Class AuthDataAccessor
java.lang.Object
org.apache.syncope.core.spring.security.AuthDataAccessor
- Direct Known Subclasses:
InstrumentedAuthDataAccessor
Domain-sensible (via
@Transactional) access to authentication / authorization data.- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final AccessTokenDAOprotected static final Set<SyncopeGrantedAuthority> protected final AnySearchDAOprotected final AuditManagerprotected final ConfParamOpsprotected final ConnectorManagerprotected final DelegationDAOprotected final EncryptorManagerprotected final GroupDAOprotected static final Loggerprotected final MappingManagerprotected static final Set<SyncopeGrantedAuthority> protected final RealmSearchDAOprotected final ExternalResourceDAOprotected final RoleDAOprotected final SecurityPropertiesprotected final UserDAO -
Constructor Summary
ConstructorsConstructorDescriptionAuthDataAccessor(SecurityProperties securityProperties, EncryptorManager encryptorManager, RealmSearchDAO realmSearchDAO, UserDAO userDAO, GroupDAO groupDAO, AnySearchDAO anySearchDAO, AccessTokenDAO accessTokenDAO, ConfParamOps confParamOps, RoleDAO roleDAO, DelegationDAO delegationDAO, ExternalResourceDAO resourceDAO, ConnectorManager connectorManager, AuditManager auditManager, MappingManager mappingManager, List<JWTSSOProvider> jwtSSOProviders) -
Method Summary
Modifier and TypeMethodDescriptionvoidaudit(String domain, String username, String delegationKey, OpEvent.Outcome outcome, Object output, Object... input) authenticate(String domain, Authentication authentication) Attempts to authenticate the given credentials against internal storage and pass-through resources (if configured): the first succeeding causes global success.protected booleanauthenticate(User user, String password) authenticate(JWTAuthentication authentication) protected Set<SyncopeGrantedAuthority> buildAuthorities(Map<String, Set<String>> entForRealms) protected Set<SyncopeGrantedAuthority> getAuthorities(String username, String delegationKey) protected Set<SyncopeGrantedAuthority> getDelegatedAuthorities(Delegation delegation) protected StringgetDelegationKey(SyncopeAuthenticationDetails details, String delegatedKey) getJWTSSOProvider(String issuer) protected Set<ExternalResource> getPassthroughResources(User user) protected Set<SyncopeGrantedAuthority> getUserAuthorities(User user) voidremoveExpired(String tokenKey)
-
Field Details
-
LOG
-
ANONYMOUS_AUTHORITIES
-
MUST_CHANGE_PASSWORD_AUTHORITIES
-
securityProperties
-
encryptorManager
-
realmSearchDAO
-
userDAO
-
groupDAO
-
anySearchDAO
-
accessTokenDAO
-
confParamOps
-
roleDAO
-
delegationDAO
-
resourceDAO
-
connectorManager
-
auditManager
-
mappingManager
-
-
Constructor Details
-
AuthDataAccessor
public AuthDataAccessor(SecurityProperties securityProperties, EncryptorManager encryptorManager, RealmSearchDAO realmSearchDAO, UserDAO userDAO, GroupDAO groupDAO, AnySearchDAO anySearchDAO, AccessTokenDAO accessTokenDAO, ConfParamOps confParamOps, RoleDAO roleDAO, DelegationDAO delegationDAO, ExternalResourceDAO resourceDAO, ConnectorManager connectorManager, AuditManager auditManager, MappingManager mappingManager, List<JWTSSOProvider> jwtSSOProviders)
-
-
Method Details
-
getJWTSSOProvider
-
getDelegationKey
-
authenticate
@Transactional(noRollbackFor=org.springframework.security.authentication.DisabledException.class) public Triple<User,Boolean, authenticateString> (String domain, Authentication authentication) Attempts to authenticate the given credentials against internal storage and pass-through resources (if configured): the first succeeding causes global success.- Parameters:
domain- domainauthentication- given credentials- Returns:
nullif no matching user was found, authentication result otherwise
-
authenticate
-
getPassthroughResources
-
getAdminAuthorities
-
buildAuthorities
-
getUserAuthorities
-
getDelegatedAuthorities
-
getAuthorities
@Transactional public Set<SyncopeGrantedAuthority> getAuthorities(String username, String delegationKey) -
authenticate
@Transactional public Pair<String,Set<SyncopeGrantedAuthority>> authenticate(JWTAuthentication authentication) -
removeExpired
-
audit
@Transactional(readOnly=true) public void audit(String domain, String username, String delegationKey, OpEvent.Outcome outcome, Object output, Object... input)
-