Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-23 12:32:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Renamed all JAAS* classes to Jaas*

Browse Source
This commit is contained in:
Ray Krueger 2004-07-28 15:03:03 +00:00
parent 3648073461
commit f29e6763d4
11 changed files with 622 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationCallbackHandler.java Normal file
View File

@ -0,0 +1,47 @@
package net.sf.acegisecurity.providers.jaas;
import net.sf.acegisecurity.Authentication;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
/**
* The JaasAuthenticationCallbackHandler is similar to the javax.security.auth.callback.CallbackHandler interface
* in that it defines a handle method. The JaasAuthenticationCallbackHandler is only asked to handle one Callback instance at at time
* rather than an array of all Callbacks, as the javax... CallbackHandler defines.
* <p/>
* Before a JaasAuthenticationCallbackHandler is asked to 'handle' any callbacks, it is first passed the Authentication
* object that the login attempt is for. NOTE: The Authentication object has not been 'authenticated' yet.
* </p>
* <br>
*
* @author Ray Krueger
* @version $Id$
* @see JaasNameCallbackHandler
* @see JaasPasswordCallbackHandler
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback</a>
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html">CallbackHandler</a>
*/
public interface JaasAuthenticationCallbackHandler {
/**
* Called by the JaasAuthenticationProvider before calling the handle method for any Callbacks.
*
* @param auth The Authentication object currently being authenticated.
*/
void setAuthentication(Authentication auth);
/**
* Handle the <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback</a>.
* The handle method will be called for every callback instance sent from the LoginContext. Meaning that The handle
* method may be called multiple times for a given JaasAuthenticationCallbackHandler, after a single call
* to the {@link #setAuthentication(net.sf.acegisecurity.Authentication) setAuthentication} method.
*
* @param callback
* @throws IOException
* @throws UnsupportedCallbackException
*/
void handle(Callback callback) throws IOException, UnsupportedCallbackException;
}

290
core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationProvider.java Normal file
View File

