Package org.springframework.security.config.annotation.authentication.builders

Class AuthenticationManagerBuilder

java.lang.Object

org.springframework.security.config.annotation.AbstractSecurityBuilder<O>

org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder<AuthenticationManager,AuthenticationManagerBuilder>

org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

All Implemented Interfaces:

ProviderManagerBuilder<AuthenticationManagerBuilder>, SecurityBuilder<AuthenticationManager>

public class AuthenticationManagerBuilder
extends AbstractConfiguredSecurityBuilder<AuthenticationManager,AuthenticationManagerBuilder>
implements ProviderManagerBuilder<AuthenticationManagerBuilder>

SecurityBuilder used to create an AuthenticationManager. Allows for easily building in memory authentication, LDAP authentication, JDBC based authentication, adding UserDetailsService, and adding AuthenticationProvider's.

Since:

3.2

Constructor Summary

Constructors

Constructor	Description
AuthenticationManagerBuilder(ObjectPostProcessor<Object> objectPostProcessor)	Creates a new instance

Method Summary

Modifier and Type	Method	Description
AuthenticationManagerBuilder	authenticationEventPublisher(AuthenticationEventPublisher eventPublisher)	Sets the AuthenticationEventPublisher
AuthenticationManagerBuilder	authenticationProvider(AuthenticationProvider authenticationProvider)	Add authentication based upon the custom AuthenticationProvider that is passed in.
AuthenticationManagerBuilder	eraseCredentials(boolean eraseCredentials)
UserDetailsService	getDefaultUserDetailsService()	Gets the default UserDetailsService for the AuthenticationManagerBuilder.
InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder>	inMemoryAuthentication()	Add in memory authentication to the AuthenticationManagerBuilder and return a InMemoryUserDetailsManagerConfigurer to allow customization of the in memory authentication.
boolean	isConfigured()	Determines if the AuthenticationManagerBuilder is configured to build a non null AuthenticationManager.
JdbcUserDetailsManagerConfigurer<AuthenticationManagerBuilder>	jdbcAuthentication()	Add JDBC authentication to the AuthenticationManagerBuilder and return a JdbcUserDetailsManagerConfigurer to allow customization of the JDBC authentication.
LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder>	ldapAuthentication()	Add LDAP authentication to the AuthenticationManagerBuilder and return a LdapAuthenticationProviderConfigurer to allow customization of the LDAP authentication.
AuthenticationManagerBuilder	parentAuthenticationManager(AuthenticationManager authenticationManager)	Allows providing a parent AuthenticationManager that will be tried if this AuthenticationManager was unable to attempt to authenticate the provided Authentication.
protected ProviderManager	performBuild()	Subclasses must implement this method to build the object that is being returned.
<T extends UserDetailsService> DaoAuthenticationConfigurer<AuthenticationManagerBuilder,T>	userDetailsService(T userDetailsService)	Add authentication based upon the custom UserDetailsService that is passed in.

Methods inherited from class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

apply, beforeConfigure, beforeInit, doBuild, getConfigurer, getConfigurers, getOrBuild, getSharedObject, getSharedObjects, objectPostProcessor, postProcess, removeConfigurer, removeConfigurers, setSharedObject

Methods inherited from class org.springframework.security.config.annotation.AbstractSecurityBuilder

build, getObject

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.config.annotation.SecurityBuilder

build

Constructor Details

AuthenticationManagerBuilder

public AuthenticationManagerBuilder(ObjectPostProcessor<Object> objectPostProcessor)

Creates a new instance

Parameters:

objectPostProcessor - the ObjectPostProcessor instance to use.

Method Details

parentAuthenticationManager

public AuthenticationManagerBuilder parentAuthenticationManager(AuthenticationManager authenticationManager)

Allows providing a parent AuthenticationManager that will be tried if this AuthenticationManager was unable to attempt to authenticate the provided Authentication.

Parameters:

authenticationManager - the AuthenticationManager that should be used if the current AuthenticationManager was unable to attempt to authenticate the provided Authentication.

Returns:

the AuthenticationManagerBuilder for further adding types of authentication

authenticationEventPublisher

public AuthenticationManagerBuilder authenticationEventPublisher(AuthenticationEventPublisher eventPublisher)

Sets the AuthenticationEventPublisher

Parameters:

eventPublisher - the AuthenticationEventPublisher to use

Returns:

the AuthenticationManagerBuilder for further customizations

eraseCredentials

public AuthenticationManagerBuilder eraseCredentials(boolean eraseCredentials)

Parameters:

eraseCredentials - true if AuthenticationManager should clear the credentials from the Authentication object after authenticating

Returns:

the AuthenticationManagerBuilder for further customizations

inMemoryAuthentication

public InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder> inMemoryAuthentication()
                                                                                          throws Exception

Add in memory authentication to the AuthenticationManagerBuilder and return a InMemoryUserDetailsManagerConfigurer to allow customization of the in memory authentication.

