• Home
• org.acegisecurity
• acegi-security
• 1.0.0-RC2
• source code
• RemoteAuthenticationProvider.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.acegisecurity.providers.rcp.RemoteAuthenticationProvider Maven / Gradle / Ivy

/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.acegisecurity.providers.rcp;

import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.GrantedAuthority;

import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;

import org.springframework.beans.factory.InitializingBean;

import org.springframework.util.Assert;


/**
 * Client-side object which queries a  {@link RemoteAuthenticationManager} to
 * validate an authentication request.
 * 
 * 

 * A new Authentication object is created by this class comprising
 * the request Authentication object's principal,
 * credentials and the GrantedAuthority[]s returned
 * by the RemoteAuthenticationManager.
 * 
 * 
 * 

 * The RemoteAuthenticationManager should not require any special
 * username or password setting on the remoting client proxy factory to
 * execute the call. Instead the entire authentication request must be
 * encapsulated solely within the Authentication request object.
 * In practical terms this means the RemoteAuthenticationManager
 * will not be protected by BASIC or any other HTTP-level
 * authentication.
 * 
 * 
 * 

 * If authentication fails, a RemoteAuthenticationException will
 * be thrown. This exception should be caught and displayed to the user,
 * enabling them to retry with alternative credentials etc.
 * 
 *
 * @author Ben Alex
 * @version $Id: RemoteAuthenticationProvider.java,v 1.5 2006/01/27 04:41:32 benalex Exp $
 */
public class RemoteAuthenticationProvider implements AuthenticationProvider,
    InitializingBean {
    //~ Instance fields ========================================================

    private RemoteAuthenticationManager remoteAuthenticationManager;

    //~ Methods ================================================================

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.remoteAuthenticationManager,
            "remoteAuthenticationManager is mandatory");
    }

    public Authentication authenticate(Authentication authentication)
        throws AuthenticationException {
        String username = authentication.getPrincipal().toString();
        String password = authentication.getCredentials().toString();
        GrantedAuthority[] authorities = remoteAuthenticationManager
            .attemptAuthentication(username, password);

        return new UsernamePasswordAuthenticationToken(username, password,
            authorities);
    }

    public RemoteAuthenticationManager getRemoteAuthenticationManager() {
        return remoteAuthenticationManager;
    }

    public void setRemoteAuthenticationManager(
        RemoteAuthenticationManager remoteAuthenticationManager) {
        this.remoteAuthenticationManager = remoteAuthenticationManager;
    }

    public boolean supports(Class authentication) {
        return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
    }
}