@ -0,0 +1,290 @@
package net.sf.acegisecurity.providers.jaas;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.AuthenticationServiceException;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.providers.AuthenticationProvider;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.jaas.event.JaasAuthenticationFailedEvent;
import net.sf.acegisecurity.providers.jaas.event.JaasAuthenticationSuccessEvent;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.ApplicationContextException;
import org.springframework.core.io.Resource;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import java.io.IOException;
import java.security.Principal;
import java.security.Security;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
/**
* An {@link AuthenticationProvider} implementation that retrieves user details
* from a JAAS login configuration.
* <p/>
* This <code>AuthenticationProvider</code> is capable of validating {@link
* net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken} requests contain the correct username and password.
* </p>
* This implementation is backed by a <a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html">JAAS</a> configuration.
* The loginConfig property must be set to a given JAAS configuration file. This setter accepts a Spring
* {@link org.springframework.core.io.Resource} instance. It should point to a JAAS configuration file
* containing an index matching the {@link #setLoginContextName(java.lang.String) loginContextName} property.
* <p/>
* For example:
* If this JaasAuthenticationProvider were configured in a Spring WebApplicationContext the xml to set the loginConfiguration
* could be as follows...
* <pre>
* &lt;property name="loginConfig"&gt;
* &lt;value&gt;/WEB-INF/login.conf&lt;/value&gt;
* &lt;/property&gt;
* </pre>
* </p>
* <p/>
* <p/>
* The loginContextName should coincide with a given index in the loginConfig specifed.
* The loginConfig file used in the JUnit tests appears as the following...
* <pre>
* JAASTest {
* net.sf.acegisecurity.providers.jaas.TestLoginModule required;
* };
* </pre>
* Using the example login configuration above, the loginContextName property would be set as <i>JAASTest</i>...
* <pre>
* &lt;property name="loginContextName"&gt;
* &lt;value&gt;JAASTest&lt;/value&gt;
* &lt;/property&gt;
* </pre>
* </p>
* <p/>
* <p/>
* When using JAAS login modules as the authentication source, sometimes the
* <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/LoginContext.html">LoginContext</a>
* will require <i>CallbackHandler</i>s.
* The JaasAuthenticationProvider uses an internal <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html">CallbackHandler</a> to
* wrap the {@link JaasAuthenticationCallbackHandler}s configured in the ApplicationContext. When the LoginContext calls
* the internal CallbackHandler, control is passed to each {@link JaasAuthenticationCallbackHandler} for each Callback passed.
* </p>
* <p/>
* {@link JaasAuthenticationCallbackHandler}s are passed to the JaasAuthenticationProvider through the
* {@link #setCallbackHandlers(net.sf.acegisecurity.providers.jaas.JaasAuthenticationCallbackHandler[]) callbackHandlers} property.
* <pre>
* &lt;property name="callbackHandlers"&gt;
* &lt;list&gt;
* &lt;bean class="net.sf.acegisecurity.providers.jaas.TestCallbackHandler"/&gt;
* &lt;bean class="{@link JaasNameCallbackHandler net.sf.acegisecurity.providers.jaas.JaasNameCallbackHandler}"/&gt;
* &lt;bean class="{@link JaasPasswordCallbackHandler net.sf.acegisecurity.providers.jaas.JaasPasswordCallbackHandler}"/&gt;
* &lt;/list&gt;
* &lt;/property&gt;
* </pre>
* </p>
* <p/>
* <p/>
* After calling LoginContext.login(), the JaasAuthenticationProvider will retrieve the returned Principals from the Subject (LoginContext.getSubject().getPrincipals).
* Each returned principal is then passed to the configured {@link AuthorityGranter}s. An AuthorityGranter is a mapping between a returned Principal, and a role name.
* If an AuthorityGranter wishes to grant an Authorization a role, it returns that role name from it's {@link AuthorityGranter#grant(java.security.Principal)} method.
* The returned role will be applied to the Authorization object as a {@link GrantedAuthority}.
* <p/>
* AuthorityGranters are configured in spring xml as follows...
* <pre>
* &lt;property name="authorityGranters"&gt;
* &lt;list&gt;
* &lt;bean class="net.sf.acegisecurity.providers.jaas.TestAuthorityGranter"/&gt;
* &lt;/list&gt;
* &lt;/property&gt;
* <p/>
* </pre>
* </p>
*
* @author Ray Krueger
* @version $Id$
*/
public class JaasAuthenticationProvider implements AuthenticationProvider, InitializingBean, ApplicationContextAware {
private ApplicationContext context;
private String loginContextName = "ACEGI";
private Resource loginConfig;
private JaasAuthenticationCallbackHandler[] callbackHandlers;
private AuthorityGranter[] authorityGranters;
/**
* Attempts to login the user given the Authentication objects principal and credential
*
* @param auth The Authentication object to be authenticated.
* @return The authenticated Authentication object, with it's grantedAuthorities set.
