diff --git a/core/src/main/java/org/acegisecurity/AbstractAuthenticationManager.java b/core/src/main/java/org/acegisecurity/AbstractAuthenticationManager.java
index 77f235c7af..ee156f4e47 100644
--- a/core/src/main/java/org/acegisecurity/AbstractAuthenticationManager.java
+++ b/core/src/main/java/org/acegisecurity/AbstractAuthenticationManager.java
@@ -23,6 +23,10 @@ package org.acegisecurity;
* @version $Id$
*/
public abstract class AbstractAuthenticationManager implements AuthenticationManager {
+
+ //~ Instance fields ================================================================================================
+ private boolean clearExtraInformation = true;
+
//~ Methods ========================================================================================================
/**
@@ -43,6 +47,11 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
return doAuthentication(authRequest);
} catch (AuthenticationException e) {
e.setAuthentication(authRequest);
+
+ if (clearExtraInformation) {
+ e.clearExtraInformation();
+ }
+
throw e;
}
}
@@ -60,4 +69,15 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
*/
protected abstract Authentication doAuthentication(Authentication authentication)
throws AuthenticationException;
+
+ /**
+ * If set to true, the extraInformation set on an AuthenticationException will be cleared
+ * before rethrowing it. This is useful for use with remoting protocols where the information shouldn't
+ * be serialized to the client. Defaults to 'false'.
+ *
+ * @see AuthenticationException#getExtraInformation()
+ */
+ public void setClearExtraInformation(boolean clearExtraInformation) {
+ this.clearExtraInformation = clearExtraInformation;
+ }
}
diff --git a/core/src/main/java/org/acegisecurity/AccountExpiredException.java b/core/src/main/java/org/acegisecurity/AccountExpiredException.java
index ef4af2c13d..29e540b06e 100644
--- a/core/src/main/java/org/acegisecurity/AccountExpiredException.java
+++ b/core/src/main/java/org/acegisecurity/AccountExpiredException.java
@@ -25,7 +25,7 @@ package org.acegisecurity;
public class AccountExpiredException extends AuthenticationException {
//~ Constructors ===================================================================================================
-/**
+ /**
* Constructs a AccountExpiredException with the specified
* message.
*
@@ -35,7 +35,7 @@ public class AccountExpiredException extends AuthenticationException {
super(msg);
}
-/**
+ /**
* Constructs a AccountExpiredException with the specified
* message and root cause.
*
@@ -45,4 +45,8 @@ public class AccountExpiredException extends AuthenticationException {
public AccountExpiredException(String msg, Throwable t) {
super(msg, t);
}
+
+ public AccountExpiredException(String msg, Object extraInformation) {
+ super(msg, extraInformation);
+ }
}
diff --git a/core/src/main/java/org/acegisecurity/AuthenticationException.java b/core/src/main/java/org/acegisecurity/AuthenticationException.java
index c8eb374a50..57497a52a1 100644
--- a/core/src/main/java/org/acegisecurity/AuthenticationException.java
+++ b/core/src/main/java/org/acegisecurity/AuthenticationException.java
@@ -25,12 +25,12 @@ package org.acegisecurity;
public abstract class AuthenticationException extends AcegiSecurityException {
//~ Instance fields ================================================================================================
- /** The authentication that related to this exception (may be null) */
private Authentication authentication;
+ private Object extraInformation;
//~ Constructors ===================================================================================================
-/**
+ /**
* Constructs an AuthenticationException with the specified
* message and root cause.
*
@@ -41,7 +41,7 @@ public abstract class AuthenticationException extends AcegiSecurityException {
super(msg, t);
}
-/**
+ /**
* Constructs an AuthenticationException with the specified
* message and no root cause.
*
@@ -51,8 +51,16 @@ public abstract class AuthenticationException extends AcegiSecurityException {
super(msg);
}
+ public AuthenticationException(String msg, Object extraInformation) {
+ super(msg);
+ this.extraInformation = extraInformation;
+ }
+
//~ Methods ========================================================================================================
+ /**
+ * The authentication request which this exception corresponds to (may be null)
+ */
public Authentication getAuthentication() {
return authentication;
}
@@ -60,4 +68,17 @@ public abstract class AuthenticationException extends AcegiSecurityException {
void setAuthentication(Authentication authentication) {
this.authentication = authentication;
}
+
+ /**
+ * Any additional information about the exception. Generally a UserDetails object.
