org.jsecurity.mgt
Class AuthenticatingSecurityManager
java.lang.Object
org.jsecurity.mgt.CachingSecurityManager
org.jsecurity.mgt.RealmSecurityManager
org.jsecurity.mgt.AuthenticatingSecurityManager
- All Implemented Interfaces:
- AuthenticationListenerRegistrar, Authenticator, Authorizer, CacheManagerAware, SecurityManager, SessionFactory, Destroyable
- Direct Known Subclasses:
- AuthorizingSecurityManager
public abstract class AuthenticatingSecurityManager
- extends RealmSecurityManager
- implements AuthenticationListenerRegistrar
JSecurity support of a SecurityManager class hierarchy that delegates all
authentication operations to a wrapped Authenticator instance. That is, this class
implements all the Authenticator methods in the SecurityManager
interface, but in reality, those methods are merely passthrough calls to the underlying 'real'
Authenticator instance.
All other SecurityManager (authorization, session, etc) methods are left to be implemented by subclasses.
In keeping with the other classes in this hierarchy and JSecurity's desire to minimize configuration whenever
possible, suitable default instances for all dependencies are created upon instantiation.
- Since:
- 0.9
- Author:
- Les Hazlewood
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Methods inherited from interface org.jsecurity.authz.Authorizer |
checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll |
AuthenticatingSecurityManager
public AuthenticatingSecurityManager()
- Default no-arg constructor.
getAuthenticator
public Authenticator getAuthenticator()
setAuthenticator
public void setAuthenticator(Authenticator authenticator)
ensureAuthenticator
protected void ensureAuthenticator()
createAuthenticator
protected Authenticator createAuthenticator()
setModularAuthenticationStrategy
public void setModularAuthenticationStrategy(ModularAuthenticationStrategy strategy)
setAuthenticationListeners
public void setAuthenticationListeners(Collection<AuthenticationListener> listeners)
- This is a convenience method that allows registration of AuthenticationListeners with the underlying
delegate Authenticator instance.
This is more convenient than having to configure your own Authenticator instance, inject the listeners on
it, and then set that Authenticator instance as an attribute of this class. Instead, you can just rely
on the SecurityManager's default initialization logic to create the Authenticator instance for you
and then apply these AuthenticationListeners on your behalf.
One notice however: The underlying Authenticator delegate must implement the
AuthenticationListenerRegistrar
interface in order for these listeners to be applied. If it does not implement this interface, it is
considered a configuration error and an exception will be thrown.
All of JSecurity's Authenticator implementations implement the
AuthenticationListenerRegistrar interface, so you would only need
to worry about an exception being thrown if you provided your own Authenticator instance and did not
implement it.
- Specified by:
setAuthenticationListeners in interface AuthenticationListenerRegistrar
- Parameters:
listeners - the AuthenticationListeners to register with the underlying delegate
Authenticator.
add
public void add(AuthenticationListener listener)
- Specified by:
add in interface AuthenticationListenerRegistrar
remove
public boolean remove(AuthenticationListener listener)
- Specified by:
remove in interface AuthenticationListenerRegistrar
setRealms
public void setRealms(Collection<Realm> realms)
- Description copied from class:
RealmSecurityManager
- Sets the realms managed by this SecurityManager instance.
- Overrides:
setRealms in class RealmSecurityManager
- Parameters:
realms - the realms managed by this SecurityManager instance.
beforeRealmsDestroyed
protected void beforeRealmsDestroyed()
- Overrides:
beforeRealmsDestroyed in class RealmSecurityManager
beforeAuthenticatorDestroyed
protected void beforeAuthenticatorDestroyed()
destroyAuthenticator
protected void destroyAuthenticator()
authenticate
public AuthenticationInfo authenticate(AuthenticationToken token)
throws AuthenticationException
- Delegates to the wrapped
Authenticator for authentication.
- Specified by:
authenticate in interface Authenticator
- Parameters:
token - any representation of a user's principals and credentials
submitted during an authentication attempt.
- Returns:
- the AuthenticationInfo representing the authenticating user's account data.
- Throws:
AuthenticationException - if there is any problem during the authentication process.
See the specific exceptions listed below to as examples of what could happen in order
to accurately handle these problems and to notify the user in an appropriate manner why
the authentication attempt failed. Realize an implementation of this interface may or may
not throw those listed or may throw other AuthenticationExceptions, but the list shows
the most common ones.- See Also:
ExpiredCredentialsException,
IncorrectCredentialsException,
ExcessiveAttemptsException,
LockedAccountException,
ConcurrentAccessException,
UnknownAccountException
Copyright © 2004-2008 JSecurity.