org.springframework.security.extensions.kerberos
Class KerberosServiceAuthenticationProvider

java.lang.Object
  org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider

All Implemented Interfaces:

InitializingBean, AuthenticationProvider

public class KerberosServiceAuthenticationProvider
extends Object
implements AuthenticationProvider, InitializingBean

Authentication Provider which validates Kerberos Service Tickets or SPNEGO Tokens (which includes Kerberos Service Tickets).

It needs a KerberosTicketValidator, which contains the code to validate the ticket, as this code is different between SUN and IBM JRE.
It also needs an UserDetailsService to load the user properties and the GrantedAuthorities, as we only get back the username from Kerbeos

You can see an example configuration in SpnegoAuthenticationProcessingFilter.

Since:

1.0

Version:

$Id: KerberosServiceAuthenticationProvider.java 35 2009-09-03 18:15:03Z mwiesner $

Author:

Mike Wiesner

See Also:

KerberosTicketValidator, UserDetailsService, SpnegoAuthenticationProcessingFilter

Constructor Summary

KerberosServiceAuthenticationProvider()

Method Summary

protected void	additionalAuthenticationChecks(UserDetails userDetails, KerberosServiceRequestToken authentication) Allows subclasses to perform any additional checks of a returned UserDetails for a given authentication request.
void	afterPropertiesSet()
Authentication	authenticate(Authentication authentication)
void	setTicketValidator(KerberosTicketValidator ticketValidator) The KerberosTicketValidator to use, for validating the Kerberos/SPNEGO tickets.
void	setUserDetailsService(UserDetailsService userDetailsService) The UserDetailsService to use, for loading the user properties and the GrantedAuthorities.
boolean	supports(Class<? extends Object> auth)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KerberosServiceAuthenticationProvider

public KerberosServiceAuthenticationProvider()

Method Detail

setUserDetailsService

public void setUserDetailsService(UserDetailsService userDetailsService)

The UserDetailsService to use, for loading the user properties and the GrantedAuthorities.

setTicketValidator

public void setTicketValidator(KerberosTicketValidator ticketValidator)

The KerberosTicketValidator to use, for validating the Kerberos/SPNEGO tickets.

authenticate

public Authentication authenticate(Authentication authentication)
                            throws AuthenticationException

Specified by:

authenticate in interface AuthenticationProvider

Throws:

AuthenticationException

additionalAuthenticationChecks

protected void additionalAuthenticationChecks(UserDetails userDetails,
                                              KerberosServiceRequestToken authentication)
                                       throws AuthenticationException

Allows subclasses to perform any additional checks of a returned UserDetails for a given authentication request.

Parameters:

userDetails - as retrieved from the UserDetailsService

authentication - validated KerberosServiceRequestToken

Throws:

AuthenticationException - AuthenticationException if the credentials could not be validated (generally a BadCredentialsException, an AuthenticationServiceException)

supports

public boolean supports(Class<? extends Object> auth)

Specified by:

supports in interface AuthenticationProvider

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface InitializingBean

Throws:

Exception