Examples of org.springframework.security.authentication.jaas.JaasAuthenticationProvider

• org.springframework.security.authentication.jaas.JaasAuthenticationProvider
  sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html">JAAS configuration. The loginConfig property must be set to a given JAAS configuration file. This setter accepts a Spring {@link org.springframework.core.io.Resource} instance. It should point to a JAAS configuration file containing an indexmatching the {@link #setLoginContextName(java.lang.String) loginContextName} property.

  For example: If this JaasAuthenticationProvider were configured in a Spring WebApplicationContext the xml to set the loginConfiguration could be as follows...

   <property name="loginConfig"> <value>/WEB-INF/login.conf</value> </property> 

  The loginContextName should coincide with a given index in the loginConfig specifed. The loginConfig file used in the JUnit tests appears as the following...

   JAASTest { org.springframework.security.authentication.jaas.TestLoginModule required; }; 

  Using the example login configuration above, the loginContextName property would be set as JAASTest...

   <property name="loginContextName"> <value>JAASTest</value> </property> 

  When using JAAS login modules as the authentication source, sometimes the LoginContext will require CallbackHandlers. The JaasAuthenticationProvider uses an internal CallbackHandler to wrap the {@link JaasAuthenticationCallbackHandler}s configured in the ApplicationContext. When the LoginContext calls the internal CallbackHandler, control is passed to each {@link JaasAuthenticationCallbackHandler} for each Callback passed.

  {@link JaasAuthenticationCallbackHandler}s are passed to the JaasAuthenticationProvider through the {@link #setCallbackHandlers(org.springframework.security.authentication.jaas.JaasAuthenticationCallbackHandler[]) callbackHandlers}property.

   <property name="callbackHandlers"> <list> <bean class="org.springframework.security.authentication.jaas.TestCallbackHandler"/> <bean class=" {@link JaasNameCallbackHandler org.springframework.security.authentication.jaas.JaasNameCallbackHandler}"/> <bean class=" {@link JaasPasswordCallbackHandler org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler}"/> </list> </property> 

  After calling LoginContext.login(), the JaasAuthenticationProvider will retrieve the returned Principals from the Subject (LoginContext.getSubject().getPrincipals). Each returned principal is then passed to the configured {@link AuthorityGranter}s. An AuthorityGranter is a mapping between a returned Principal, and a role name. If an AuthorityGranter wishes to grant an Authorization a role, it returns that role name from it's {@link AuthorityGranter#grant(java.security.Principal)} method. The returned role will be applied to the Authorizationobject as a {@link GrantedAuthority}.

  AuthorityGranters are configured in spring xml as follows...

   <property name="authorityGranters"> <list> <bean class="org.springframework.security.authentication.jaas.TestAuthorityGranter"/> </list> </property> 

  A configuration note: The JaasAuthenticationProvider uses the security properites "e;login.config.url.X"e; to configure jaas. If you would like to customize the way Jaas gets configured, create a subclass of this and override the {@link #configureJaas(Resource)} method.

  @author Ray Krueger @author Rob Winch

        Assert.assertNotNull(auth);
    }

    @Test
    public void testConfigureJaas() throws Exception {
        testConfigureJaasCase(new JaasAuthenticationProvider(), new JaasAuthenticationProvider());
    }