org.duracloud.account.security.auth

Class AuthProvider

java.lang.Object

org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

org.springframework.security.authentication.dao.DaoAuthenticationProvider

org.duracloud.account.security.auth.AuthProvider

All Implemented Interfaces:

org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware, org.springframework.security.authentication.AuthenticationProvider

public class AuthProvider
extends org.springframework.security.authentication.dao.DaoAuthenticationProvider

Authentication provider which allows default authentication behavior of the spring DaoAuthenticationProvider, but adds a check to see if the user's request originated from an IP address which is within the defined valid IP ranges. If a user has no defined valid IP ranges, any IP is accepted.

Author:

Bill Branan Date: 5/20/2015

Field Summary

Fields inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

hideUserNotFoundExceptions, logger, messages

Constructor Summary

Constructors

Constructor and Description
AuthProvider(org.springframework.security.core.userdetails.UserDetailsService userDetailsService, Object passwordEncoder)

Method Summary

Modifier and Type	Method and Description
protected void	additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication)
protected boolean	ipInRange(String ipAddress, String range) Determines if a given IP address is in the given IP range.

Methods inherited from class org.springframework.security.authentication.dao.DaoAuthenticationProvider

doAfterPropertiesSet, getPasswordEncoder, getSaltSource, getUserDetailsService, retrieveUser, setPasswordEncoder, setSaltSource, setUserDetailsService

Methods inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

afterPropertiesSet, authenticate, createSuccessAuthentication, getPostAuthenticationChecks, getPreAuthenticationChecks, getUserCache, isForcePrincipalAsString, isHideUserNotFoundExceptions, setAuthoritiesMapper, setForcePrincipalAsString, setHideUserNotFoundExceptions, setMessageSource, setPostAuthenticationChecks, setPreAuthenticationChecks, setUserCache, supports

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthProvider

public AuthProvider(org.springframework.security.core.userdetails.UserDetailsService userDetailsService,
                    Object passwordEncoder)

Method Detail

additionalAuthenticationChecks

protected void additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails,
                                              org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication)
                                       throws org.springframework.security.core.AuthenticationException

Overrides:

additionalAuthenticationChecks in class org.springframework.security.authentication.dao.DaoAuthenticationProvider

Throws:

org.springframework.security.core.AuthenticationException

ipInRange

protected boolean ipInRange(String ipAddress,
                            String range)

Determines if a given IP address is in the given IP range.

Parameters:

ipAddress - single IP address

range - IP address range using CIDR notation

Returns:

true if the address is in the range, false otherwise