public class ProviderManager extends AbstractAuthenticationManager implements org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware
Authentication request through a list of AuthenticationProviders.
Can optionally be configured with a ConcurrentSessionController to limit the number of sessions a user can
have.
AuthenticationProviders are tried in order until one provides a non-null response.
A non-null response indicates the provider had authority to decide on the authentication request and no further
providers are tried. If an AuthenticationException is thrown by a provider, it is retained until
subsequent providers are tried. If a subsequent provider successfully authenticates the request, the earlier
authentication exception is disregarded and the successful authentication will be used. If no subsequent provider
provides a non-null response, or a new AuthenticationException, the last
AuthenticationException received will be used. If no provider returns a non-null response, or indicates
it can even process an Authentication, the ProviderManager will throw a
ProviderNotFoundException.
If a valid Authentication is returned by an AuthenticationProvider, the
ProviderManager will publish an AuthenticationSuccessEvent. If an AuthenticationException is
detected, the final AuthenticationException thrown will be used to publish an appropriate failure
event. By default ProviderManager maps common exceptions to events, but this can be fine-tuned by
providing a new exceptionMappingsjava.util.Properties object. In the properties object,
each of the keys represent the fully qualified classname of the exception, and each of the values represent the
name of an event class which subclasses AbstractAuthenticationFailureEvent and provides its constructor.
ConcurrentSessionController| Modifier and Type | Field and Description |
|---|---|
protected org.springframework.context.support.MessageSourceAccessor |
messages |
| Constructor and Description |
|---|
ProviderManager() |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
protected void |
doAddExtraDefaultExceptionMappings(Properties exceptionMappings)
Deprecated.
This method has been removed from the 2.0 series; please use the
additionalExceptionMappings property instead to inject additional exception
to event mappings |
Authentication |
doAuthentication(Authentication authentication)
Attempts to authenticate the passed
Authentication object. |
List |
getProviders() |
ConcurrentSessionController |
getSessionController()
The configured
ConcurrentSessionController is returned or the NullConcurrentSessionController if a specific one has not been set. |
void |
setAdditionalExceptionMappings(Properties additionalExceptionMappings)
Sets additional exception to event mappings.
|
void |
setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher) |
void |
setMessageSource(org.springframework.context.MessageSource messageSource) |
void |
setProviders(List newList)
Sets the
AuthenticationProvider objects to be used for authentication. |
void |
setSessionController(ConcurrentSessionController sessionController)
Set the
ConcurrentSessionController to be used for limiting user's sessions. |
authenticate, setClearExtraInformationpublic void afterPropertiesSet()
throws Exception
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBeanExceptionprotected void doAddExtraDefaultExceptionMappings(Properties exceptionMappings)
additionalExceptionMappings property instead to inject additional exception
to event mappingsexceptionMappings - the properties object, which already has entries in itpublic Authentication doAuthentication(Authentication authentication) throws AuthenticationException
Authentication object.The list of AuthenticationProviders will be successively tried until an AuthenticationProvider indicates it
is capable of authenticating the type of Authentication object passed. Authentication will then
be attempted with that AuthenticationProvider.
If more than one AuthenticationProvider supports the passed Authentication
object, only the first AuthenticationProvider tried will determine the result. No subsequent
AuthenticationProviders will be tried.
doAuthentication in class AbstractAuthenticationManagerauthentication - the authentication request object.AuthenticationException - if authentication fails.public List getProviders()
public ConcurrentSessionController getSessionController()
ConcurrentSessionController is returned or the NullConcurrentSessionController if a specific one has not been set.ConcurrentSessionController instancepublic void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)
setApplicationEventPublisher in interface org.springframework.context.ApplicationEventPublisherAwarepublic void setMessageSource(org.springframework.context.MessageSource messageSource)
setMessageSource in interface org.springframework.context.MessageSourceAwarepublic void setProviders(List newList)
AuthenticationProvider objects to be used for authentication.newList - IllegalArgumentException - DOCUMENT ME!public void setSessionController(ConcurrentSessionController sessionController)
ConcurrentSessionController to be used for limiting user's sessions. The NullConcurrentSessionController is used by defaultsessionController - ConcurrentSessionControllerpublic void setAdditionalExceptionMappings(Properties additionalExceptionMappings)
ProviderManager defines.additionalExceptionMappings - where keys are the fully-qualified string name of the
exception class and the values are the fully-qualified string name of the event class to fireCopyright © 2021. All rights reserved.