Example usage for org.springframework.security.authentication.jaas AuthorityGranter grant

List of usage examples for org.springframework.security.authentication.jaas AuthorityGranter grant

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.authentication.jaas.*
  5. AuthorityGranter
  6. grant

Introduction

In this page you can find the example usage for org.springframework.security.authentication.jaas AuthorityGranter grant.

Prototype

Set<String> grant(Principal principal);

Source Link

Document

The grant method is called for each principal returned from the LoginContext subject.

Usage

From source file:org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider.java

/**
 * Attempts to login the user given the Authentication objects principal and
 * credential// ww w.  j  a v a  2  s. co m
 *
 * @param auth The Authentication object to be authenticated.
 *
 * @return The authenticated Authentication object, with it's grantedAuthorities set.
 *
 * @throws AuthenticationException This implementation does not handle 'locked' or
 * 'disabled' accounts. This method only throws a AuthenticationServiceException, with
 * the message of the LoginException that will be thrown, should the
 * loginContext.login() method fail.
 */
public Authentication authenticate(Authentication auth) throws AuthenticationException {
    if (!(auth instanceof UsernamePasswordAuthenticationToken)) {
        return null;
    }

    UsernamePasswordAuthenticationToken request = (UsernamePasswordAuthenticationToken) auth;
    Set<GrantedAuthority> authorities;

    try {
        // Create the LoginContext object, and pass our InternallCallbackHandler
        LoginContext loginContext = createLoginContext(new InternalCallbackHandler(auth));

        // Attempt to login the user, the LoginContext will call our
        // InternalCallbackHandler at this point.
        loginContext.login();

        // Create a set to hold the authorities, and add any that have already been
        // applied.
        authorities = new HashSet<>();

        // Get the subject principals and pass them to each of the AuthorityGranters
        Set<Principal> principals = loginContext.getSubject().getPrincipals();

        for (Principal principal : principals) {
            for (AuthorityGranter granter : this.authorityGranters) {
                Set<String> roles = granter.grant(principal);

                // If the granter doesn't wish to grant any authorities, it should
                // return null.
                if ((roles != null) && !roles.isEmpty()) {
                    for (String role : roles) {
                        authorities.add(new JaasGrantedAuthority(role, principal));
                    }
                }
            }
        }

        // Convert the authorities set back to an array and apply it to the token.
        JaasAuthenticationToken result = new JaasAuthenticationToken(request.getPrincipal(),
                request.getCredentials(), new ArrayList<>(authorities), loginContext);

        // Publish the success event
        publishSuccessEvent(result);

        // we're done, return the token.
        return result;

    } catch (LoginException loginException) {
        AuthenticationException ase = this.loginExceptionResolver.resolveException(loginException);

        publishFailureEvent(request, ase);
        throw ase;
    }
}