Class FormLoginAuthenticationProvider

java.lang.Object
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
com.broadleafcommerce.auth.user.session.FormLoginAuthenticationProvider
All Implemented Interfaces:
org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware, org.springframework.security.authentication.AuthenticationProvider
Direct Known Subclasses:
EmbeddedLoginAuthenticationProvider

public class FormLoginAuthenticationProvider extends org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
An AuthenticationProvider that retrieves OAuth2UserDetails from a OAuth2UserDetailsService for use with Universal Login.

This is useful when users are partitioned for a certain OAuth2 client, which is common when using a single authorization server within a multi-tenant scenario. In this situation, `username` alone is not enough of a unique identifier, and a client ID is needed to accurately discriminate an OAuth2UserDetails.

Author:
Nick Crum (ncrum)
See Also:
  • Field Summary

    Fields inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

    hideUserNotFoundExceptions, logger, messages
  • Constructor Summary

    Constructors
    Constructor
    Description
    FormLoginAuthenticationProvider(OAuth2UserDetailsService userDetailsService, org.springframework.security.core.userdetails.UserDetailsPasswordService userDetailsPasswordService, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder)
     
  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication)
     
    protected org.springframework.security.core.Authentication
    createSuccessAuthentication(Object principal, org.springframework.security.core.Authentication authentication, org.springframework.security.core.userdetails.UserDetails user)
     
    protected org.springframework.security.crypto.password.PasswordEncoder
     
    protected org.springframework.security.core.userdetails.UserDetailsPasswordService
     
     
    protected String
    The password used to perform PasswordEncoder.matches(CharSequence, String) on when the user is not found to avoid SEC-2056.
    protected final org.springframework.security.core.userdetails.UserDetails
    retrieveUser(String username, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication)
     
    boolean
    supports(Class<?> authentication)
     

    Methods inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

    afterPropertiesSet, authenticate, doAfterPropertiesSet, getPostAuthenticationChecks, getPreAuthenticationChecks, getUserCache, isForcePrincipalAsString, isHideUserNotFoundExceptions, setAuthoritiesMapper, setForcePrincipalAsString, setHideUserNotFoundExceptions, setMessageSource, setPostAuthenticationChecks, setPreAuthenticationChecks, setUserCache

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • FormLoginAuthenticationProvider

      public FormLoginAuthenticationProvider(OAuth2UserDetailsService userDetailsService, org.springframework.security.core.userdetails.UserDetailsPasswordService userDetailsPasswordService, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder)
  • Method Details

    • supports

      public boolean supports(Class<?> authentication)
      Specified by:
      supports in interface org.springframework.security.authentication.AuthenticationProvider
      Overrides:
      supports in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    • retrieveUser

      protected final org.springframework.security.core.userdetails.UserDetails retrieveUser(String username, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication)
      Specified by:
      retrieveUser in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    • createSuccessAuthentication

      protected org.springframework.security.core.Authentication createSuccessAuthentication(Object principal, org.springframework.security.core.Authentication authentication, org.springframework.security.core.userdetails.UserDetails user)
      Overrides:
      createSuccessAuthentication in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    • additionalAuthenticationChecks

      protected void additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication)
      Specified by:
      additionalAuthenticationChecks in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    • getUserDetailsService

      protected OAuth2UserDetailsService getUserDetailsService()
    • getUserDetailsPasswordService

      protected org.springframework.security.core.userdetails.UserDetailsPasswordService getUserDetailsPasswordService()
    • getPasswordEncoder

      protected org.springframework.security.crypto.password.PasswordEncoder getPasswordEncoder()
    • getUserNotFoundEncodedPassword

      protected String getUserNotFoundEncodedPassword()
      The password used to perform PasswordEncoder.matches(CharSequence, String) on when the user is not found to avoid SEC-2056. This is necessary, because some PasswordEncoder implementations will short circuit if the password is not in a valid format.