Class X509CertificateAuthenticationProvider
java.lang.Object
net.devh.boot.grpc.server.security.authentication.X509CertificateAuthenticationProvider
- All Implemented Interfaces:
AuthenticationProvider
An
AuthenticationProvider for X509Certificates. This provider only supports
X509CertificateAuthentications.-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Function<X509CertificateAuthentication,String> The default way to extract the username from anAuthenticationby using the CN.static final Function<Authentication,String> A fallback that will fail to extract the username and will return null.static final Function<Authentication,String> The uses the name of the principal way to extract the username from anAuthentication. -
Constructor Summary
ConstructorsConstructorDescriptionX509CertificateAuthenticationProvider(Function<? super X509CertificateAuthentication, String> usernameExtractor, UserDetailsService userDetailsService) Creates a new X509CertificateAuthenticationProvider, which uses the givenFunctionto extract the username and uses the givenUserDetailsServiceto lookup the user.X509CertificateAuthenticationProvider(UserDetailsService userDetailsService) Creates a new X509CertificateAuthenticationProvider, which uses thedefault way (via CN)to extract the username and uses the givenUserDetailsServiceto lookup the user. -
Method Summary
Modifier and TypeMethodDescriptionauthenticate(Authentication authentication) patternExtractor(String key, Function<? super X509CertificateAuthentication, String> fallback) Creates a new case-insensitive pattern extractor with the given pattern.boolean
-
Field Details
-
PRINCIPAL_USERNAME_EXTRACTOR
The uses the name of the principal way to extract the username from anAuthentication. -
CN_USERNAME_EXTRACTOR
The default way to extract the username from anAuthenticationby using the CN. -
FAIL_FALLBACK
A fallback that will fail to extract the username and will return null. The null will later be converted to aUsernameNotFoundException.
-
-
Constructor Details
-
X509CertificateAuthenticationProvider
Creates a new X509CertificateAuthenticationProvider, which uses thedefault way (via CN)to extract the username and uses the givenUserDetailsServiceto lookup the user.- Parameters:
userDetailsService- The user details service to use.
-
X509CertificateAuthenticationProvider
public X509CertificateAuthenticationProvider(Function<? super X509CertificateAuthentication, String> usernameExtractor, UserDetailsService userDetailsService) Creates a new X509CertificateAuthenticationProvider, which uses the givenFunctionto extract the username and uses the givenUserDetailsServiceto lookup the user.- Parameters:
usernameExtractor- The username extractor to use. The function should return null, if the username is missing.userDetailsService- The user details service to use.
-
-
Method Details
-
patternExtractor
public static Function<X509CertificateAuthentication,String> patternExtractor(String key, Function<? super X509CertificateAuthentication, String> fallback) Creates a new case-insensitive pattern extractor with the given pattern.- Parameters:
key- The case insensitive key to use (Example: 'CN').fallback- The fallback function to use if the key was not present in the subject.- Returns:
- The newly created extractor.
-
authenticate
- Specified by:
authenticatein interfaceAuthenticationProvider- Throws:
AuthenticationException
-
supports
- Specified by:
supportsin interfaceAuthenticationProvider
-