Class DbAuthenticationHandler

java.lang.Object
ch.tocco.nice2.security.spi.auth.AuthenticationHandlerAdapter
ch.tocco.nice2.security.spi.auth.AbstractUsernamePasswordAuthHandler
ch.tocco.nice2.userbase.impl.auth.DbAuthenticationHandler
All Implemented Interfaces:
AuthenticationHandler
@Component @Order(200) public class DbAuthenticationHandler extends AbstractUsernamePasswordAuthHandler
This authentication handler authenticates a username-password pair against the nice2 database. The credenitals supplied must be of type UsernamePasswordCredentials.

It supports setting new credentials as well es requesting credentials for a user. When setting new credentials, the new credentials must be of type UserCredentialsChange.

  • Field Details

  • Constructor Details

  • Method Details

    • setPrivilegedRoles

      @Autowired(required=false) public void setPrivilegedRoles(List<String> privilegedRoles)

    • doAuthenticate

      public void doAuthenticate(Challenge challenge, @Nullable @Nullable PrincipalDetails principalDetails, UsernamePasswordCredentials credentials)
      Description copied from class: AbstractUsernamePasswordAuthHandler
      After the principal is retrieved using the configured PrincipalDetailService, this method is invoked right afterwards to let subclasses do further authentication checks and finally call the Challenge.vote(Challenge.State) method.

      As subclasses configure its instance with their concrete PrincipalDetailService you are safe to cast the PrincipalDetails argument to your specific type.

      Specified by:
      doAuthenticate in class AbstractUsernamePasswordAuthHandler
      Parameters:
      challenge - the challenge to be authenticated
      principalDetails - the principal details just loaded (may be null if principal could not be found)
      credentials - the concrete username and password credentials

    • doSetCredentials

      protected boolean doSetCredentials(PrincipalDetails principalDetails, UsernamePasswordCredentials oldCredentials, Credentials newCredentials)
      Description copied from class: AbstractUsernamePasswordAuthHandler
      Set new credentials for the passed principal. This is only invoked for any instance of UsernamePasswordCredentials that were used to get the principal. The old credentials are also passed in together with new credentials.

      The type of argument newCredentials should be used to check if this handler supports setting new credentials. Return false if the type of newCredentials is not supported.

      Specified by:
      doSetCredentials in class AbstractUsernamePasswordAuthHandler
      Parameters:
      principalDetails - details about the principal that wants to set new credentials
      oldCredentials - the old credentials of the principal
      newCredentials - new credentials to set.
      Returns:
      true if setting was successful, false if action was skipped

    • currentUserIsPrivileged

      protected boolean currentUserIsPrivileged()

    • postAuthenticate

      public void postAuthenticate(Challenge challenge)
      Description copied from interface: AuthenticationHandler

      After authentication has been successful for all registered AuthenticationHandlers, the post-authentication step is invoked to add more authorization information to the principal which is sure to be not null and authenticated when this method is invoked.

      This handler may also decide in this step to give a new vote for this challenge which overrides the previously given vote.

      If this throws any exception, authentication process is immediately stopped to failed state.

      Specified by:
      postAuthenticate in interface AuthenticationHandler
      Overrides:
      postAuthenticate in class AuthenticationHandlerAdapter
      Parameters:
      challenge - the challenge to authenticate