Class AuthDataAccessor
- java.lang.Object
-
- org.apache.syncope.core.spring.security.AuthDataAccessor
-
public class AuthDataAccessor extends Object
Domain-sensible (via@Transactional
) access to authentication / authorization data.
-
-
Field Summary
Fields Modifier and Type Field Description protected AccessTokenDAO
accessTokenDAO
protected static Set<SyncopeGrantedAuthority>
ANONYMOUS_AUTHORITIES
protected AnySearchDAO
anySearchDAO
protected AuditManager
auditManager
protected ConfParamOps
confParamOps
protected ConnectorManager
connectorManager
protected DelegationDAO
delegationDAO
protected static Encryptor
ENCRYPTOR
static String
GROUP_OWNER_ROLE
protected GroupDAO
groupDAO
protected ImplementationLookup
implementationLookup
protected static Logger
LOG
protected MappingManager
mappingManager
protected static Set<SyncopeGrantedAuthority>
MUST_CHANGE_PASSWORD_AUTHORITIES
protected RealmDAO
realmDAO
protected RoleDAO
roleDAO
protected SecurityProperties
securityProperties
protected UserDAO
userDAO
-
Constructor Summary
Constructors Constructor Description AuthDataAccessor(SecurityProperties securityProperties, RealmDAO realmDAO, UserDAO userDAO, GroupDAO groupDAO, AnySearchDAO anySearchDAO, AccessTokenDAO accessTokenDAO, ConfParamOps confParamOps, RoleDAO roleDAO, DelegationDAO delegationDAO, ConnectorManager connectorManager, AuditManager auditManager, MappingManager mappingManager, ImplementationLookup implementationLookup)
-
Method Summary
-
-
-
Field Detail
-
LOG
protected static final Logger LOG
-
GROUP_OWNER_ROLE
public static final String GROUP_OWNER_ROLE
- See Also:
- Constant Field Values
-
ENCRYPTOR
protected static final Encryptor ENCRYPTOR
-
ANONYMOUS_AUTHORITIES
protected static final Set<SyncopeGrantedAuthority> ANONYMOUS_AUTHORITIES
-
MUST_CHANGE_PASSWORD_AUTHORITIES
protected static final Set<SyncopeGrantedAuthority> MUST_CHANGE_PASSWORD_AUTHORITIES
-
securityProperties
protected final SecurityProperties securityProperties
-
realmDAO
protected final RealmDAO realmDAO
-
userDAO
protected final UserDAO userDAO
-
groupDAO
protected final GroupDAO groupDAO
-
anySearchDAO
protected final AnySearchDAO anySearchDAO
-
accessTokenDAO
protected final AccessTokenDAO accessTokenDAO
-
confParamOps
protected final ConfParamOps confParamOps
-
roleDAO
protected final RoleDAO roleDAO
-
delegationDAO
protected final DelegationDAO delegationDAO
-
connectorManager
protected final ConnectorManager connectorManager
-
auditManager
protected final AuditManager auditManager
-
mappingManager
protected final MappingManager mappingManager
-
implementationLookup
protected final ImplementationLookup implementationLookup
-
-
Constructor Detail
-
AuthDataAccessor
public AuthDataAccessor(SecurityProperties securityProperties, RealmDAO realmDAO, UserDAO userDAO, GroupDAO groupDAO, AnySearchDAO anySearchDAO, AccessTokenDAO accessTokenDAO, ConfParamOps confParamOps, RoleDAO roleDAO, DelegationDAO delegationDAO, ConnectorManager connectorManager, AuditManager auditManager, MappingManager mappingManager, ImplementationLookup implementationLookup)
-
-
Method Detail
-
getJWTSSOProvider
public JWTSSOProvider getJWTSSOProvider(String issuer)
-
getDelegationKey
protected String getDelegationKey(SyncopeAuthenticationDetails details, String delegatedKey)
-
authenticate
@Transactional(noRollbackFor=org.springframework.security.authentication.DisabledException.class) public Triple<User,Boolean,String> authenticate(String domain, Authentication authentication)
Attempts to authenticate the given credentials against internal storage and pass-through resources (if configured): the first succeeding causes global success.- Parameters:
domain
- domainauthentication
- given credentials- Returns:
null
if no matching user was found, authentication result otherwise
-
getPassthroughResources
protected Set<? extends ExternalResource> getPassthroughResources(User user)
-
getAdminAuthorities
protected Set<SyncopeGrantedAuthority> getAdminAuthorities()
-
buildAuthorities
protected Set<SyncopeGrantedAuthority> buildAuthorities(Map<String,Set<String>> entForRealms)
-
getUserAuthorities
protected Set<SyncopeGrantedAuthority> getUserAuthorities(User user)
-
getDelegatedAuthorities
protected Set<SyncopeGrantedAuthority> getDelegatedAuthorities(Delegation delegation)
-
getAuthorities
@Transactional public Set<SyncopeGrantedAuthority> getAuthorities(String username, String delegationKey)
-
authenticate
@Transactional public Pair<String,Set<SyncopeGrantedAuthority>> authenticate(JWTAuthentication authentication)
-
removeExpired
@Transactional public void removeExpired(String tokenKey)
-
audit
@Transactional(readOnly=true) public void audit(String username, String delegationKey, AuditElements.Result result, Object output, Object... input)
-
-