As is always the case, the container adapter generated
Authentication
object still needs to be
authenticated by an AuthenticationManager
when
requested to do so by the
AbstractSecurityInterceptor
. The
AuthenticationManager
needs to be certain the
adapter-provided Authentication
object is valid and
was actually authenticated by a trusted adapter.
Adapters create Authentication
objects which
are immutable and implement the AuthByAdapter
interface. These objects store the hash of a key that is defined by
the adapter. This allows the Authentication
object
to be validated by the AuthByAdapterProvider
. This
authentication provider is defined as follows:
<bean id="authByAdapterProvider" class="org.springframework.security.adapters.AuthByAdapterProvider"> <property name="key"><value>my_password</value></property> </bean>
The key must match the key that is defined in the
container-specific configuration file that starts the adapter. The
AuthByAdapterProvider
automatically accepts as
valid any AuthByAdapter
implementation that returns
the expected hash of the key.
To reiterate, this means the adapter will perform the initial
authentication using providers such as
DaoAuthenticationProvider
, returning an
AuthByAdapter
instance that contains a hash code of
the key. Later, when an application calls a security interceptor
managed resource, the AuthByAdapter
instance in the
SecurityContext
in the
SecurityContextHolder
will be tested by the
application's AuthByAdapterProvider
. There is no
requirement for additional authentication providers such as
DaoAuthenticationProvider
within the
application-specific application context, as the only type of
Authentication
instance that will be presented by
the application is from the container adapter.
Classloader issues are frequent with containers and the use of container adapters illustrates this further. Each container requires a very specific configuration. The installation instructions are provided below. Once installed, please take the time to try the sample application to ensure your container adapter is properly configured.
When using container adapters with the
DaoAuthenticationProvider
, ensure you set its
forcePrincipalAsString
property to
true
.