net.devh.boot.grpc.server.security.authentication

Class X509CertificateAuthenticationProvider

java.lang.Object

net.devh.boot.grpc.server.security.authentication.X509CertificateAuthenticationProvider

All Implemented Interfaces:

org.springframework.security.authentication.AuthenticationProvider

public class X509CertificateAuthenticationProvider
extends java.lang.Object
implements org.springframework.security.authentication.AuthenticationProvider

An AuthenticationProvider for X509Certificates. This provider only supports X509CertificateAuthentications.

Field Summary

Fields

Modifier and Type	Field and Description
static java.util.function.Function<X509CertificateAuthentication,java.lang.String>	CN_USERNAME_EXTRACTOR The default way to extract the username from an Authentication by using the CN.
static java.util.function.Function<org.springframework.security.core.Authentication,java.lang.String>	FAIL_FALLBACK A fallback that will fail to extract the username and will return null.
static java.util.function.Function<org.springframework.security.core.Authentication,java.lang.String>	PRINCIPAL_USERNAME_EXTRACTOR The uses the name of the principal way to extract the username from an Authentication.

Constructor Summary

Constructors

Constructor and Description
X509CertificateAuthenticationProvider(java.util.function.Function<? super X509CertificateAuthentication,java.lang.String> usernameExtractor, org.springframework.security.core.userdetails.UserDetailsService userDetailsService) Creates a new X509CertificateAuthenticationProvider, which uses the given Function to extract the username and uses the given UserDetailsService to lookup the user.
X509CertificateAuthenticationProvider(org.springframework.security.core.userdetails.UserDetailsService userDetailsService) Creates a new X509CertificateAuthenticationProvider, which uses the default way (via CN) to extract the username and uses the given UserDetailsService to lookup the user.

Method Summary

Modifier and Type	Method and Description
org.springframework.security.core.Authentication	authenticate(org.springframework.security.core.Authentication authentication)
static java.util.function.Function<X509CertificateAuthentication,java.lang.String>	patternExtractor(java.lang.String key, java.util.function.Function<? super X509CertificateAuthentication,java.lang.String> fallback) Creates a new case-insensitive pattern extractor with the given pattern.
boolean	supports(java.lang.Class<?> authentication)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PRINCIPAL_USERNAME_EXTRACTOR

public static final java.util.function.Function<org.springframework.security.core.Authentication,java.lang.String> PRINCIPAL_USERNAME_EXTRACTOR

The uses the name of the principal way to extract the username from an Authentication.

CN_USERNAME_EXTRACTOR

public static final java.util.function.Function<X509CertificateAuthentication,java.lang.String> CN_USERNAME_EXTRACTOR

The default way to extract the username from an Authentication by using the CN.

FAIL_FALLBACK

public static final java.util.function.Function<org.springframework.security.core.Authentication,java.lang.String> FAIL_FALLBACK

A fallback that will fail to extract the username and will return null. The null will later be converted to a UsernameNotFoundException.

Constructor Detail

X509CertificateAuthenticationProvider

public X509CertificateAuthenticationProvider(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

Creates a new X509CertificateAuthenticationProvider, which uses the default way (via CN) to extract the username and uses the given UserDetailsService to lookup the user.

Parameters:

userDetailsService - The user details service to use.

X509CertificateAuthenticationProvider

public X509CertificateAuthenticationProvider(java.util.function.Function<? super X509CertificateAuthentication,java.lang.String> usernameExtractor,
                                             org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

Creates a new X509CertificateAuthenticationProvider, which uses the given Function to extract the username and uses the given UserDetailsService to lookup the user.

Parameters:

usernameExtractor - The username extractor to use. The function should return null, if the username is missing.

userDetailsService - The user details service to use.

Method Detail

patternExtractor

public static java.util.function.Function<X509CertificateAuthentication,java.lang.String> patternExtractor(java.lang.String key,
                                                                                                           java.util.function.Function<? super X509CertificateAuthentication,java.lang.String> fallback)

Creates a new case-insensitive pattern extractor with the given pattern.

Parameters:

key - The case insensitive key to use (Example: 'CN').

fallback - The fallback function to use if the key was not present in the subject.

Returns:

The newly created extractor.

authenticate

public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication)
                                                              throws org.springframework.security.core.AuthenticationException

Specified by:

authenticate in interface org.springframework.security.authentication.AuthenticationProvider

Throws:

org.springframework.security.core.AuthenticationException

supports

public boolean supports(java.lang.Class<?> authentication)

Specified by:

supports in interface org.springframework.security.authentication.AuthenticationProvider