* @throws AuthenticationException This implementation does not handle 'locked' or 'disabled' accounts.
* This method only throws a AuthenticationServiceException, with the message of the LoginException that will be thrown,
* should the loginContext.login() method fail.
*/
public Authentication authenticate(Authentication auth) throws AuthenticationException {
if (auth instanceof UsernamePasswordAuthenticationToken) {
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) auth;
try {
//Create the LoginContext object, and pass our InternallCallbackHandler
LoginContext lc = new LoginContext(loginContextName, new InternalCallbackHandler(auth));
//Attempt to login the user, the LoginContext will call our InternalCallbackHandler at this point.
lc.login();
//create a set to hold the authorities, and add any that have already been applied.
Set authorities = new HashSet();
if (token.getAuthorities() != null) {
authorities.addAll(Arrays.asList(token.getAuthorities()));
}
//get the subject principals and pass them to each of the AuthorityGranters
Set principals = lc.getSubject().getPrincipals();
for (Iterator iterator = principals.iterator(); iterator.hasNext();) {
Principal principal = (Principal) iterator.next();
for (int i = 0; i < authorityGranters.length; i++) {
AuthorityGranter granter = authorityGranters[i];
String role = granter.grant(principal);
//If the granter doesn't wish to grant any authority, it should return null.
if (role != null) {
authorities.add(new JaasGrantedAuthority(role, principal));
}
}
}
//Convert the authorities set back to an array and apply it to the token.
token.setAuthorities((GrantedAuthority[]) authorities.toArray(new GrantedAuthority[authorities.size()]));
//Publish the success event
context.publishEvent(new JaasAuthenticationSuccessEvent(token));
//we're done, return the token.
return token;
} catch (LoginException e) {
context.publishEvent(new JaasAuthenticationFailedEvent(auth, e));
//We have no way of knowing what caused the exception, so we cannot throw BadCredentialsException, DisabledException, or LockedException.
//So we'll just throw an AuthenticationServiceException
throw new AuthenticationServiceException(e.toString());
}
}
return null;
}
public boolean supports(Class aClass) {
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(aClass);
}
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
this.context = applicationContext;
}
public String getLoginContextName() {
return loginContextName;
}
/**
* Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property.
*
* @param loginContextName
*/
public void setLoginContextName(String loginContextName) {
this.loginContextName = loginContextName;
}
public Resource getLoginConfig() {
return loginConfig;
}
/**
* Set the JAAS login configuration file.
*
* @param loginConfig <a href="http://www.springframework.org/docs/api/org/springframework/core/io/Resource.html">Spring Resource</a>
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html">JAAS Reference</a>
*/
public void setLoginConfig(Resource loginConfig) {
this.loginConfig = loginConfig;
}
public void afterPropertiesSet() throws Exception {
if (loginConfig == null)
throw new ApplicationContextException("loginConfig must be set on " + getClass());
if (loginContextName == null)
throw new ApplicationContextException("loginContextName must be set on " + getClass());
int n = 1;
while (Security.getProperty("login.config.url." + n) != null) n++;
Security.setProperty("login.config.url." + n, loginConfig.getURL().toString());
}
/**
* @return the JAASAuthenticationCallbackHandlers.
* @see #setCallbackHandlers(net.sf.acegisecurity.providers.jaas.JaasAuthenticationCallbackHandler[])
*/
public JaasAuthenticationCallbackHandler[] getCallbackHandlers() {
return callbackHandlers;
}
/**
* Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the
* LoginContext.login method.
*
* @param callbackHandlers Array of JAASAuthenticationCallbackHandlers
*/
public void setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers) {
this.callbackHandlers = callbackHandlers;
}
/**
* @return The AuthorityGranter array
* @see #setAuthorityGranters(net.sf.acegisecurity.providers.jaas.AuthorityGranter[])
*/
public AuthorityGranter[] getAuthorityGranters() {
return authorityGranters;
}
/**
* Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.
*
* @param authorityGranters AuthorityGranter array
* @see JaasAuthenticationProvider
*/
public void setAuthorityGranters(AuthorityGranter[] authorityGranters) {
this.authorityGranters = authorityGranters;
}
/**
* Wrapper class for JAASAuthenticationCallbackHandlers
*/
private class InternalCallbackHandler implements CallbackHandler {
private Authentication authentication;
public InternalCallbackHandler(Authentication authentication) {
this.authentication = authentication;
}
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbackHandlers.length; i++) {
JaasAuthenticationCallbackHandler handler = callbackHandlers[i];
handler.setAuthentication(authentication);
for (int j = 0; j < callbacks.length; j++) {
Callback callback = callbacks[j];
handler.handle(callback);
}
}
}
}
}

