Class DefaultAuthenticationService
- java.lang.Object
-
- de.hybris.platform.servicelayer.internal.service.AbstractService
-
- de.hybris.platform.servicelayer.internal.service.AbstractBusinessService
-
- de.hybris.platform.servicelayer.security.auth.impl.DefaultAuthenticationService
-
- All Implemented Interfaces:
AuthenticationService,java.io.Serializable,org.springframework.beans.factory.Aware,org.springframework.beans.factory.BeanNameAware,org.springframework.beans.factory.InitializingBean
public class DefaultAuthenticationService extends AbstractBusinessService implements AuthenticationService
Implementation backed by aUserManager- See Also:
- Serialized Form
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class de.hybris.platform.servicelayer.internal.service.AbstractService
AbstractService.SerializableDTO
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringLOGIN_ANONYMOUS_ALWAYS_DISABLEDConfiguration constant forlogin.anonymous.always.disabled/which allows changing the (default) disabling of the anonymous account.-
Fields inherited from class de.hybris.platform.servicelayer.internal.service.AbstractBusinessService
modelService, sessionService, txManager
-
Fields inherited from class de.hybris.platform.servicelayer.internal.service.AbstractService
tenant
-
-
Constructor Summary
Constructors Constructor Description DefaultAuthenticationService()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected InvalidCredentialsExceptionbuildInvalidCredentialsException()for security reasons we should throw same exception for both cases: user not found password does not match You can overwrite this method and adapt the exception and/or test that should be thrown in this caseprotected InvalidCredentialsExceptionbuildInvalidCredentialsException(java.lang.String message)UserModelcheckCredentials(java.lang.String login, java.lang.String password)check credentials.UserModellogin(java.lang.String login, java.lang.String password)login the user identified with login and password.voidlogout()log out the current user.voidsetPasswordEncoderService(PasswordEncoderService passwordEncoderService)voidsetUserService(UserService userService)-
Methods inherited from class de.hybris.platform.servicelayer.internal.service.AbstractBusinessService
getModelService, getSessionService, getTxManager, setModelService, setSessionService, setTxManager
-
Methods inherited from class de.hybris.platform.servicelayer.internal.service.AbstractService
afterPropertiesSet, getCurrentTenant, setBeanName, setCurrentTenant, writeReplace
-
-
-
-
Field Detail
-
LOGIN_ANONYMOUS_ALWAYS_DISABLED
public static final java.lang.String LOGIN_ANONYMOUS_ALWAYS_DISABLED
Configuration constant forlogin.anonymous.always.disabled/which allows changing the (default) disabling of the anonymous account.- See Also:
- Constant Field Values
-
-
Method Detail
-
login
public UserModel login(java.lang.String login, java.lang.String password) throws InvalidCredentialsException
Description copied from interface:AuthenticationServicelogin the user identified with login and password. login means the credentials are checked and the user is being set as current user on the session (see UserService.setCurrentUser(UserModel)) Implementation note: The default implementation checks against the Jalo user UID and the password.- Specified by:
loginin interfaceAuthenticationService- Parameters:
login- the loginpassword- the password- Returns:
- the same usermodel that is also set as current user in the session
- Throws:
InvalidCredentialsException- if username/login does not match
-
checkCredentials
public UserModel checkCredentials(java.lang.String login, java.lang.String password) throws InvalidCredentialsException
Description copied from interface:AuthenticationServicecheck credentials. this method does not set the user on the current session.- Specified by:
checkCredentialsin interfaceAuthenticationService- Parameters:
login- the loginpassword- the password- Returns:
- the UserModel
- Throws:
InvalidCredentialsException- if username/login does not match
-
logout
public void logout()
Description copied from interface:AuthenticationServicelog out the current user. this closes the underlaying session- Specified by:
logoutin interfaceAuthenticationService
-
buildInvalidCredentialsException
protected InvalidCredentialsException buildInvalidCredentialsException()
for security reasons we should throw same exception for both cases:- user not found
- password does not match You can overwrite this method and adapt the exception and/or test that should be thrown in this case
- Returns:
- InvalidCredentialsException
-
buildInvalidCredentialsException
protected InvalidCredentialsException buildInvalidCredentialsException(java.lang.String message)
-
setUserService
public void setUserService(UserService userService)
-
setPasswordEncoderService
public void setPasswordEncoderService(PasswordEncoderService passwordEncoderService)
-
-