spring-security-openid

org.springframework.security.openid
Class OpenIDAuthenticationProvider

java.lang.Object
  extended by org.springframework.security.openid.OpenIDAuthenticationProvider
All Implemented Interfaces:
InitializingBean, org.springframework.security.authentication.AuthenticationProvider

public class OpenIDAuthenticationProvider
extends Object
implements org.springframework.security.authentication.AuthenticationProvider, InitializingBean

Finalises the OpenID authentication by obtaining local authorities for the authenticated user.

The authorities are obtained by calling the configured UserDetailsService. The UserDetails it returns must, at minimum, contain the username and GrantedAuthority[] objects applicable to the authenticated user. Note that by default, Spring Security ignores the password and enabled/disabled status of the UserDetails because this is authentication-related and should have been enforced by another provider server.

The UserDetails returned by implementations is stored in the generated AuthenticationToken, so additional properties such as email addresses, telephone numbers etc can easily be stored.

Author:
Robin Bramley, Opsera Ltd.

Constructor Summary
OpenIDAuthenticationProvider()
           
 
Method Summary
 void afterPropertiesSet()
           
 org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication)
           
protected  org.springframework.security.core.Authentication createSuccessfulAuthentication(org.springframework.security.core.userdetails.UserDetails userDetails, OpenIDAuthenticationToken auth)
          Handles the creation of the final Authentication object which will be returned by the provider.
 void setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
          Used to load the authorities for the authenticated OpenID user.
 boolean supports(Class<? extends Object> authentication)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

OpenIDAuthenticationProvider

public OpenIDAuthenticationProvider()
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Specified by:
afterPropertiesSet in interface InitializingBean
Throws:
Exception

authenticate

public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication)
                                                              throws org.springframework.security.core.AuthenticationException
Specified by:
authenticate in interface org.springframework.security.authentication.AuthenticationProvider
Throws:
org.springframework.security.core.AuthenticationException

createSuccessfulAuthentication

protected org.springframework.security.core.Authentication createSuccessfulAuthentication(org.springframework.security.core.userdetails.UserDetails userDetails,
                                                                                          OpenIDAuthenticationToken auth)
Handles the creation of the final Authentication object which will be returned by the provider.

The default implementation just creates a new OpenIDAuthenticationToken from the original, but with the UserDetails as the principal and including the authorities loaded by the UserDetailsService.

Parameters:
userDetails - the loaded UserDetails object
auth - the token passed to the authenticate method, containing
Returns:
the token which will represent the authenticated user.

setUserDetailsService

public void setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
Used to load the authorities for the authenticated OpenID user.


supports

public boolean supports(Class<? extends Object> authentication)
Specified by:
supports in interface org.springframework.security.authentication.AuthenticationProvider

spring-security-openid