Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 21:12:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-7: Allow better chaining of authentication providers.

Browse Source
This commit is contained in:
Ben Alex 2005-11-03 04:14:12 +00:00
parent 42c47c086a
commit 2cbe42f493
1 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
core/src/main/java/org/acegisecurity/providers/ProviderManager.java
View File

@ -35,6 +35,22 @@ import java.util.List;
* AuthenticationProvider}s. Can optionally be configured with a {@link * AuthenticationProvider}s. Can optionally be configured with a {@link
* ConcurrentSessionController} to limit the number of sessions a user can * ConcurrentSessionController} to limit the number of sessions a user can
* have. * have.
*
* <p>
* <code>AuthenticationProvider</code>s are tried in order until one provides a
* non-null response. A non-null response indicates the provider had authority
* to decide on the authentication request and no further providers are tried.
* If an <code>AuthenticationException</code> is thrown by a provider, it is
* retained until subsequent providers are tried. If a subsequent provider
* successfully authenticates the request, the earlier authentication
* exception is disregarded and the successful authentication will be used. If
* no subsequent provider provides a non-null response, or a new
* <code>AuthenticationException</code>, the last
* <code>AuthenticationException</code> received will be used. If no provider
* returns a non-null response, or indicates it can even process an
* <code>Authentication</code>, the <code>ProviderManager</code> will throw a
* <code>ProviderNotFoundException</code>.
* </p>
* *
* @author Ben Alex * @author Ben Alex
* @author Wesley Hall * @author Wesley Hall
@ -107,7 +123,7 @@ public class ProviderManager extends AbstractAuthenticationManager
* {@link NullConcurrentSessionController} if a specific one has not been * {@link NullConcurrentSessionController} if a specific one has not been
* set. * set.
* *
* @return{@link ConcurrentSessionController} instance * @return {@link ConcurrentSessionController} instance
*/ */
public ConcurrentSessionController getSessionController() { public ConcurrentSessionController getSessionController() {
return sessionController; return sessionController;
@ -150,6 +166,8 @@ public class ProviderManager extends AbstractAuthenticationManager
sessionController.checkAuthenticationAllowed(authentication); sessionController.checkAuthenticationAllowed(authentication);
AuthenticationException lastException = null;
while (iter.hasNext()) { while (iter.hasNext()) {
AuthenticationProvider provider = (AuthenticationProvider) iter AuthenticationProvider provider = (AuthenticationProvider) iter
.next(); .next();
@ -158,7 +176,13 @@ public class ProviderManager extends AbstractAuthenticationManager
logger.debug("Authentication attempt using " logger.debug("Authentication attempt using "
+ provider.getClass().getName()); + provider.getClass().getName());
Authentication result = provider.authenticate(authentication); Authentication result = null;
try {
result = provider.authenticate(authentication);
} catch (AuthenticationException ae) {
lastException = ae;
}
if (result != null) { if (result != null) {
sessionController.registerSuccessfulAuthentication(result); sessionController.registerSuccessfulAuthentication(result);
@ -168,6 +192,10 @@ public class ProviderManager extends AbstractAuthenticationManager
} }
} }
if (lastException != null) {
throw lastException;
}
throw new ProviderNotFoundException("No authentication provider for " throw new ProviderNotFoundException("No authentication provider for "
+ toTest.getName()); + toTest.getName());
} }