Package de.hybris.platform.spring.security

Class CoreAuthenticationProvider

java.lang.Object
de.hybris.platform.spring.security.CoreAuthenticationProvider
All Implemented Interfaces:
org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware, org.springframework.security.authentication.AuthenticationProvider
Direct Known Subclasses:
AbstractAcceleratorAuthenticationProvider, BackofficeAuthenticationProvider, CockpitAuthenticationProvider, PunchOutCoreAuthenticationProvider
public class CoreAuthenticationProvider extends Object implements org.springframework.security.authentication.AuthenticationProvider, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware
A base AuthenticationProvider which is designed to respond to UsernamePasswordAuthenticationToken and RememberMeAuthenticationToken authentication requests.

Upon successful validation, a UsernamePasswordAuthenticationToken or RememberMeAuthenticationToken will be created and returned to the caller. The token will include as its principal either a String representation of the username, or the CoreUserDetails that was returned from the authentication repository. Using String is appropriate if a container adapter is being used, as it expects String representations of the username. Using CoreUserDetails is appropriate if you require access to additional properties of the authenticated user, such as email addresses, human-friendly names etc. As container adapters are not recommended to be used, and CoreUserDetails implementations provide additional flexibility, by default a CoreUserDetails is returned.

  • Field Details

    • messages

      protected org.springframework.context.support.MessageSourceAccessor messages

  • Constructor Details

    • CoreAuthenticationProvider

      public CoreAuthenticationProvider()

  • Method Details

    • setMessageSource

      public void setMessageSource(org.springframework.context.MessageSource messageSource)
      Specified by:
      setMessageSource in interface org.springframework.context.MessageSourceAware

    • afterPropertiesSet

      public final void afterPropertiesSet() throws Exception
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
      Throws:
      Exception

    • setPreAuthenticationChecks

      public void setPreAuthenticationChecks(org.springframework.security.core.userdetails.UserDetailsChecker preAuthenticationChecks)

    • getPreAuthenticationChecks

      public org.springframework.security.core.userdetails.UserDetailsChecker getPreAuthenticationChecks()

    • authenticate

      public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
      Specified by:
      authenticate in interface org.springframework.security.authentication.AuthenticationProvider
      Throws:
      org.springframework.security.core.AuthenticationException

    • getUserDetailsService

      public org.springframework.security.core.userdetails.UserDetailsService getUserDetailsService()

    • setUserDetailsService

      public void setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

    • additionalAuthenticationChecks

      protected void additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails details, org.springframework.security.authentication.AbstractAuthenticationToken authentication) throws org.springframework.security.core.AuthenticationException
      Throws:
      org.springframework.security.core.AuthenticationException

    • supports

      public boolean supports(Class authentication)
      Specified by:
      supports in interface org.springframework.security.authentication.AuthenticationProvider

    • retrieveUser

      protected final org.springframework.security.core.userdetails.UserDetails retrieveUser(String username) throws org.springframework.security.core.AuthenticationException
      Throws:
      org.springframework.security.core.AuthenticationException

    • createSuccessAuthentication

      protected org.springframework.security.core.Authentication createSuccessAuthentication(org.springframework.security.core.Authentication authentication, org.springframework.security.core.userdetails.UserDetails user)
      Creates a successful Authentication object.

      Protected so subclasses can override.

      Subclasses will usually store the original credentials the user supplied (not salted or encoded passwords) in the returned Authentication object.

      Parameters:
      authentication - that was presented to the provider for validation
      user - that was loaded by the implementation
      Returns:
      the successful authentication token