Class FormLoginAuthenticationProvider
java.lang.Object
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
com.broadleafcommerce.auth.user.session.FormLoginAuthenticationProvider
- All Implemented Interfaces:
org.springframework.beans.factory.Aware
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.MessageSourceAware
,org.springframework.security.authentication.AuthenticationProvider
- Direct Known Subclasses:
EmbeddedLoginAuthenticationProvider
public class FormLoginAuthenticationProvider
extends org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
An
AuthenticationProvider
that retrieves OAuth2UserDetails
from a
OAuth2UserDetailsService
for use with Universal Login.
This is useful when users are partitioned for a certain OAuth2 client, which is common when using
a single authorization server within a multi-tenant scenario. In this situation, `username` alone
is not enough of a unique identifier, and a client ID is needed to accurately discriminate an
OAuth2UserDetails
.
- Author:
- Nick Crum (ncrum)
- See Also:
-
as the inspiration for this provider
for the equivalent when using embedded login.
-
Field Summary
Fields inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
hideUserNotFoundExceptions, logger, messages
-
Constructor Summary
ConstructorDescriptionFormLoginAuthenticationProvider
(OAuth2UserDetailsService userDetailsService, org.springframework.security.core.userdetails.UserDetailsPasswordService userDetailsPasswordService, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder) -
Method Summary
Modifier and TypeMethodDescriptionprotected void
additionalAuthenticationChecks
(org.springframework.security.core.userdetails.UserDetails userDetails, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication) protected org.springframework.security.core.Authentication
createSuccessAuthentication
(Object principal, org.springframework.security.core.Authentication authentication, org.springframework.security.core.userdetails.UserDetails user) protected org.springframework.security.crypto.password.PasswordEncoder
protected org.springframework.security.core.userdetails.UserDetailsPasswordService
protected OAuth2UserDetailsService
protected String
The password used to performPasswordEncoder.matches(CharSequence, String)
on when the user is not found to avoid SEC-2056.protected final org.springframework.security.core.userdetails.UserDetails
retrieveUser
(String username, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication) boolean
Methods inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
afterPropertiesSet, authenticate, doAfterPropertiesSet, getPostAuthenticationChecks, getPreAuthenticationChecks, getUserCache, isForcePrincipalAsString, isHideUserNotFoundExceptions, setAuthoritiesMapper, setForcePrincipalAsString, setHideUserNotFoundExceptions, setMessageSource, setPostAuthenticationChecks, setPreAuthenticationChecks, setUserCache
-
Constructor Details
-
FormLoginAuthenticationProvider
public FormLoginAuthenticationProvider(OAuth2UserDetailsService userDetailsService, org.springframework.security.core.userdetails.UserDetailsPasswordService userDetailsPasswordService, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder)
-
-
Method Details
-
supports
- Specified by:
supports
in interfaceorg.springframework.security.authentication.AuthenticationProvider
- Overrides:
supports
in classorg.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
-
retrieveUser
protected final org.springframework.security.core.userdetails.UserDetails retrieveUser(String username, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication) - Specified by:
retrieveUser
in classorg.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
-
createSuccessAuthentication
protected org.springframework.security.core.Authentication createSuccessAuthentication(Object principal, org.springframework.security.core.Authentication authentication, org.springframework.security.core.userdetails.UserDetails user) - Overrides:
createSuccessAuthentication
in classorg.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
-
additionalAuthenticationChecks
protected void additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication) - Specified by:
additionalAuthenticationChecks
in classorg.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
-
getUserDetailsService
-
getUserDetailsPasswordService
protected org.springframework.security.core.userdetails.UserDetailsPasswordService getUserDetailsPasswordService() -
getPasswordEncoder
protected org.springframework.security.crypto.password.PasswordEncoder getPasswordEncoder() -
getUserNotFoundEncodedPassword
The password used to performPasswordEncoder.matches(CharSequence, String)
on when the user is not found to avoid SEC-2056. This is necessary, because somePasswordEncoder
implementations will short circuit if the password is not in a valid format.
-