Class AuthDataAccessor
java.lang.Object
org.apache.syncope.core.spring.security.AuthDataAccessor
- Direct Known Subclasses:
InstrumentedAuthDataAccessor
Domain-sensible (via
@Transactional) access to authentication / authorization data.- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final recordstatic final record -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final AccessTokenDAOprotected static final Set<SyncopeGrantedAuthority> protected final AnySearchDAOprotected final AuditManagerprotected final ConfParamOpsprotected final ConnectorManagerprotected final DelegationDAOprotected final EncryptorManagerprotected final GroupDAOprotected static final Loggerprotected final MappingManagerprotected static final Set<SyncopeGrantedAuthority> protected final RealmSearchDAOprotected final ExternalResourceDAOprotected final RoleDAOprotected final SecurityPropertiesprotected final UserDAO -
Constructor Summary
ConstructorsConstructorDescriptionAuthDataAccessor(SecurityProperties securityProperties, EncryptorManager encryptorManager, RealmSearchDAO realmSearchDAO, UserDAO userDAO, GroupDAO groupDAO, AnySearchDAO anySearchDAO, AccessTokenDAO accessTokenDAO, ConfParamOps confParamOps, RoleDAO roleDAO, DelegationDAO delegationDAO, ExternalResourceDAO resourceDAO, ConnectorManager connectorManager, AuditManager auditManager, MappingManager mappingManager, List<JWTSSOProvider> jwtSSOProviders) -
Method Summary
Modifier and TypeMethodDescriptionvoidaudit(String domain, String username, String delegationKey, OpEvent.Outcome outcome, Object output, Object... input) authenticate(String domain, Authentication authentication) Attempts to authenticate the given credentials against internal storage and pass-through resources (if configured): the first succeeding causes global success.authenticate(JWTAuthentication authentication) protected Set<SyncopeGrantedAuthority> buildAuthorities(Map<String, Set<String>> entForRealms) protected Set<SyncopeGrantedAuthority> getAuthorities(String username, String delegationKey) protected Set<SyncopeGrantedAuthority> getDelegatedAuthorities(Delegation delegation) protected StringgetDelegationKey(SyncopeAuthenticationDetails details, String delegatedKey) getJWTSSOProvider(String issuer) protected Set<ExternalResource> getPassthroughResources(User user) protected Set<SyncopeGrantedAuthority> getUserAuthorities(User user) voidremoveExpired(String tokenKey) protected booleanusernamePasswordAuthentication(User user, String password)
-
Field Details
-
LOG
-
ANONYMOUS_AUTHORITIES
-
MUST_CHANGE_PASSWORD_AUTHORITIES
-
securityProperties
-
encryptorManager
-
realmSearchDAO
-
userDAO
-
groupDAO
-
anySearchDAO
-
accessTokenDAO
-
confParamOps
-
roleDAO
-
delegationDAO
-
resourceDAO
-
connectorManager
-
auditManager
-
mappingManager
-
-
Constructor Details
-
AuthDataAccessor
public AuthDataAccessor(SecurityProperties securityProperties, EncryptorManager encryptorManager, RealmSearchDAO realmSearchDAO, UserDAO userDAO, GroupDAO groupDAO, AnySearchDAO anySearchDAO, AccessTokenDAO accessTokenDAO, ConfParamOps confParamOps, RoleDAO roleDAO, DelegationDAO delegationDAO, ExternalResourceDAO resourceDAO, ConnectorManager connectorManager, AuditManager auditManager, MappingManager mappingManager, List<JWTSSOProvider> jwtSSOProviders)
-
-
Method Details
-
getJWTSSOProvider
-
getDelegationKey
-
authenticate
@Transactional(noRollbackFor=org.springframework.security.authentication.DisabledException.class) public AuthDataAccessor.UsernamePasswordAuthResult authenticate(String domain, Authentication authentication) Attempts to authenticate the given credentials against internal storage and pass-through resources (if configured): the first succeeding causes global success.- Parameters:
domain- domainauthentication- given credentials- Returns:
nullif no matching user was found, authentication result otherwise
-
usernamePasswordAuthentication
-
getPassthroughResources
-
getAdminAuthorities
-
buildAuthorities
-
getUserAuthorities
-
getDelegatedAuthorities
-
getAuthorities
@Transactional public Set<SyncopeGrantedAuthority> getAuthorities(String username, String delegationKey) -
authenticate
-
removeExpired
-
audit
@Transactional(readOnly=true) public void audit(String domain, String username, String delegationKey, OpEvent.Outcome outcome, Object output, Object... input)
-