|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.atlassian.crowd.integration.springsecurity.CrowdAuthenticationProvider
public abstract class CrowdAuthenticationProvider
The CrowdAuthenticationProvider can be used in both SSO and non-SSO mode. When coupled with the CrowdSSOAuthenticationProcessingFilter, single-sign on is establish via the Crowd server and Crowd SSO tokens. When coupled with the Spring Security AuthenticationProcessingFilter, centralised authentication is established via the Crowd server.
Field Summary | |
---|---|
protected String |
applicationName
|
Constructor Summary | |
---|---|
protected |
CrowdAuthenticationProvider(String applicationName)
The defaultApplicationName to use when an application name has not been supplied in the AuthenticationToken.details(). |
Method Summary | |
---|---|
org.springframework.security.core.Authentication |
authenticate(org.springframework.security.core.Authentication authentication)
Performs authentication with the same contract as org.springframework.security.AuthenticationManager#authenticate(org.springframework.security.Authentication) . |
protected abstract String |
authenticate(String username,
String password,
ValidationFactor[] validationFactors)
Authenticate a remote user and return the Crowd SSO token string. |
protected org.springframework.security.core.Authentication |
authenticateCrowdSSO(CrowdSSOAuthenticationToken ssoToken)
Attempts to authenticate based on an existing Crowd token and validation factors from a HttpServletRequest. |
protected org.springframework.security.core.Authentication |
authenticateUsernamePassword(org.springframework.security.authentication.UsernamePasswordAuthenticationToken passwordToken)
Attempts to authenticate a login request based on username (principal), password (credentials), and (optional) ValidationFactor[]s (details). |
protected abstract boolean |
isAuthenticated(String token,
ValidationFactor[] validationFactors)
Determine if a remote user is authenticated via SSO based on the supplied SSO token string and validation factors. |
protected abstract CrowdUserDetails |
loadUserByToken(String token)
Retrieve a user from Crowd by looking up the principal by their authenticated Crowd token. |
protected abstract CrowdUserDetails |
loadUserByUsername(String username)
Retreive the user details for a user based on their username. |
boolean |
supports(org.springframework.security.authentication.AbstractAuthenticationToken authenticationToken)
|
boolean |
supports(Class<?> authentication)
Returns true if this AuthenticationProvider supports the indicated
Authentication object. |
protected org.springframework.security.core.AuthenticationException |
translateException(Exception e)
Converts Crowd-specific exceptions to Spring Security-friendly exceptions. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected final String applicationName
Constructor Detail |
---|
protected CrowdAuthenticationProvider(String applicationName)
applicationName
- Crowd application name.Method Detail |
---|
public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
org.springframework.security.AuthenticationManager#authenticate(org.springframework.security.Authentication)
.
This AuthenticationProvider supports UsernamePasswordAuthenticationTokens for
login operations where a username, password and possiblyy validation factors (for SSO)
are provided. It also supports CrowdSSOAuthenticationToken for authentication
verification operations, where the SSO token and validation factors are provided
for SSO authentication.
See CrowdAuthenticationProvider.authenticateUsernamePassword() and
CrowdAuthenticationProvider.authenticateCrowdSSO() for more specific
information on the authentication process.
authenticate
in interface org.springframework.security.authentication.AuthenticationProvider
authentication
- the authentication request object.
null
if the
AuthenticationProvider
is unable to support authentication of the passed
Authentication
object. In such a case, the next AuthenticationProvider
that
supports the presented Authentication
class will be tried.
org.springframework.security.AuthenticationException
- if authentication fails.
org.springframework.security.core.AuthenticationException
protected org.springframework.security.core.Authentication authenticateUsernamePassword(org.springframework.security.authentication.UsernamePasswordAuthenticationToken passwordToken) throws org.springframework.security.core.AuthenticationException
passwordToken
- authentication token containing the username, password and (optiona) ValidationFactor[]s.
org.springframework.security.core.AuthenticationException
- if there was a problem authenticating the username/password combination.protected abstract boolean isAuthenticated(String token, ValidationFactor[] validationFactors) throws InvalidAuthorizationTokenException, RemoteException, ApplicationAccessDeniedException, InvalidAuthenticationException
token
- Crowd SSO token.validationFactors
- validation factors.
true
iff the remote user is authenticated.
InvalidAuthorizationTokenException
- invalid application client.
RemoteException
- Crowd server error.
ApplicationAccessDeniedException
- user does not have access to the application.
InvalidAuthenticationException
protected abstract String authenticate(String username, String password, ValidationFactor[] validationFactors) throws InvalidAuthorizationTokenException, InvalidAuthenticationException, InactiveAccountException, ApplicationAccessDeniedException, RemoteException, ExpiredCredentialException
username
- username of the remote user.password
- password of the remote user.validationFactors
- validation factors from the remote user.
InvalidAuthorizationTokenException
- invalid application client.
InvalidAuthenticationException
- invalid username/password.
RemoteException
- Crowd server error.
InactiveAccountException
- inactive user account.
ApplicationAccessDeniedException
- user does not have access to the application.
ExpiredCredentialException
- The user's credentials have expired. The user must change their credentials in order to successfully authenticate.protected abstract CrowdUserDetails loadUserByUsername(String username) throws org.springframework.security.core.userdetails.UsernameNotFoundException, org.springframework.dao.DataAccessException
username
- username of user.
org.springframework.security.core.userdetails.UsernameNotFoundException
- user with supplied username does not exist.
org.springframework.dao.DataAccessException
- error retrieving user.protected abstract CrowdUserDetails loadUserByToken(String token) throws CrowdSSOTokenInvalidException, org.springframework.dao.DataAccessException
token
- Crowd SSO token string.
CrowdSSOTokenInvalidException
- if the provided token is invalid.
org.springframework.dao.DataAccessException
- error retrieveing user.protected org.springframework.security.core.Authentication authenticateCrowdSSO(CrowdSSOAuthenticationToken ssoToken) throws org.springframework.security.core.AuthenticationException
ssoToken
- ssoToken containing the token string credential and validation factors as details.
org.springframework.security.core.AuthenticationException
- if there was a problem verifying the existing token is valid.protected org.springframework.security.core.AuthenticationException translateException(Exception e)
e
- Crowd-specific exception.
public boolean supports(Class<?> authentication)
true
if this AuthenticationProvider
supports the indicated
Authentication
object.
The CrowdAuthenticationProvider
supports UsernamePasswordAuthenticationToken
s
and CrowdSSOAuthenticationToken
s.
supports
in interface org.springframework.security.authentication.AuthenticationProvider
public boolean supports(org.springframework.security.authentication.AbstractAuthenticationToken authenticationToken)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |