public abstract class CrowdAuthenticationProvider extends Object implements org.springframework.security.authentication.AuthenticationProvider
When coupled with the CrowdSSOAuthenticationProcessingFilter, single-sign on is establish via the Crowd server and Crowd SSO tokens.
When coupled with the Spring Security AuthenticationProcessingFilter, centralised authentication is established via the Crowd server.
Constructor and Description |
---|
CrowdAuthenticationProvider() |
Modifier and Type | Method and Description |
---|---|
org.springframework.security.core.Authentication |
authenticate(org.springframework.security.core.Authentication authentication)
Performs authentication with the same contract as
AuthenticationManager.authenticate(Authentication)
(org.springframework.security.Authentication)}. |
protected abstract String |
authenticate(String username,
String password,
List<ValidationFactor> validationFactors)
Authenticate a remote user and return the Crowd SSO token string.
|
protected org.springframework.security.core.Authentication |
authenticateCrowdRememberedUsername(CrowdRememberMeAuthentication rememberMeAuthentication) |
protected org.springframework.security.core.Authentication |
authenticateCrowdSSO(CrowdSSOAuthenticationToken ssoToken)
Attempts to authenticate based on an existing Crowd token and validation factors from a HttpServletRequest.
|
protected org.springframework.security.core.Authentication |
authenticateUsernamePassword(org.springframework.security.authentication.UsernamePasswordAuthenticationToken passwordToken)
Attempts to authenticate a login request based on username (principal), password (credentials), and (optional)
ValidationFactor[]s (details).
|
protected abstract String |
authenticateWithoutPassword(String username,
List<ValidationFactor> validationFactors)
Authenticate a remote user without password and return the Crowd SSO token string.
|
protected abstract boolean |
isAuthenticated(String token,
List<ValidationFactor> validationFactors)
Determine if a remote user is authenticated via SSO based on the supplied SSO token string and validation
factors.
|
protected abstract CrowdUserDetails |
loadUserByToken(String token)
Retrieve a user from Crowd by looking up the principal by their authenticated Crowd token.
|
protected abstract CrowdUserDetails |
loadUserByUsername(String username)
Retreive the user details for a user based on their username.
|
boolean |
supports(org.springframework.security.authentication.AbstractAuthenticationToken authenticationToken) |
boolean |
supports(Class<?> authentication)
Returns
true if this AuthenticationProvider supports the indicated
Authentication object. |
protected org.springframework.security.core.AuthenticationException |
translateException(Exception e)
Converts Crowd-specific exceptions to Spring Security-friendly exceptions.
|
public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
AuthenticationManager.authenticate(Authentication)
(org.springframework.security.Authentication)}.
This AuthenticationProvider supports UsernamePasswordAuthenticationTokens for login operations where a username, password and possibly validation factors (for SSO) are provided. It also supports CrowdSSOAuthenticationToken for authentication verification operations, where the SSO token and validation factors are provided for SSO authentication.
See CrowdAuthenticationProvider.authenticateUsernamePassword() and CrowdAuthenticationProvider.authenticateCrowdSSO() for more specific information on the authentication process.
authenticate
in interface org.springframework.security.authentication.AuthenticationProvider
authentication
- the authentication request object.null
if the
AuthenticationProvider
is unable to support authentication of the passed
Authentication
object. In such a case, the next AuthenticationProvider
that
supports the presented Authentication
class will be tried.org.springframework.security.core.AuthenticationException
- if authentication fails.protected org.springframework.security.core.Authentication authenticateUsernamePassword(org.springframework.security.authentication.UsernamePasswordAuthenticationToken passwordToken) throws org.springframework.security.core.AuthenticationException
The returned Authentication will be either: - a UsernamePasswordAuthenticationToken, if the request has no ValidationFactor[]s and hence is not SSO. The credentials will be the password. - a CrowdSSOAuthenticationToken, if the request does have ValidationFactor[]s. The credentials will be set to the SSO token string.