+ *
+ * @return extra information or null
+ */
+ public Object getExtraInformation() {
+ return extraInformation;
+ }
+
+ void clearExtraInformation() {
+ this.extraInformation = null;
+ }
}
diff --git a/core/src/main/java/org/acegisecurity/BadCredentialsException.java b/core/src/main/java/org/acegisecurity/BadCredentialsException.java
index 52f1f8da58..211ea0115f 100644
--- a/core/src/main/java/org/acegisecurity/BadCredentialsException.java
+++ b/core/src/main/java/org/acegisecurity/BadCredentialsException.java
@@ -23,10 +23,6 @@ package org.acegisecurity;
* @version $Id$
*/
public class BadCredentialsException extends AuthenticationException {
- //~ Instance fields ================================================================================================
-
- private Object extraInformation;
-
//~ Constructors ===================================================================================================
/**
@@ -40,8 +36,7 @@ public class BadCredentialsException extends AuthenticationException {
}
public BadCredentialsException(String msg, Object extraInformation) {
- super(msg);
- this.extraInformation = extraInformation;
+ super(msg, extraInformation);
}
/**
@@ -57,12 +52,4 @@ public class BadCredentialsException extends AuthenticationException {
//~ Methods ========================================================================================================
- /**
- * Any additional information about the exception. Generally a UserDetails object.
- *
- * @return extra information or null
- */
- public Object getExtraInformation() {
- return extraInformation;
- }
}
diff --git a/core/src/main/java/org/acegisecurity/CredentialsExpiredException.java b/core/src/main/java/org/acegisecurity/CredentialsExpiredException.java
index 950f6ad7a4..9c3d4f7d8a 100644
--- a/core/src/main/java/org/acegisecurity/CredentialsExpiredException.java
+++ b/core/src/main/java/org/acegisecurity/CredentialsExpiredException.java
@@ -45,4 +45,8 @@ public class CredentialsExpiredException extends AuthenticationException {
public CredentialsExpiredException(String msg, Throwable t) {
super(msg, t);
}
+
+ public CredentialsExpiredException(String msg, Object extraInformation) {
+ super(msg, extraInformation);
+ }
}
diff --git a/core/src/main/java/org/acegisecurity/DisabledException.java b/core/src/main/java/org/acegisecurity/DisabledException.java
index bfa50edc2c..6be5bceb59 100644
--- a/core/src/main/java/org/acegisecurity/DisabledException.java
+++ b/core/src/main/java/org/acegisecurity/DisabledException.java
@@ -44,4 +44,8 @@ public class DisabledException extends AuthenticationException {
public DisabledException(String msg, Throwable t) {
super(msg, t);
}
+
+ public DisabledException(String msg, Object extraInformation) {
+ super(msg, extraInformation);
+ }
}
diff --git a/core/src/main/java/org/acegisecurity/LockedException.java b/core/src/main/java/org/acegisecurity/LockedException.java
index df4048c6ef..3b5a039e58 100644
--- a/core/src/main/java/org/acegisecurity/LockedException.java
+++ b/core/src/main/java/org/acegisecurity/LockedException.java
@@ -44,4 +44,8 @@ public class LockedException extends AuthenticationException {
public LockedException(String msg, Throwable t) {
super(msg, t);
}
+
+ public LockedException(String msg, Object extraInformation) {
+ super(msg, extraInformation);
+ }
}
diff --git a/core/src/main/java/org/acegisecurity/providers/dao/AbstractUserDetailsAuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/dao/AbstractUserDetailsAuthenticationProvider.java
index 9e6ba3c139..f530166541 100644
--- a/core/src/main/java/org/acegisecurity/providers/dao/AbstractUserDetailsAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/dao/AbstractUserDetailsAuthenticationProvider.java
@@ -266,6 +266,12 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
return preAuthenticationChecks;
}
+ /**
+ * Sets the policy will be used to verify the status of the loaded UserDetails before
+ * validation of the credentials takes place.
+ *
+ * @param preAuthenticationChecks strategy to be invoked prior to authentication.
