|
|
|
|
@ -27,7 +27,7 @@ JAASTest {
@@ -27,7 +27,7 @@ JAASTest {
|
|
|
|
|
sample.SampleLoginModule required; |
|
|
|
|
};</programlisting></para> |
|
|
|
|
<para>Like all Spring Security beans, the |
|
|
|
|
<literal>JaasAuthenticationProvider</literal> is configured via the |
|
|
|
|
<classname>JaasAuthenticationProvider</classname> is configured via the |
|
|
|
|
application context. The following definitions would correspond to the |
|
|
|
|
above JAAS login configuration file: |
|
|
|
|
<programlisting><![CDATA[ |
|
|
|
|
@ -50,7 +50,7 @@ JAASTest {
@@ -50,7 +50,7 @@ JAASTest {
|
|
|
|
|
]]></programlisting></para> |
|
|
|
|
|
|
|
|
|
<para>The <literal>CallbackHandler</literal>s and |
|
|
|
|
<literal>AuthorityGranter</literal>s are discussed below.</para> |
|
|
|
|
<interfacename>AuthorityGranter</interfacename>s are discussed below.</para> |
|
|
|
|
|
|
|
|
|
<section xml:id="jaas-callbackhandler"> |
|
|
|
|
<info><title xml:id="jaas-callback-handler">JAAS CallbackHandler</title></info> |
|
|
|
|
@ -105,26 +105,26 @@ JAASTest {
@@ -105,26 +105,26 @@ JAASTest {
|
|
|
|
|
<literal>AuthorityGranter</literal> interface.</para> |
|
|
|
|
|
|
|
|
|
<para>An <literal>AuthorityGranter</literal> is responsible for |
|
|
|
|
inspecting a JAAS principal and returning a |
|
|
|
|
<literal>String</literal>. The |
|
|
|
|
<literal>JaasAuthenticationProvider</literal> then creates a |
|
|
|
|
<literal>JaasGrantedAuthority</literal> (which implements Spring |
|
|
|
|
inspecting a JAAS principal and returning a set of |
|
|
|
|
<literal>String</literal>s, representing the authorities assigned to the principal. |
|
|
|
|
For each returned authority string, the |
|
|
|
|
<classname>JaasAuthenticationProvider</classname> creates a |
|
|
|
|
<classname>JaasGrantedAuthority</classname> (which implements Spring |
|
|
|
|
Security’s <interfacename>GrantedAuthority</interfacename> interface) containing |
|
|
|
|
both the <literal>AuthorityGranter</literal>-returned |
|
|
|
|
<literal>String</literal> and the JAAS principal that the |
|
|
|
|
<literal>AuthorityGranter</literal> was passed. The |
|
|
|
|
<literal>JaasAuthenticationProvider</literal> obtains the JAAS |
|
|
|
|
the authority string and the JAAS principal that the |
|
|
|
|
<interfacename>AuthorityGranter</interfacename> was passed. The |
|
|
|
|
<classname>JaasAuthenticationProvider</classname> obtains the JAAS |
|
|
|
|
principals by firstly successfully authenticating the user’s |
|
|
|
|
credentials using the JAAS <literal>LoginModule</literal>, and then |
|
|
|
|
accessing the <literal>LoginContext</literal> it returns. A call to |
|
|
|
|
<literal>LoginContext.getSubject().getPrincipals()</literal> is |
|
|
|
|
made, with each resulting principal passed to each |
|
|
|
|
<literal>AuthorityGranter</literal> defined against the |
|
|
|
|
<interfacename>AuthorityGranter</interfacename> defined against the |
|
|
|
|
<literal>JaasAuthenticationProvider.setAuthorityGranters(List)</literal> |
|
|
|
|
property.</para> |
|
|
|
|
|
|
|
|
|
<para>Spring Security does not include any production |
|
|
|
|
<literal>AuthorityGranter</literal>s given that every JAAS principal |
|
|
|
|
<interfacename>AuthorityGranter</interfacename>s given that every JAAS principal |
|
|
|
|
has an implementation-specific meaning. However, there is a |
|
|
|
|
<literal>TestAuthorityGranter</literal> in the unit tests that |
|
|
|
|
demonstrates a simple <literal>AuthorityGranter</literal> |
|
|
|
|
|
Luke Taylor
17 years ago