The principal will be set to the UserDetails object corresponding to the username. The granted authorities will be UserDetails.getAuthorities().
passwordToken
- authentication token containing the username, password and (optiona) ValidationFactor[]s.org.springframework.security.core.AuthenticationException
- if there was a problem authenticating the username/password combination.protected abstract boolean isAuthenticated(String token, List<ValidationFactor> validationFactors) throws OperationFailedException, InvalidAuthenticationException, ApplicationPermissionException
token
- Crowd SSO token.validationFactors
- validation factors.true
iff the remote user is authenticated.OperationFailedException
InvalidAuthenticationException
ApplicationPermissionException
protected abstract String authenticate(String username, String password, List<ValidationFactor> validationFactors) throws InactiveAccountException, ExpiredCredentialException, ApplicationPermissionException, InvalidAuthenticationException, OperationFailedException, ApplicationAccessDeniedException
username
- username of the remote user.password
- password of the remote user.validationFactors
- validation factors from the remote user.InvalidAuthorizationTokenException
- invalid application client.InvalidAuthenticationException
- invalid username/password.InactiveAccountException
ExpiredCredentialException
ApplicationPermissionException
OperationFailedException
ApplicationAccessDeniedException
protected abstract String authenticateWithoutPassword(String username, List<ValidationFactor> validationFactors) throws InactiveAccountException, ExpiredCredentialException, ApplicationPermissionException, InvalidAuthenticationException, OperationFailedException, ApplicationAccessDeniedException
username
- username of the remote user.validationFactors
- validation factors from the remote user.InvalidAuthorizationTokenException
- invalid application client.InvalidAuthenticationException
- invalid username.InactiveAccountException
ExpiredCredentialException
ApplicationPermissionException
OperationFailedException
ApplicationAccessDeniedException
protected abstract CrowdUserDetails loadUserByUsername(String username) throws org.springframework.security.core.userdetails.UsernameNotFoundException, org.springframework.dao.DataAccessException
username
- username of user.org.springframework.security.core.userdetails.UsernameNotFoundException
- user with supplied username does not exist.org.springframework.dao.DataAccessException
- error retrieving user.protected abstract CrowdUserDetails loadUserByToken(String token) throws CrowdSSOTokenInvalidException, org.springframework.dao.DataAccessException
token
- Crowd SSO token string.CrowdSSOTokenInvalidException
- if the provided token is
invalid.org.springframework.dao.DataAccessException
- error retrieveing user.protected org.springframework.security.core.Authentication authenticateCrowdSSO(CrowdSSOAuthenticationToken ssoToken) throws org.springframework.security.core.AuthenticationException
The credentials of the ssoToken must be set to the String representation of the Crowd SSO token, the details must be set to the ValidationFactor[]s from the request.
The returned authentication will be a CrowdSSOAuthenticationToken with the same SSO token string credential. The principal will be set to the UserDetails object corresponding to the username. The granted authorities will be UserDetails.getAuthorities().
ssoToken
- ssoToken containing the token string credential and validation factors as details.org.springframework.security.core.AuthenticationException
- if there was a problem verifying the existing token is valid.protected org.springframework.security.core.Authentication authenticateCrowdRememberedUsername(CrowdRememberMeAuthentication rememberMeAuthentication) throws org.springframework.security.core.AuthenticationException
org.springframework.security.core.AuthenticationException
protected org.springframework.security.core.AuthenticationException translateException(Exception e)
e
- Crowd-specific exception.public boolean supports(Class<?> authentication)
true
if this AuthenticationProvider
supports the indicated
Authentication
object.
The CrowdAuthenticationProvider
supports UsernamePasswordAuthenticationToken
s and
CrowdSSOAuthenticationToken
s.
supports
in interface org.springframework.security.authentication.AuthenticationProvider
public boolean supports(org.springframework.security.authentication.AbstractAuthenticationToken authenticationToken)
Copyright © 2024 Atlassian. All rights reserved.