Package org.duracloud.account.security.auth

Class AuthProvider

  • All Implemented Interfaces:
    org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware, org.springframework.security.authentication.AuthenticationProvider
    public class AuthProvider
extends org.springframework.security.authentication.dao.DaoAuthenticationProvider
    Authentication provider which allows default authentication behavior of the spring DaoAuthenticationProvider, but adds a check to see if the user's request originated from an IP address which is within the defined valid IP ranges. If a user has no defined valid IP ranges, any IP is accepted.
    Author:
    Bill Branan Date: 5/20/2015

    • Field Summary

      • Fields inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

        hideUserNotFoundExceptions, logger, messages

    • Constructor Summary

      Constructors 
      Constructor Description
      AuthProvider​(org.springframework.security.core.userdetails.UserDetailsService userDetailsService, Object passwordEncoder)  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected void additionalAuthenticationChecks​(org.springframework.security.core.userdetails.UserDetails userDetails, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication)  
      protected boolean ipInRange​(String ipAddress, String range)
      Determines if a given IP address is in the given IP range.

      • Methods inherited from class org.springframework.security.authentication.dao.DaoAuthenticationProvider

        doAfterPropertiesSet, getPasswordEncoder, getSaltSource, getUserDetailsService, retrieveUser, setPasswordEncoder, setSaltSource, setUserDetailsService

      • Methods inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

        afterPropertiesSet, authenticate, createSuccessAuthentication, getPostAuthenticationChecks, getPreAuthenticationChecks, getUserCache, isForcePrincipalAsString, isHideUserNotFoundExceptions, setAuthoritiesMapper, setForcePrincipalAsString, setHideUserNotFoundExceptions, setMessageSource, setPostAuthenticationChecks, setPreAuthenticationChecks, setUserCache, supports

    • Constructor Detail

      • AuthProvider

        public AuthProvider​(org.springframework.security.core.userdetails.UserDetailsService userDetailsService,
                    Object passwordEncoder)

    • Method Detail

      • additionalAuthenticationChecks

        protected void additionalAuthenticationChecks​(org.springframework.security.core.userdetails.UserDetails userDetails,
                                              org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication)
                                       throws org.springframework.security.core.AuthenticationException
        Overrides:
        additionalAuthenticationChecks in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
        Throws:
        org.springframework.security.core.AuthenticationException

      • ipInRange

        protected boolean ipInRange​(String ipAddress,
                            String range)
        Determines if a given IP address is in the given IP range.
        Parameters:
        ipAddress - single IP address
        range - IP address range using CIDR notation
        Returns:
        true if the address is in the range, false otherwise