27
core/src/main/java/org/acegisecurity/providers/jaas/JaasGrantedAuthority.java Normal file
View File

@ -0,0 +1,27 @@
package net.sf.acegisecurity.providers.jaas;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import java.security.Principal;
/**
* Extends GrantedAuthorityImpl to hold the principal that an AuthorityGranter justified as a reason to grant this Authority.
* <br>
*
* @author Ray Krueger
* @version $Id$
* @see AuthorityGranter
*/
public class JaasGrantedAuthority extends GrantedAuthorityImpl {
private Principal principal;
public JaasGrantedAuthority(String role, Principal principal) {
super(role);
this.principal = principal;
}
public Principal getPrincipal() {
return principal;
}
}

43
core/src/main/java/org/acegisecurity/providers/jaas/JaasNameCallbackHandler.java Normal file
View File

@ -0,0 +1,43 @@
package net.sf.acegisecurity.providers.jaas;
import net.sf.acegisecurity.Authentication;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
/**
* The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and PasswordCallback.
* The acegi security framework provides the JaasNameCallbackHandler specifically tailored to handling the NameCallback.
* <br>
*
* @author Ray Krueger
* @version $Id$
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback</a>
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html">NameCallback</a>
*/
public class JaasNameCallbackHandler implements JaasAuthenticationCallbackHandler {
private Authentication authentication;
public void setAuthentication(Authentication authentication) {
this.authentication = authentication;
}
/**
* If the callback passed to the 'handle' method is an instance of NameCallback, the JaasNameCallbackHandler will call,
* callback.setName(authentication.getPrincipal().toString()). Where 'authentication' is the {@link Authentication}
* object used in the {@link #setAuthentication(net.sf.acegisecurity.Authentication) setAuthentication} method.
*
* @param callback
* @throws IOException
* @throws UnsupportedCallbackException
*/
public void handle(Callback callback) throws IOException, UnsupportedCallbackException {
if (callback instanceof NameCallback) {
NameCallback ncb = (NameCallback) callback;
ncb.setName(authentication.getPrincipal().toString());
}
}
}

43
core/src/main/java/org/acegisecurity/providers/jaas/JaasPasswordCallbackHandler.java Normal file
View File

@ -0,0 +1,43 @@
package net.sf.acegisecurity.providers.jaas;
import net.sf.acegisecurity.Authentication;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
/**
* The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and PasswordCallback.
* The acegi security framework provides the JaasPasswordCallbackHandler specifically tailored to handling the PasswordCallback.
* <br>
*
* @author Ray Krueger
* @version $Id$
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback</a>
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html">PasswordCallback</a>
*/
public class JaasPasswordCallbackHandler implements JaasAuthenticationCallbackHandler {
private Authentication auth;
public void setAuthentication(Authentication auth) {
this.auth = auth;
}
/**
* If the callback passed to the 'handle' method is an instance of PasswordCallback, the JaasPasswordCallbackHandler will call,
* callback.setPassword(authentication.getCredentials().toString()). Where 'authentication' is the {@link Authentication}
* object used in the {@link JaasAuthenticationCallbackHandler#setAuthentication(net.sf.acegisecurity.Authentication) setAuthentication} method.
*
* @param callback
* @throws IOException
* @throws UnsupportedCallbackException
*/
public void handle(Callback callback) throws IOException, UnsupportedCallbackException {
if (callback instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callback;
pc.setPassword(auth.getCredentials().toString().toCharArray());
}
}
}

31
core/src/main/java/org/acegisecurity/providers/jaas/event/JaasAuthenticationEvent.java Normal file
View File

@ -0,0 +1,31 @@
package net.sf.acegisecurity.providers.jaas.event;
import net.sf.acegisecurity.Authentication;
import org.springframework.context.ApplicationEvent;
/**
* Parent class for events fired by the {@link net.sf.acegisecurity.providers.jaas.JaasAuthenticationProvider JaasAuthenticationProvider}.
*
* @author Ray Krueger
* @version $Id$
*/
public abstract class JaasAuthenticationEvent extends ApplicationEvent {
/**
* The Authentication object is stored as the ApplicationEvent 'source'.
*
* @param auth
*/
public JaasAuthenticationEvent(Authentication auth) {
super(auth);
}
/**
* Pre-casted method that returns the 'source' of the event.
*
* @return
*/
public Authentication getAuthentication() {
return (Authentication) source;
}
}

25
core/src/main/java/org/acegisecurity/providers/jaas/event/JaasAuthenticationFailedEvent.java Normal file
View File

@ -0,0 +1,25 @@
package net.sf.acegisecurity.providers.jaas.event;
import net.sf.acegisecurity.Authentication;
/**
* Fired when LoginContext.login throws a LoginException, or if any other exception is thrown during that time.
* <br>
*
* @author Ray Krueger
* @version $Id$
*/
public class JaasAuthenticationFailedEvent extends JaasAuthenticationEvent {
private Exception exception;
public JaasAuthenticationFailedEvent(Authentication auth, Exception exception) {
super(auth);
this.exception = exception;
}
public Exception getException() {
return exception;
}
}

