1 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited 2 * 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package org.springframework.security; 17 18 /** 19 * An abstract implementation of the {@link AuthenticationManager}. 20 * 21 * @author Wesley Hall 22 * @version $Id: AbstractAuthenticationManager.java 2653 2008-02-18 20:18:40Z luke_t $ 23 */ 24 public abstract class AbstractAuthenticationManager implements AuthenticationManager { 25 26 //~ Instance fields ================================================================================================ 27 private boolean clearExtraInformation = false; 28 29 //~ Methods ======================================================================================================== 30 31 /** 32 * An implementation of the <code>authenticate</code> method that calls the abstract method 33 * <code>doAuthenticatation</code> to do its work. 34 * <p> 35 * If doAuthenticate throws an <code>AuthenticationException</code> then the exception is populated 36 * with the failed <code>Authentication</code> object that failed. 37 * 38 * @param authRequest the authentication request object 39 * 40 * @return a fully authenticated object including credentials 41 * 42 * @throws AuthenticationException if authentication fails 43 */ 44 public final Authentication authenticate(Authentication authRequest) throws AuthenticationException { 45 try { 46 return doAuthentication(authRequest); 47 } catch (AuthenticationException e) { 48 e.setAuthentication(authRequest); 49 50 if (clearExtraInformation) { 51 e.clearExtraInformation(); 52 } 53 54 throw e; 55 } 56 } 57 58 /** 59 * Concrete implementations of this class override this method to provide the authentication service. 60 * <p> 61 * The contract for this method is documented in the 62 * {@link AuthenticationManager#authenticate(Authentication)}. 63 * 64 * @param authentication the authentication request object 65 * 66 * @return a fully authenticated object including credentials 67 * 68 * @throws AuthenticationException if authentication fails 69 */ 70 protected abstract Authentication doAuthentication(Authentication authentication) throws AuthenticationException; 71 72 /** 73 * If set to true, the <tt>extraInformation</tt> set on an <tt>AuthenticationException</tt> will be cleared 74 * before rethrowing it. This is useful for use with remoting protocols where the information shouldn't 75 * be serialized to the client. Defaults to 'false'. 76 * 77 * @see org.springframework.security.AuthenticationException#getExtraInformation() 78 */ 79 public void setClearExtraInformation(boolean clearExtraInformation) { 80 this.clearExtraInformation = clearExtraInformation; 81 } 82 }