public class ProviderManager extends AbstractAuthenticationManager implements org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware, org.springframework.context.ApplicationEventPublisherAware
Authentication request through a list of AuthenticationProviders.
Can optionally be configured with a ConcurrentSessionController to limit the number of sessions a user can
have.
AuthenticationProviders are usually tried in order until one provides a non-null response.
A non-null response indicates the provider had authority to decide on the authentication request and no further
providers are tried.
If a subsequent provider successfully authenticates the request, the earlier authentication exception is disregarded
and the successful authentication will be used. If no subsequent provider provides a non-null response, or a new
AuthenticationException, the last AuthenticationException received will be used.
If no provider returns a non-null response, or indicates it can even process an Authentication,
the ProviderManager will throw a ProviderNotFoundException.
The exception to this process is when a provider throws an AccountStatusException or if the configured
concurrent session controller throws a ConcurrentLoginException. In both these cases, no further providers
in the list will be queried.
If a valid Authentication is returned by an AuthenticationProvider, the
ProviderManager will publish an
AuthenticationSuccessEvent. If an
AuthenticationException is detected, the final AuthenticationException thrown will be
used to publish an appropriate failure event. By default ProviderManager maps common exceptions to
events, but this can be fine-tuned by providing a new exceptionMappingsjava.util.Properties
object. In the properties object, each of the keys represent the fully qualified classname of the exception, and
each of the values represent the name of an event class which subclasses
AbstractAuthenticationFailureEvent
and provides its constructor.
ConcurrentSessionController| Modifier and Type | Field and Description |
|---|---|
protected org.springframework.context.support.MessageSourceAccessor |
messages |
| Constructor and Description |
|---|
ProviderManager() |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
Authentication |
doAuthentication(Authentication authentication)
Attempts to authenticate the passed
Authentication object. |
java.util.List |
getProviders() |
ConcurrentSessionController |
getSessionController()
The configured
ConcurrentSessionController is returned or the NullConcurrentSessionController if a specific one has not been set. |
void |
setAdditionalExceptionMappings(java.util.Properties additionalExceptionMappings)
Sets additional exception to event mappings.
|
void |
setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher) |
void |
setMessageSource(org.springframework.context.MessageSource messageSource) |
void |
setProviders(java.util.List providers)
Sets the
AuthenticationProvider objects to be used for authentication. |
void |
setSessionController(ConcurrentSessionController sessionController)
Set the
ConcurrentSessionController to be used for limiting users' sessions. |
authenticate, setClearExtraInformationpublic void afterPropertiesSet()
throws java.lang.Exception
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBeanjava.lang.Exceptionpublic Authentication doAuthentication(Authentication authentication) throws AuthenticationException
Authentication object.
The list of AuthenticationProviders will be successively tried until an
AuthenticationProvider indicates it is capable of authenticating the type of
Authentication object passed. Authentication will then be attempted with that
AuthenticationProvider.
If more than one AuthenticationProvider supports the passed Authentication
object, only the first AuthenticationProvider tried will determine the result. No subsequent
AuthenticationProviders will be tried.
doAuthentication in class AbstractAuthenticationManagerauthentication - the authentication request object.AuthenticationException - if authentication fails.public java.util.List getProviders()
public ConcurrentSessionController getSessionController()
ConcurrentSessionController is returned or the NullConcurrentSessionController if a specific one has not been set.ConcurrentSessionController instancepublic void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)
setApplicationEventPublisher in interface org.springframework.context.ApplicationEventPublisherAwarepublic void setMessageSource(org.springframework.context.MessageSource messageSource)
setMessageSource in interface org.springframework.context.MessageSourceAwarepublic void setProviders(java.util.List providers)
AuthenticationProvider objects to be used for authentication.providers - the list of authentication providers which will be used to process authentication requests.java.lang.IllegalArgumentException - if the list is empty or null, or any of the elements in the list is not an
AuthenticationProvider instance.public void setSessionController(ConcurrentSessionController sessionController)
ConcurrentSessionController to be used for limiting users' sessions. The NullConcurrentSessionController is used by default.sessionController - ConcurrentSessionControllerpublic void setAdditionalExceptionMappings(java.util.Properties additionalExceptionMappings)
ProviderManager defines.additionalExceptionMappings - where keys are the fully-qualified string name of the exception class and the
values are the fully-qualified string name of the event class to fire.