public class ProviderManager extends AbstractAuthenticationManager implements org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware
Authentication
request through a list of AuthenticationProvider
s.
Can optionally be configured with a ConcurrentSessionController
to limit the number of sessions a user can
have.
AuthenticationProvider
s are tried in order until one provides a non-null response.
A non-null response indicates the provider had authority to decide on the authentication request and no further
providers are tried. If an AuthenticationException
is thrown by a provider, it is retained until
subsequent providers are tried. If a subsequent provider successfully authenticates the request, the earlier
authentication exception is disregarded and the successful authentication will be used. If no subsequent provider
provides a non-null response, or a new AuthenticationException
, the last
AuthenticationException
received will be used. If no provider returns a non-null response, or indicates
it can even process an Authentication
, the ProviderManager
will throw a
ProviderNotFoundException
.
If a valid Authentication
is returned by an AuthenticationProvider
, the
ProviderManager
will publish an AuthenticationSuccessEvent
. If an AuthenticationException
is
detected, the final AuthenticationException
thrown will be used to publish an appropriate failure
event. By default ProviderManager
maps common exceptions to events, but this can be fine-tuned by
providing a new exceptionMappings
java.util.Properties
object. In the properties object,
each of the keys represent the fully qualified classname of the exception, and each of the values represent the
name of an event class which subclasses AbstractAuthenticationFailureEvent
and provides its constructor.
ConcurrentSessionController
Modifier and Type | Field and Description |
---|---|
protected org.springframework.context.support.MessageSourceAccessor |
messages |
Constructor and Description |
---|
ProviderManager() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
protected void |
doAddExtraDefaultExceptionMappings(Properties exceptionMappings)
Deprecated.
This method has been removed from the 2.0 series; please use the
additionalExceptionMappings property instead to inject additional exception
to event mappings |
Authentication |
doAuthentication(Authentication authentication)
Attempts to authenticate the passed
Authentication object. |
List |
getProviders() |
ConcurrentSessionController |
getSessionController()
The configured
ConcurrentSessionController is returned or the NullConcurrentSessionController if a specific one has not been set. |
void |
setAdditionalExceptionMappings(Properties additionalExceptionMappings)
Sets additional exception to event mappings.
|
void |
setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher) |
void |
setMessageSource(org.springframework.context.MessageSource messageSource) |
void |
setProviders(List newList)
Sets the
AuthenticationProvider objects to be used for authentication. |
void |
setSessionController(ConcurrentSessionController sessionController)
Set the
ConcurrentSessionController to be used for limiting user's sessions. |
authenticate, setClearExtraInformation
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
Exception
protected void doAddExtraDefaultExceptionMappings(Properties exceptionMappings)
additionalExceptionMappings
property instead to inject additional exception
to event mappingsexceptionMappings
- the properties object, which already has entries in itpublic Authentication doAuthentication(Authentication authentication) throws AuthenticationException
Authentication
object.The list of AuthenticationProvider
s will be successively tried until an AuthenticationProvider
indicates it
is capable of authenticating the type of Authentication
object passed. Authentication will then
be attempted with that AuthenticationProvider
.
If more than one AuthenticationProvider
supports the passed Authentication
object, only the first AuthenticationProvider
tried will determine the result. No subsequent
AuthenticationProvider
s will be tried.
doAuthentication
in class AbstractAuthenticationManager
authentication
- the authentication request object.AuthenticationException
- if authentication fails.public List getProviders()
public ConcurrentSessionController getSessionController()
ConcurrentSessionController
is returned or the NullConcurrentSessionController
if a specific one has not been set.ConcurrentSessionController
instancepublic void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)
setApplicationEventPublisher
in interface org.springframework.context.ApplicationEventPublisherAware
public void setMessageSource(org.springframework.context.MessageSource messageSource)
setMessageSource
in interface org.springframework.context.MessageSourceAware
public void setProviders(List newList)
AuthenticationProvider
objects to be used for authentication.newList
- IllegalArgumentException
- DOCUMENT ME!public void setSessionController(ConcurrentSessionController sessionController)
ConcurrentSessionController
to be used for limiting user's sessions. The NullConcurrentSessionController
is used by defaultsessionController
- ConcurrentSessionController
public void setAdditionalExceptionMappings(Properties additionalExceptionMappings)
ProviderManager
defines.additionalExceptionMappings
- where keys are the fully-qualified string name of the
exception class and the values are the fully-qualified string name of the event class to fireCopyright © 2016. All rights reserved.