From 73af01a47725140ddc5790bbf1f4b28772f4d338 Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Fri, 23 Apr 2004 08:48:58 +0000 Subject: [PATCH] Add DaoAuthenticationProvider caching support. --- docs/reference/src/index.xml | 51 ++++++++++++++++++++++++++++++------ 1 file changed, 43 insertions(+), 8 deletions(-) diff --git a/docs/reference/src/index.xml b/docs/reference/src/index.xml index 88c67968ce..8396b05fbb 100644 --- a/docs/reference/src/index.xml +++ b/docs/reference/src/index.xml @@ -25,10 +25,8 @@ This document provides a reference guide to the Acegi Security System for Spring, which is a series of classes that deliver - authentication and authorization services within the Spring Framework. - Whilst the Acegi Security System for Spring is not officially part of - Spring, it is hoped this implementation will further discussion concerning - the implementation of security capabilities within Spring itself. + authentication and authorization services within the Spring + Framework. I would like to acknowledge this reference was prepared using the DocBook configuration included with the Spring Framework. The Spring team @@ -566,12 +564,18 @@ The AuthenticationEntryPoint will be called if the user requests a secure HTTP resource but they are not authenticated. The class handles presenting the appropriate response - to the user so that authentication can begin. Two concrete + to the user so that authentication can begin. Three concrete implementations are provided with the Acegi Security System for Spring: AuthenticationProcessingFilterEntryPoint - for commencing a form-based authentication, and + for commencing a form-based authentication, BasicProcessingFilterEntryPoint for commencing a - Http Basic authentication process. + Http Basic authentication process, and + CasProcessingFilterEntryPoint for commencing a Yale + Central Authentication Service (CAS) login. The + AuthenticationProcessingFilterEntryPoint and + CasProcessingFilterEntryPoint have optional + properties related to forcing the use of HTTPS, so please refer to the + JavaDocs if you require this. The SecurityEnforcementFilter primarily provides session management support and initiates authentication when @@ -693,7 +697,7 @@ its credentials are populated by the client code, whilst the granted authorities are populated by the AuthenticationManager. The Acegi Security System - for Spring includes several concrete Authentication + for Spring includes several concrete Authentication implementations: @@ -718,6 +722,20 @@ section. + + CasAuthenticationToken is used to + represent a successful Yale Central Authentication Service (CAS) + authentication. This is discussed further in the CAS + section. + + + + DaoAuthenticationToken is used to + represent a successful authentication by the + DaoAuthenticationProvider. This is further + discussed below. + + PrincipalAcegiUserToken and JettyAcegiUserToken implement @@ -877,6 +895,8 @@ <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property> + <property name="key"><value>my_password</value></property> + <property name="refreshTokenInterval><value>60000</value></property> <property name="saltSource"><ref bean="saltSource"/></property> <property name="passwordEncoder"><ref bean="passwordEncoder"/></property> </bean> @@ -897,6 +917,20 @@ salt. Please refer to the JavaDocs for further details on these optional features. + The key property permits the + DaoAuthenticationProvider to build a + DaoAuthenticationToken that represents the + successful authentication request. This allows the + DaoAuthenticationProvider to avoid repeated lookups + of the backend authentication repository. For a presented + DaoAuthenticationToken to be accepted as valid, it + needs to both present the expected key (to prove it was created by the + DaoAuthenticationProvider) and that is has not + expired. DaoAuthenticationTokens by default expire + 60 seconds after they have been created, although this can be set to + any other millisecond value via the + refreshTokenInterval property. + For a class to be able to provide the DaoAuthenticationProvider with access to an authentication repository, it must implement the @@ -2434,6 +2468,7 @@ $CATALINA_HOME/bin/startup.sh <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property> + <property name="key"><value>my_password</value></property> </bean> <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">