From ce712eaccfe858e86944c9263feb1978d9832c97 Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Wed, 30 Jun 2004 23:18:47 +0000 Subject: [PATCH] Improve organisation of DaoAuthenticationProvider to facilitate subclassing. --- changelog.txt | 1 + .../dao/DaoAuthenticationProvider.java | 52 +++++++++++++++++-- 2 files changed, 49 insertions(+), 4 deletions(-) diff --git a/changelog.txt b/changelog.txt index 438f2619e3..0112c50336 100644 --- a/changelog.txt +++ b/changelog.txt @@ -4,6 +4,7 @@ Changes in version 0.6 (2004-xx-xx) * Added feature so DaoAuthenticationProvider returns User in Authentication * Added AbstractIntegrationFilter.secureContext property for custom contexts * Refactored User to UserDetails interface +* Improved organisation of DaoAuthenticationProvider to facilitate subclassing * Fixed Linux compatibility issues (directory case sensitivity etc) * Fixed AbstractProcessingFilter to handle servlet spec container differences * Documentation improvements diff --git a/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java index 4cc31408ae..abedcdc695 100644 --- a/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java +++ b/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java @@ -231,10 +231,8 @@ public class DaoAuthenticationProvider implements AuthenticationProvider, principalToReturn = user.getUsername(); } - // Ensure we return the original credentials the user supplied, - // so subsequent attempts are successful even with encoded passwords - return new UsernamePasswordAuthenticationToken(principalToReturn, - authentication.getCredentials(), user.getAuthorities()); + return createSuccessAuthentication(principalToReturn, authentication, + user); } public boolean supports(Class authentication) { @@ -246,6 +244,21 @@ public class DaoAuthenticationProvider implements AuthenticationProvider, } } + /** + * Indicates whether the supplied Authentication object + * provided appropriate credentials. This method can be called several + * times throughout a single authentication request. + * + *

+ * Protected so subclasses can override. + *

+ * + * @param authentication that was presented to the + * DaoAuthenticationProvider for validation + * @param user that was loaded by the AuthenticationDao + * + * @return a boolean indicating whether the credentials were correct + */ protected boolean isPasswordCorrect(Authentication authentication, UserDetails user) { Object salt = null; @@ -258,6 +271,37 @@ public class DaoAuthenticationProvider implements AuthenticationProvider, authentication.getCredentials().toString(), salt); } + /** + * Creates a successful {@link Authentication} object. + * + *

+ * Protected so subclasses can override. This might be required if multiple + * credentials need to be placed into a custom Authentication + * object, such as a password as well as a ZIP code. + *

+ * + *

+ * Subclasses will usually store the original credentials the user supplied + * (not salted or encoded passwords) in the returned + * Authentication object. + *

+ * + * @param principal that should be the principal in the returned object + * (defined by the {@link #forcePrincipalAsString} property) + * @param authentication that was presented to the + * DaoAuthenticationProvider for validation + * @param user that was loaded by the AuthenticationDao + * + * @return the successful authentication token + */ + protected Authentication createSuccessAuthentication(Object principal, + Authentication authentication, UserDetails user) { + // Ensure we return the original credentials the user supplied, + // so subsequent attempts are successful even with encoded passwords + return new UsernamePasswordAuthenticationToken(principal, + authentication.getCredentials(), user.getAuthorities()); + } + private UserDetails getUserFromBackend(String username) { try { return this.authenticationDao.loadUserByUsername(username);