19
core/src/main/java/org/acegisecurity/providers/jaas/event/JaasAuthenticationSuccessEvent.java Normal file
View File

@ -0,0 +1,19 @@
package net.sf.acegisecurity.providers.jaas.event;
import net.sf.acegisecurity.Authentication;
/**
* Fired by the {@link net.sf.acegisecurity.providers.jaas.JaasAuthenticationProvider JaasAuthenticationProvider} after
* successfully logging the user into the LoginContext, handling all callbacks, and calling all AuthorityGranters.
* <br>
*
* @author Ray Krueger
* @version $Id$
*/
public class JaasAuthenticationSuccessEvent extends JaasAuthenticationEvent {
public JaasAuthenticationSuccessEvent(Authentication auth) {
super(auth);
}
}

71
core/src/test/java/org/acegisecurity/providers/jaas/JaasAuthenticationProviderTests.java Normal file
View File

@ -0,0 +1,71 @@
package net.sf.acegisecurity.providers.jaas;
import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.springframework.context.support.FileSystemXmlApplicationContext;
import java.util.Arrays;
import java.util.List;
/**
* Insert comments here...
* <br>
*
* @author Ray Krueger
* @version $Id$
*/
public class JaasAuthenticationProviderTests extends TestCase {
private JaasAuthenticationProvider jaasProvider;
protected void setUp() throws Exception {
String resName = "/" + getClass().getName().replace('.', '/') + ".xml";
FileSystemXmlApplicationContext context = new FileSystemXmlApplicationContext(getClass().getResource(resName).toString());
jaasProvider = (JaasAuthenticationProvider) context.getBean("jaasAuthenticationProvider");
}
public void testFull() throws Exception {
GrantedAuthorityImpl role1 = new GrantedAuthorityImpl("ROLE_1");
GrantedAuthorityImpl role2 = new GrantedAuthorityImpl("ROLE_2");
GrantedAuthority[] defaultAuths = new GrantedAuthority[]{
role1,
role2,
};
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password", defaultAuths);
Authentication auth = jaasProvider.authenticate(token);
List list = Arrays.asList(auth.getAuthorities());
assertTrue("GrantedAuthorities does not contain ROLE_TEST",
list.contains(new GrantedAuthorityImpl("ROLE_TEST")));
assertTrue("GrantedAuthorities does not contain ROLE_1", list.contains(role1));
assertTrue("GrantedAuthorities does not contain ROLE_2", list.contains(role2));
}
public void testBadUser() {
try {
jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("asdf", "password"));
fail("LoginException should have been thrown for the bad user");
} catch (AuthenticationException e) {
}
}
public void testBadPassword() {
try {
jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "asdf"));
fail("LoginException should have been thrown for the bad password");
} catch (AuthenticationException e) {
}
}
}

25
core/src/test/java/org/acegisecurity/providers/jaas/JaasAuthenticationProviderTests.xml Normal file
View File

@ -0,0 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="jaasAuthenticationProvider" class="net.sf.acegisecurity.providers.jaas.JaasAuthenticationProvider">
<property name="loginContextName">
<value>JAASTest</value>
</property>
<property name="loginConfig">
<value>classpath:net/sf/acegisecurity/providers/jaas/login.conf</value>
</property>
<property name="callbackHandlers">
<list>
<bean class="net.sf.acegisecurity.providers.jaas.TestCallbackHandler"/>
<bean class="net.sf.acegisecurity.providers.jaas.JaasNameCallbackHandler"/>
<bean class="net.sf.acegisecurity.providers.jaas.JaasPasswordCallbackHandler"/>
</list>
</property>
<property name="authorityGranters">
<list>
<bean class="net.sf.acegisecurity.providers.jaas.TestAuthorityGranter"/>
</list>
</property>
</bean>
</beans>

2
core/src/test/java/org/acegisecurity/providers/jaas/TestCallbackHandler.java
View File

@ -14,7 +14,7 @@ import java.io.IOException;
* @author Ray Krueger
* @version $Id$
*/
public class TestCallbackHandler implements JAASAuthenticationCallbackHandler {
public class TestCallbackHandler implements JaasAuthenticationCallbackHandler {
Authentication auth;