` Hook method for configuring Jaas
`ApplicationContext`	`getApplicationContext()`
`AuthorityGranter[]`	`getAuthorityGranters()` Returns the AuthorityGrannter array that was passed to the `setAuthorityGranters(AuthorityGranter[])` method, or null if it none were ever set.
`JaasAuthenticationCallbackHandler[]`	`getCallbackHandlers()` Returns the current JaasAuthenticationCallbackHandler array, or null if none are set.
`Resource`	`getLoginConfig()`
`String`	`getLoginContextName()`
`LoginExceptionResolver`	`getLoginExceptionResolver()`
`protected void`	`handleLogout(HttpSessionDestroyedEvent event)` Handles the logout by getting the SecurityContext for the session that was destroyed.
`void`	`onApplicationEvent(ApplicationEvent applicationEvent)`
`protected void`	`publishFailureEvent(UsernamePasswordAuthenticationToken token, AcegiSecurityException ase)` Publishes the `JaasAuthenticationFailedEvent`.
`protected void`	`publishSuccessEvent(UsernamePasswordAuthenticationToken token)` Publishes the `JaasAuthenticationSuccessEvent`.
`void`	`setApplicationContext(ApplicationContext applicationContext)`
`void`	`setAuthorityGranters(AuthorityGranter[] authorityGranters)` Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.
`void`	`setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers)` Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the LoginContext.login method.
`void`	`setLoginConfig(Resource loginConfig)` Set the JAAS login configuration file.
`void`	`setLoginContextName(String loginContextName)` Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property.
`void`	`setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver)`
`boolean`	`supports(Class aClass)` Returns `true` if this `AuthenticationProvider` supports the indicated `Authentication` object.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

log

protected static final org.apache.commons.logging.Log log

Constructor Detail

JaasAuthenticationProvider

public JaasAuthenticationProvider()

Method Detail

setApplicationContext

public void setApplicationContext(ApplicationContext applicationContext)
                           throws BeansException

Specified by:: setApplicationContext in interface ApplicationContextAware

Throws:: BeansException

getApplicationContext

public ApplicationContext getApplicationContext()

setAuthorityGranters

public void setAuthorityGranters(AuthorityGranter[] authorityGranters)

Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.

Parameters:: authorityGranters - AuthorityGranter array
See Also:: JaasAuthenticationProvider

getAuthorityGranters

public AuthorityGranter[] getAuthorityGranters()

Returns the AuthorityGrannter array that was passed to the setAuthorityGranters(AuthorityGranter[]) method, or null if it none were ever set.

Returns:: The AuthorityGranter array, or null
See Also:: setAuthorityGranters(AuthorityGranter[])

setCallbackHandlers

public void setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers)

Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the LoginContext.login method.

Parameters:: callbackHandlers - Array of JAASAuthenticationCallbackHandlers

getCallbackHandlers

public JaasAuthenticationCallbackHandler[] getCallbackHandlers()

Returns the current JaasAuthenticationCallbackHandler array, or null if none are set.

Returns:: the JAASAuthenticationCallbackHandlers.
See Also:: setCallbackHandlers(JaasAuthenticationCallbackHandler[])

setLoginConfig

public void setLoginConfig(Resource loginConfig)

Set the JAAS login configuration file.

Parameters:: loginConfig - Spring Resource
See Also:: JAAS Reference

getLoginConfig

public Resource getLoginConfig()

setLoginContextName

public void setLoginContextName(String loginContextName)

Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property.

Parameters:: loginContextName -

getLoginContextName

public String getLoginContextName()

setLoginExceptionResolver

public void setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver)

getLoginExceptionResolver

public LoginExceptionResolver getLoginExceptionResolver()

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:: afterPropertiesSet in interface InitializingBean

Throws:: Exception

configureJaas

protected void configureJaas(Resource loginConfig)
                      throws IOException

Hook method for configuring Jaas

Parameters:: loginConfigStr - URL to Jaas login configuration
Throws:: IOException

authenticate

public Authentication authenticate(Authentication auth)
                            throws AuthenticationException

Attempts to login the user given the Authentication objects principal and credential

Specified by:: authenticate in interface AuthenticationProvider

Parameters:: auth - The Authentication object to be authenticated.
Returns:: The authenticated Authentication object, with it's grantedAuthorities set.
Throws:: AuthenticationException - This implementation does not handle 'locked' or 'disabled' accounts. This method only throws a AuthenticationServiceException, with the message of the LoginException that will be thrown, should the loginContext.login() method fail.

supports

public boolean supports(Class aClass)

Description copied from interface: AuthenticationProvider

Returns true if this AuthenticationProvider supports the indicated Authentication object.

Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented instance of the Authentication class. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the AuthenticationProvider.authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.

Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

Specified by:: supports in interface AuthenticationProvider

Returns:: true if the implementation can more closely evaluate the Authentication class presented

onApplicationEvent

public void onApplicationEvent(ApplicationEvent applicationEvent)

Specified by:: onApplicationEvent in interface ApplicationListener

handleLogout

protected void handleLogout(HttpSessionDestroyedEvent event)

Handles the logout by getting the SecurityContext for the session that was destroyed. MUST NOT use SecurityContextHolder we are logging out a session that is not related to the current user.

Parameters:: event -

publishFailureEvent

protected void publishFailureEvent(UsernamePasswordAuthenticationToken token,
                                   AcegiSecurityException ase)

Publishes the JaasAuthenticationFailedEvent. Can be overridden by subclasses for different functionality

Parameters:: token - The UsernamePasswordAuthenticationToken being processed; ase - The AcegiSecurityException that caused the failure

publishSuccessEvent

protected void publishSuccessEvent(UsernamePasswordAuthenticationToken token)

Publishes the JaasAuthenticationSuccessEvent. Can be overridden by subclasses for different functionality.

Parameters:: token - The UsernamePasswordAuthenticationToken being processed