This method also ensure that a UserDetailsService is available for the getDefaultUserDetailsService() method. Note that additional UserDetailsService's may override this UserDetailsService as the default.

Returns:

a InMemoryUserDetailsManagerConfigurer to allow customization of the in memory authentication

Throws:

Exception - if an error occurs when adding the in memory authentication

jdbcAuthentication

public JdbcUserDetailsManagerConfigurer<AuthenticationManagerBuilder> jdbcAuthentication()
                                                                                  throws Exception

Add JDBC authentication to the AuthenticationManagerBuilder and return a JdbcUserDetailsManagerConfigurer to allow customization of the JDBC authentication.

When using with a persistent data store, it is best to add users external of configuration using something like Flyway or Liquibase to create the schema and adding users to ensure these steps are only done once and that the optimal SQL is used.

This method also ensure that a UserDetailsService is available for the getDefaultUserDetailsService() method. Note that additional UserDetailsService's may override this UserDetailsService as the default. See the User Schema section of the reference for the default schema.

Returns:

a JdbcUserDetailsManagerConfigurer to allow customization of the JDBC authentication

Throws:

Exception - if an error occurs when adding the JDBC authentication

userDetailsService

public <T extends UserDetailsService>
DaoAuthenticationConfigurer<AuthenticationManagerBuilder,T> userDetailsService(T userDetailsService)
                                                                        throws Exception

Add authentication based upon the custom UserDetailsService that is passed in. It then returns a DaoAuthenticationConfigurer to allow customization of the authentication.

This method also ensure that the UserDetailsService is available for the getDefaultUserDetailsService() method. Note that additional UserDetailsService's may override this UserDetailsService as the default.

Returns:

a DaoAuthenticationConfigurer to allow customization of the DAO authentication

Throws:

Exception - if an error occurs when adding the UserDetailsService based authentication

ldapAuthentication

public LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> ldapAuthentication()
                                                                                      throws Exception

Add LDAP authentication to the AuthenticationManagerBuilder and return a LdapAuthenticationProviderConfigurer to allow customization of the LDAP authentication.

This method does NOT ensure that a UserDetailsService is available for the getDefaultUserDetailsService() method.

Returns:

a LdapAuthenticationProviderConfigurer to allow customization of the LDAP authentication

Throws:

Exception - if an error occurs when adding the LDAP authentication

authenticationProvider

public AuthenticationManagerBuilder authenticationProvider(AuthenticationProvider authenticationProvider)

Add authentication based upon the custom AuthenticationProvider that is passed in. Since the AuthenticationProvider implementation is unknown, all customizations must be done externally and the AuthenticationManagerBuilder is returned immediately.

This method does NOT ensure that the UserDetailsService is available for the getDefaultUserDetailsService() method. Note that an Exception might be thrown if an error occurs when adding the AuthenticationProvider.

Specified by:

authenticationProvider in interface ProviderManagerBuilder<AuthenticationManagerBuilder>

Returns:

a AuthenticationManagerBuilder to allow further authentication to be provided to the AuthenticationManagerBuilder

performBuild

protected ProviderManager performBuild()
                                throws Exception

Description copied from class: AbstractConfiguredSecurityBuilder

Subclasses must implement this method to build the object that is being returned.

Specified by:

performBuild in class AbstractConfiguredSecurityBuilder<AuthenticationManager,AuthenticationManagerBuilder>

Returns:

the Object to be buit or null if the implementation allows it

Throws:

Exception

isConfigured

public boolean isConfigured()

Determines if the AuthenticationManagerBuilder is configured to build a non null AuthenticationManager. This means that either a non-null parent is specified or at least one AuthenticationProvider has been specified.

When using SecurityConfigurer instances, the AuthenticationManagerBuilder will not be configured until the SecurityConfigurer.configure(SecurityBuilder) methods. This means a SecurityConfigurer that is last could check this method and provide a default configuration in the SecurityConfigurer.configure(SecurityBuilder) method.

Returns:

true, if AuthenticationManagerBuilder is configured, otherwise false

getDefaultUserDetailsService

public UserDetailsService getDefaultUserDetailsService()

Gets the default UserDetailsService for the AuthenticationManagerBuilder. The result may be null in some circumstances.

Returns:

the default UserDetailsService for the AuthenticationManagerBuilder