Deleted superseded dao-auth-provider.xml chapter.
This commit is contained in:
Luke Taylor
parent
07b9ded126
commit
31afb9c76d
|
|
@ -1,95 +0,0 @@
|
|||
<chapter xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="dao-provider">
|
||||
<info>
|
||||
<title>DAO Authentication Provider</title>
|
||||
</info>
|
||||
<section xml:id="dao-provider-overview">
|
||||
<info>
|
||||
<title>Overview</title>
|
||||
</info>
|
||||
<para>Spring Security includes a production-quality
|
||||
<classname>AuthenticationProvider</classname> implementation called
|
||||
<literal>DaoAuthenticationProvider</literal>. This authentication provider is compatible
|
||||
with all of the authentication mechanisms that generate a
|
||||
<literal>UsernamePasswordAuthenticationToken</literal>, and is probably the most
|
||||
commonly used provider in the framework. Like most of the other authentication
|
||||
providers, the DaoAuthenticationProvider leverages a UserDetailsService in order to
|
||||
lookup the username, password and GrantedAuthority[]s. Unlike most of the other
|
||||
authentication providers that leverage UserDetailsService, this authentication provider
|
||||
actually requires the password to be presented, and the provider will actually evaluate
|
||||
the validity or otherwise of the password presented in an authentication request
|
||||
object.</para>
|
||||
</section>
|
||||
<section xml:id="dao-provider-config">
|
||||
<info>
|
||||
<title>Configuration</title>
|
||||
</info>
|
||||
<para>Aside from adding DaoAuthenticationProvider to your ProviderManager list (as discussed
|
||||
at the start of this part of the reference guide), and ensuring a suitable
|
||||
authentication mechanism is configured to present a UsernamePasswordAuthenticationToken,
|
||||
the configuration of the provider itself is rather simple:</para>
|
||||
<para> <programlisting>
|
||||
<![CDATA[
|
||||
<bean id="daoAuthenticationProvider"
|
||||
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
|
||||
<property name="userDetailsService" ref="inMemoryDaoImpl"/>
|
||||
<property name="saltSource" ref bean="saltSource"/>
|
||||
<property name="passwordEncoder" ref="passwordEncoder"/>
|
||||
</bean> ]]>
|
||||
</programlisting> </para>
|
||||
<para>The <literal>PasswordEncoder</literal> and <literal>SaltSource</literal> are optional.
|
||||
A <literal>PasswordEncoder</literal> provides encoding and decoding of passwords
|
||||
presented in the <interfacename>UserDetails</interfacename> object that is returned from
|
||||
the configured <interfacename>UserDetailsService</interfacename>. A
|
||||
<literal>SaltSource</literal> enables the passwords to be populated with a "salt", which
|
||||
enhances the security of the passwords in the authentication repository.
|
||||
<literal>PasswordEncoder</literal> implementations are provided with Spring Security
|
||||
covering MD5, SHA and cleartext encodings. Two <literal>SaltSource</literal>
|
||||
implementations are also provided: <literal>SystemWideSaltSource</literal> which encodes
|
||||
all passwords with the same salt, and <literal>ReflectionSaltSource</literal>, which
|
||||
inspects a given property of the returned <interfacename>UserDetails</interfacename>
|
||||
object to obtain the salt. Please refer to the JavaDocs for further details on these
|
||||
optional features.</para>
|
||||
<para>In addition to the properties above, the <literal>DaoAuthenticationProvider</literal>
|
||||
supports optional caching of <interfacename>UserDetails</interfacename> objects. The
|
||||
<literal>UserCache</literal> interface enables the
|
||||
<literal>DaoAuthenticationProvider</literal> to place a
|
||||
<interfacename>UserDetails</interfacename> object into the cache, and retrieve it from
|
||||
the cache upon subsequent authentication attempts for the same username. By default the
|
||||
<literal>DaoAuthenticationProvider</literal> uses the <literal>NullUserCache</literal>,
|
||||
which performs no caching. A usable caching implementation is also provided,
|
||||
<literal>EhCacheBasedUserCache</literal>, which is configured as follows:</para>
|
||||
<para> <programlisting><![CDATA[
|
||||
<bean id="daoAuthenticationProvider"
|
||||
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
|
||||
<property name="userDetailsService" ref="userDetailsService"/>
|
||||
<property name="userCache" ref="userCache"/>
|
||||
</bean>
|
||||
|
||||
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
|
||||
<property name="configLocation" value="classpath:/ehcache-failsafe.xml"/>
|
||||
</bean>
|
||||
|
||||
<bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
|
||||
<property name="cacheManager" ref="cacheManager"/>
|
||||
<property name="cacheName" value="userCache"/>
|
||||
</bean>
|
||||
|
||||
<bean id="userCache"
|
||||
class="org.springframework.security.core.userdetails.cache.EhCacheBasedUserCache">
|
||||
<property name="cache" ref="userCacheBackend"/>
|
||||
</bean>]]>
|
||||
</programlisting> </para>
|
||||
<para>All Spring Security EH-CACHE implementations (including
|
||||
<literal>EhCacheBasedUserCache</literal>) require an EH-CACHE <literal>Cache</literal>
|
||||
object. The <literal>Cache</literal> object can be obtained from wherever you like,
|
||||
although we recommend you use Spring's factory classes as shown in the above
|
||||
configuration. If using Spring's factory classes, please refer to the Spring
|
||||
documentation for further details on how to optimise the cache storage location, memory
|
||||
usage, eviction policies, timeouts etc.</para>
|
||||
<note>
|
||||
<para>In the majority of cases, where your application is a stateful web application,
|
||||
you don't need to use a cache as the user's authentication information will be
|
||||
stored in the <literal>HttpSession</literal>. </para>
|
||||
</note>
|
||||
</section>
|
||||
</chapter>
|
||||
|
|
@ -130,31 +130,7 @@
|
|||
<xi:include href="session-mgmt.xml"/>
|
||||
<xi:include href="anon-auth-provider.xml"/>
|
||||
</part>
|
||||
<!--
|
||||
<part xml:id="authentication">
|
||||
<title>Authentication</title>
|
||||
<partintro>
|
||||
<para>We've already introduced Spring Security's authentication architecture in the <link
|
||||
xlink:href="#technical-overview">Technical Overview</link> chapter. In this part of the
|
||||
reference guide we will examine individual authentication mechanisms and their corresponding
|
||||
<classname>AuthenticationProvider</classname>s. We'll also look at how to configure
|
||||
authentication more generally, including if you have several authentication approaches that
|
||||
need to be chained together.</para>
|
||||
<para> With some exceptions, we will be discussing the full details of Spring Security bean
|
||||
configuration rather than the shorthand <link xlink:href="#ns-config">namespace
|
||||
syntax</link>. You should review the introduction to using namespace configuration and the
|
||||
options it provides to see if they will meet your needs. As you come to use the framework
|
||||
more, and need to customize the internal behaviour, you will probably want to understand
|
||||
more about how the individual services are implemented, which classes to look at extending
|
||||
and so on. This part is more targeted at providing this kind of information. We'd recommend
|
||||
that you supplement the content by browsing the Javadoc and the source itself <footnote>
|
||||
<para>Links to both Javadoc APIs and browsable source cross-reference are available from
|
||||
the project web site.</para>
|
||||
</footnote>. </para>
|
||||
</partintro>
|
||||
<xi:include href="dao-auth-provider.xml"/>
|
||||
</part>
|
||||
-->
|
||||
|
||||
<part xml:id="authorization">
|
||||
<title>Authorization</title>
|
||||
<partintro>
|
||||
|
|
|
|||
Loading…
Reference in New Issue