ProviderManager (Acegi Security Core 1.0.7 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.providers
Class ProviderManager

java.lang.Object
  org.acegisecurity.AbstractAuthenticationManager
      org.acegisecurity.providers.ProviderManager

All Implemented Interfaces:: AuthenticationManager, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware

public class ProviderManager
extends AbstractAuthenticationManager
implements org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware
extends AbstractAuthenticationManager
implements org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware

Iterates an Authentication request through a list of AuthenticationProviders. Can optionally be configured with a ConcurrentSessionController to limit the number of sessions a user can have.

AuthenticationProviders are tried in order until one provides a non-null response. A non-null response indicates the provider had authority to decide on the authentication request and no further providers are tried. If an AuthenticationException is thrown by a provider, it is retained until subsequent providers are tried. If a subsequent provider successfully authenticates the request, the earlier authentication exception is disregarded and the successful authentication will be used. If no subsequent provider provides a non-null response, or a new AuthenticationException, the last AuthenticationException received will be used. If no provider returns a non-null response, or indicates it can even process an Authentication, the ProviderManager will throw a ProviderNotFoundException.

If a valid Authentication is returned by an AuthenticationProvider, the ProviderManager will publish an AuthenticationSuccessEvent. If an AuthenticationException is detected, the final AuthenticationException thrown will be used to publish an appropriate failure event. By default ProviderManager maps common exceptions to events, but this can be fine-tuned by providing a new exceptionMappingsjava.util.Properties object. In the properties object, each of the keys represent the fully qualified classname of the exception, and each of the values represent the name of an event class which subclasses AbstractAuthenticationFailureEvent and provides its constructor.

See Also:: ConcurrentSessionController

Field Summary
`protected org.springframework.context.support.MessageSourceAccessor`	`messages`

Constructor Summary
`ProviderManager()`

Method Summary
`void`	`afterPropertiesSet()`
`protected void`	`doAddExtraDefaultExceptionMappings(java.util.Properties exceptionMappings)` Deprecated. This method has been removed from the 2.0 series; please use the `additionalExceptionMappings` property instead to inject additional exception to event mappings
`Authentication`	`doAuthentication(Authentication authentication)` Attempts to authenticate the passed `Authentication` object.
`java.util.List`	`getProviders()`
`ConcurrentSessionController`	`getSessionController()` The configured `ConcurrentSessionController` is returned or the `NullConcurrentSessionController` if a specific one has not been set.
`void`	`setAdditionalExceptionMappings(java.util.Properties additionalExceptionMappings)` Sets additional exception to event mappings.
`void`	`setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)`
`void`	`setMessageSource(org.springframework.context.MessageSource messageSource)`
`void`	`setProviders(java.util.List newList)` Sets the `AuthenticationProvider` objects to be used for authentication.
`void`	`setSessionController(ConcurrentSessionController sessionController)` Set the `ConcurrentSessionController` to be used for limiting user's sessions.

Methods inherited from class org.acegisecurity.AbstractAuthenticationManager
`authenticate, setClearExtraInformation`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

messages

protected org.springframework.context.support.MessageSourceAccessor messages

Constructor Detail

ProviderManager

public ProviderManager()

Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws java.lang.Exception

Specified by:: afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:: java.lang.Exception

doAddExtraDefaultExceptionMappings

protected void doAddExtraDefaultExceptionMappings(java.util.Properties exceptionMappings)

Deprecated. This method has been removed from the 2.0 series; please use the additionalExceptionMappings property instead to inject additional exception to event mappings

Provided so subclasses can add extra exception mappings during startup if no exception mappings are injected by the IoC container.

Parameters:: exceptionMappings - the properties object, which already has entries in it

doAuthentication

public Authentication doAuthentication(Authentication authentication)
                                throws AuthenticationException

Attempts to authenticate the passed Authentication object.

The list of AuthenticationProviders will be successively tried until an AuthenticationProvider indicates it is capable of authenticating the type of Authentication object passed. Authentication will then be attempted with that AuthenticationProvider.

If more than one AuthenticationProvider supports the passed Authentication object, only the first AuthenticationProvider tried will determine the result. No subsequent AuthenticationProviders will be tried.

Specified by:: doAuthentication in class AbstractAuthenticationManager

Parameters:: authentication - the authentication request object.
Returns:: a fully authenticated object including credentials.
Throws:: AuthenticationException - if authentication fails.

getProviders

public java.util.List getProviders()

getSessionController

public ConcurrentSessionController getSessionController()

The configured ConcurrentSessionController is returned or the NullConcurrentSessionController if a specific one has not been set.

Returns:: ConcurrentSessionController instance

setApplicationEventPublisher

public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)

Specified by:: setApplicationEventPublisher in interface org.springframework.context.ApplicationEventPublisherAware

setMessageSource

public void setMessageSource(org.springframework.context.MessageSource messageSource)

Specified by:: setMessageSource in interface org.springframework.context.MessageSourceAware

setProviders

public void setProviders(java.util.List newList)

Sets the AuthenticationProvider objects to be used for authentication.

Parameters:: newList -
Throws:: java.lang.IllegalArgumentException - DOCUMENT ME!

setSessionController

public void setSessionController(ConcurrentSessionController sessionController)

Set the ConcurrentSessionController to be used for limiting user's sessions. The NullConcurrentSessionController is used by default

Parameters:: sessionController - ConcurrentSessionController

setAdditionalExceptionMappings

public void setAdditionalExceptionMappings(java.util.Properties additionalExceptionMappings)

Sets additional exception to event mappings. These are automatically merged with the default exception to event mappings that ProviderManager defines.

Parameters:: additionalExceptionMappings - where keys are the fully-qualified string name of the exception class and the values are the fully-qualified string name of the event class to fire