Package ch.tocco.nice2.security.spi.auth

Class AbstractUsernamePasswordAuthHandler

java.lang.Object
ch.tocco.nice2.security.spi.auth.AuthenticationHandlerAdapter
ch.tocco.nice2.security.spi.auth.AbstractUsernamePasswordAuthHandler
All Implemented Interfaces:
AuthenticationHandler
Direct Known Subclasses:
DbAuthenticationHandler
public abstract class AbstractUsernamePasswordAuthHandler extends AuthenticationHandlerAdapter

Abstract implementation of an AuthenticationHandler that supports authentication of UsernamePasswordCredentials.

It leaves the retrieval of the principal to the PrincipalDetailService that needs to be injected into implementations of this class. It delegates to methods of subclasses to finalize authentication.

  • Field Details

  • Constructor Details

    • AbstractUsernamePasswordAuthHandler

      public AbstractUsernamePasswordAuthHandler()

  • Method Details

    • setAuthenticators

      @Autowired public void setAuthenticators(List<UsernamePasswordAuthenticator> authenticators)

    • authenticate

      public void authenticate(Challenge challenge, Credentials credentials)
      Description copied from interface: AuthenticationHandler

      Authenticates the given challenge by voting for or against it.

      If the supplied credentials are unknown to this handler, it may not vote at all, indicating no meaningful knowledge about the challenge.

      Specified by:
      authenticate in interface AuthenticationHandler
      Overrides:
      authenticate in class AuthenticationHandlerAdapter
      Parameters:
      challenge - the authentication challenge
      credentials - the credentials supplied by client in case of non-recoverable error. An exception will immediately stop authentication process to failed state.

    • doAuthenticate

      protected abstract void doAuthenticate(Challenge challenge, @Nullable @Nullable PrincipalDetails principalDetails, UsernamePasswordCredentials credentials)
      After the principal is retrieved using the configured PrincipalDetailService, this method is invoked right afterwards to let subclasses do further authentication checks and finally call the Challenge.vote(Challenge.State) method.

      As subclasses configure its instance with their concrete PrincipalDetailService you are safe to cast the PrincipalDetails argument to your specific type.

      Parameters:
      challenge - the challenge to be authenticated
      principalDetails - the principal details just loaded (may be null if principal could not be found)
      credentials - the concrete username and password credentials

    • updateCredentials

      public final boolean updateCredentials(Credentials oldCredentials, Credentials newCredentials)
      Description copied from interface: AuthenticationHandler
      Updates the credentials for this handler.

      If this handler is not supporting this, return false

      .

      In case of an exception, the whole process is stopped immediately.

      Specified by:
      updateCredentials in interface AuthenticationHandler
      Overrides:
      updateCredentials in class AuthenticationHandlerAdapter
      Parameters:
      oldCredentials - the old credentials are used to get the principal
      newCredentials - the new credentials to set. authentication handlers should only support their sepcific type of credentials
      Returns:
      true if credentials were updated successfully, false if skipped

    • doSetCredentials

      protected abstract boolean doSetCredentials(PrincipalDetails principalDetails, UsernamePasswordCredentials oldCredentials, Credentials newCredentials)
      Set new credentials for the passed principal. This is only invoked for any instance of UsernamePasswordCredentials that were used to get the principal. The old credentials are also passed in together with new credentials.

      The type of argument newCredentials should be used to check if this handler supports setting new credentials. Return false if the type of newCredentials is not supported.

      Parameters:
      principalDetails - details about the principal that wants to set new credentials
      oldCredentials - the old credentials of the principal
      newCredentials - new credentials to set.
      Returns:
      true if setting was successful, false if action was skipped

    • initializeService

      @PostConstruct public void initializeService()

    • setPrincipalService

      @Autowired public void setPrincipalService(PrincipalDetailService principalService)

    • getPrincipalDetailService

      protected PrincipalDetailService getPrincipalDetailService()