Package de.hybris.platform.spring.security

Class CoreAuthenticationProvider

  • All Implemented Interfaces:
    org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware, org.springframework.security.authentication.AuthenticationProvider
    Direct Known Subclasses:
    AbstractAcceleratorAuthenticationProvider, BackofficeAuthenticationProvider, CockpitAuthenticationProvider, PunchOutCoreAuthenticationProvider
    public class CoreAuthenticationProvider
extends java.lang.Object
implements org.springframework.security.authentication.AuthenticationProvider, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware
    A base AuthenticationProvider which is designed to respond to UsernamePasswordAuthenticationToken and RememberMeAuthenticationToken authentication requests.

    Upon successful validation, a UsernamePasswordAuthenticationToken or RememberMeAuthenticationToken will be created and returned to the caller. The token will include as its principal either a String representation of the username, or the CoreUserDetails that was returned from the authentication repository. Using String is appropriate if a container adapter is being used, as it expects String representations of the username. Using CoreUserDetails is appropriate if you require access to additional properties of the authenticated user, such as email addresses, human-friendly names etc. As container adapters are not recommended to be used, and CoreUserDetails implementations provide additional flexibility, by default a CoreUserDetails is returned.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected org.springframework.context.support.MessageSourceAccessor messages  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected void additionalAuthenticationChecks​(org.springframework.security.core.userdetails.UserDetails details, org.springframework.security.authentication.AbstractAuthenticationToken authentication)  
      void afterPropertiesSet()  
      org.springframework.security.core.Authentication authenticate​(org.springframework.security.core.Authentication authentication)  
      protected org.springframework.security.core.Authentication createSuccessAuthentication​(org.springframework.security.core.Authentication authentication, org.springframework.security.core.userdetails.UserDetails user)
      Creates a successful Authentication object.
      org.springframework.security.core.userdetails.UserDetailsChecker getPreAuthenticationChecks()  
      org.springframework.security.core.userdetails.UserDetailsService getUserDetailsService()  
      protected org.springframework.security.core.userdetails.UserDetails retrieveUser​(java.lang.String username)  
      void setMessageSource​(org.springframework.context.MessageSource messageSource)  
      void setPreAuthenticationChecks​(org.springframework.security.core.userdetails.UserDetailsChecker preAuthenticationChecks)  
      void setUserDetailsService​(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)  
      boolean supports​(java.lang.Class authentication)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • messages

        protected org.springframework.context.support.MessageSourceAccessor messages

    • Constructor Detail

      • CoreAuthenticationProvider

        public CoreAuthenticationProvider()

    • Method Detail

      • setMessageSource

        public void setMessageSource​(org.springframework.context.MessageSource messageSource)
        Specified by:
        setMessageSource in interface org.springframework.context.MessageSourceAware

      • afterPropertiesSet

        public final void afterPropertiesSet()
                              throws java.lang.Exception
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
        Throws:
        java.lang.Exception

      • setPreAuthenticationChecks

        public void setPreAuthenticationChecks​(org.springframework.security.core.userdetails.UserDetailsChecker preAuthenticationChecks)

      • getPreAuthenticationChecks

        public org.springframework.security.core.userdetails.UserDetailsChecker getPreAuthenticationChecks()

      • authenticate

        public org.springframework.security.core.Authentication authenticate​(org.springframework.security.core.Authentication authentication)
                                                              throws org.springframework.security.core.AuthenticationException
        Specified by:
        authenticate in interface org.springframework.security.authentication.AuthenticationProvider
        Throws:
        org.springframework.security.core.AuthenticationException

      • getUserDetailsService

        public org.springframework.security.core.userdetails.UserDetailsService getUserDetailsService()

      • setUserDetailsService

        public void setUserDetailsService​(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

      • additionalAuthenticationChecks

        protected void additionalAuthenticationChecks​(org.springframework.security.core.userdetails.UserDetails details,
                                              org.springframework.security.authentication.AbstractAuthenticationToken authentication)
                                       throws org.springframework.security.core.AuthenticationException
        Throws:
        org.springframework.security.core.AuthenticationException

      • supports

        public boolean supports​(java.lang.Class authentication)
        Specified by:
        supports in interface org.springframework.security.authentication.AuthenticationProvider

      • retrieveUser

        protected final org.springframework.security.core.userdetails.UserDetails retrieveUser​(java.lang.String username)
                                                                                throws org.springframework.security.core.AuthenticationException
        Throws:
        org.springframework.security.core.AuthenticationException

      • createSuccessAuthentication

        protected org.springframework.security.core.Authentication createSuccessAuthentication​(org.springframework.security.core.Authentication authentication,
                                                                                       org.springframework.security.core.userdetails.UserDetails user)
        Creates a successful Authentication object.

        Protected so subclasses can override.

        Subclasses will usually store the original credentials the user supplied (not salted or encoded passwords) in the returned Authentication object.

        Parameters:
        authentication - that was presented to the provider for validation
        user - that was loaded by the implementation
        Returns:
        the successful authentication token