Package org.opennms.web.springframework.security

Class KerberosServiceLdapAuthenticationProvider

  • All Implemented Interfaces:
    org.springframework.beans.factory.InitializingBean, org.springframework.security.authentication.AuthenticationProvider
    public class KerberosServiceLdapAuthenticationProvider
extends org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider
    Authentication provider which validates users via Kerberos Service Tickets or SPNEGO Tokens and then populates the users' authorities using the specified implementation of LdapAuthoritiesPopulator. Created for use cases where no existing UserDetailsService implementation will quite do the job.
    Author:
    Jeff Gehlbach
    See Also:
    KerberosLdapAuthenticationProvider, KerberosAuthenticationProvider, LdapUserSearch, LdapAuthoritiesPopulator

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void afterPropertiesSet()  
      org.springframework.security.core.Authentication authenticate​(org.springframework.security.core.Authentication authentication)  
      org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator getLdapAuthoritiesPopulator()  
      org.springframework.security.ldap.search.LdapUserSearch getLdapUserSearch()  
      org.springframework.security.kerberos.authentication.KerberosTicketValidator getTicketValidator()  
      boolean getTrimRealm()  
      void setLdapAuthoritiesPopulator​(org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator ldapAuthoritiesPopulator)  
      void setLdapUserSearch​(org.springframework.security.ldap.search.LdapUserSearch ldapUserSearch)  
      void setTicketValidator​(org.springframework.security.kerberos.authentication.KerberosTicketValidator ticketValidator)  
      void setTrimRealm​(boolean trimRealm)  

      • Methods inherited from class org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider

        additionalAuthenticationChecks, setUserDetailsService, supports

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • KerberosServiceLdapAuthenticationProvider

        public KerberosServiceLdapAuthenticationProvider()

    • Method Detail

      • authenticate

        public org.springframework.security.core.Authentication authenticate​(org.springframework.security.core.Authentication authentication)
                                                              throws org.springframework.security.core.AuthenticationException
        Specified by:
        authenticate in interface org.springframework.security.authentication.AuthenticationProvider
        Overrides:
        authenticate in class org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider
        Throws:
        org.springframework.security.core.AuthenticationException

      • setLdapAuthoritiesPopulator

        public void setLdapAuthoritiesPopulator​(org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator ldapAuthoritiesPopulator)
        Parameters:
        ldapAuthoritiesPopulator - The LdapAuthoritiesPopulator to use for retrieving granted authorities from an LDAP directory

      • getLdapAuthoritiesPopulator

        public org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator getLdapAuthoritiesPopulator()

      • setLdapUserSearch

        public void setLdapUserSearch​(org.springframework.security.ldap.search.LdapUserSearch ldapUserSearch)
        Parameters:
        ldapUserSearch - The LdapUserSearch with which to look up users in an LDAP directory

      • getLdapUserSearch

        public org.springframework.security.ldap.search.LdapUserSearch getLdapUserSearch()

      • setTrimRealm

        public void setTrimRealm​(boolean trimRealm)
        Parameters:
        trimRealm - Defaults to true. If set to false, do not trim the realm portion (e.g. @EXAMPLE.ORG) from the authenticated user principal name (e.g. user@EXAMPLE.ORG).

      • getTrimRealm

        public boolean getTrimRealm()

      • setTicketValidator

        public void setTicketValidator​(org.springframework.security.kerberos.authentication.KerberosTicketValidator ticketValidator)
        Overrides:
        setTicketValidator in class org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider

      • getTicketValidator

        public org.springframework.security.kerberos.authentication.KerberosTicketValidator getTicketValidator()

      • afterPropertiesSet

        public void afterPropertiesSet()
                        throws java.lang.Exception
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
        Overrides:
        afterPropertiesSet in class org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider
        Throws:
        java.lang.Exception