+ */
public void setPreAuthenticationChecks(UserDetailsChecker preAuthenticationChecks) {
this.preAuthenticationChecks = preAuthenticationChecks;
}
@@ -286,19 +292,18 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
public void check(UserDetails user) {
if (!user.isAccountNonLocked()) {
throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
- "User account is locked"));
+ "User account is locked"), user);
}
if (!user.isEnabled()) {
throw new DisabledException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",
- "User is disabled"));
+ "User is disabled"), user);
}
if (!user.isAccountNonExpired()) {
throw new AccountExpiredException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired",
- "User account has expired"));
+ "User account has expired"), user);
}
-
}
}
@@ -306,9 +311,9 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
public void check(UserDetails user) {
if (!user.isCredentialsNonExpired()) {
throw new CredentialsExpiredException(messages.getMessage(
- "AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"));
+ "AbstractUserDetailsAuthenticationProvider.credentialsExpired",
+ "User credentials have expired"), user);
}
-
}
}
}
diff --git a/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
index 3c0c699c62..ea1246f2b9 100644
--- a/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
@@ -15,8 +15,6 @@
package org.acegisecurity.providers.dao;
-import java.util.Map;
-
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
@@ -26,7 +24,6 @@ import org.acegisecurity.providers.encoding.PasswordEncoder;
import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
-import org.springframework.context.ApplicationContext;
import org.springframework.dao.DataAccessException;
import org.springframework.util.Assert;
@@ -82,31 +79,6 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
}
- /**
- * Introspects the Applicationcontext for the single instance
- * of {@link AccessDeniedHandler}. If found invoke
- * setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) method by
- * providing the found instance of accessDeniedHandler as a method
- * parameter. If more than one instance of AccessDeniedHandler
- * is found, the method throws IllegalStateException.
- *
- * @param applicationContext to locate the instance
- */
- private void autoDetectAnyUserDetailsServiceAndUseIt(ApplicationContext applicationContext) {
- if (applicationContext != null) {
- Map map = applicationContext.getBeansOfType(UserDetailsService.class);
-
- if (map.size() > 1) {
- throw new IllegalArgumentException(
- "More than one UserDetailsService beans detected please refer to the one using "
- + " [ principalRepositoryBeanRef ] " + "attribute");
- }
- else if (map.size() == 1) {
- setUserDetailsService((UserDetailsService) map.values().iterator().next());
- }
- }
- }
-
public PasswordEncoder getPasswordEncoder() {
return passwordEncoder;
}
@@ -172,5 +144,4 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
public void setIncludeDetailsObject(boolean includeDetailsObject) {
this.includeDetailsObject = includeDetailsObject;
}
-
}
diff --git a/core/src/main/java/org/acegisecurity/userdetails/checker/AccountStatusUserDetailsChecker.java b/core/src/main/java/org/acegisecurity/userdetails/checker/AccountStatusUserDetailsChecker.java
index f55bc3b007..eb264c0d8e 100644
--- a/core/src/main/java/org/acegisecurity/userdetails/checker/AccountStatusUserDetailsChecker.java
+++ b/core/src/main/java/org/acegisecurity/userdetails/checker/AccountStatusUserDetailsChecker.java
@@ -22,21 +22,21 @@ public class AccountStatusUserDetailsChecker implements UserDetailsChecker {
public void check(UserDetails user) {
if (!user.isAccountNonLocked()) {
- throw new LockedException(messages.getMessage("UserDetailsService.locked", "User account is locked"));
+ throw new LockedException(messages.getMessage("UserDetailsService.locked", "User account is locked"), user);
}
if (!user.isEnabled()) {
- throw new DisabledException(messages.getMessage("UserDetailsService.disabled", "User is disabled"));
+ throw new DisabledException(messages.getMessage("UserDetailsService.disabled", "User is disabled"), user);
}
if (!user.isAccountNonExpired()) {
throw new AccountExpiredException(messages.getMessage("UserDetailsService.expired",
- "User account has expired"));
+ "User account has expired"), user);
}
if (!user.isCredentialsNonExpired()) {
throw new CredentialsExpiredException(messages.getMessage("UserDetailsService.credentialsExpired",
- "User credentials have expired"));
+ "User credentials have expired"), user);
}
}
}