diff --git a/changelog.txt b/changelog.txt
index 438f2619e3..0112c50336 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -4,6 +4,7 @@ Changes in version 0.6 (2004-xx-xx)
* Added feature so DaoAuthenticationProvider returns User in Authentication
* Added AbstractIntegrationFilter.secureContext property for custom contexts
* Refactored User to UserDetails interface
+* Improved organisation of DaoAuthenticationProvider to facilitate subclassing
* Fixed Linux compatibility issues (directory case sensitivity etc)
* Fixed AbstractProcessingFilter to handle servlet spec container differences
* Documentation improvements
diff --git a/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
index 4cc31408ae..abedcdc695 100644
--- a/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
@@ -231,10 +231,8 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
principalToReturn = user.getUsername();
}
- // Ensure we return the original credentials the user supplied,
- // so subsequent attempts are successful even with encoded passwords
- return new UsernamePasswordAuthenticationToken(principalToReturn,
- authentication.getCredentials(), user.getAuthorities());
+ return createSuccessAuthentication(principalToReturn, authentication,
+ user);
}
public boolean supports(Class authentication) {
@@ -246,6 +244,21 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
}
}
+ /**
+ * Indicates whether the supplied Authentication object
+ * provided appropriate credentials. This method can be called several
+ * times throughout a single authentication request.
+ *
+ *
+ * Protected so subclasses can override. + *
+ * + * @param authentication that was presented to the + *DaoAuthenticationProvider for validation
+ * @param user that was loaded by the AuthenticationDao
+ *
+ * @return a boolean indicating whether the credentials were correct
+ */
protected boolean isPasswordCorrect(Authentication authentication,
UserDetails user) {
Object salt = null;
@@ -258,6 +271,37 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
authentication.getCredentials().toString(), salt);
}
+ /**
+ * Creates a successful {@link Authentication} object.
+ *
+ *
+ * Protected so subclasses can override. This might be required if multiple
+ * credentials need to be placed into a custom Authentication
+ * object, such as a password as well as a ZIP code.
+ *
+ * Subclasses will usually store the original credentials the user supplied
+ * (not salted or encoded passwords) in the returned
+ * Authentication object.
+ *
DaoAuthenticationProvider for validation
+ * @param user that was loaded by the AuthenticationDao
+ *
+ * @return the successful authentication token
+ */
+ protected Authentication createSuccessAuthentication(Object principal,
+ Authentication authentication, UserDetails user) {
+ // Ensure we return the original credentials the user supplied,
+ // so subsequent attempts are successful even with encoded passwords
+ return new UsernamePasswordAuthenticationToken(principal,
+ authentication.getCredentials(), user.getAuthorities());
+ }
+
private UserDetails getUserFromBackend(String username) {
try {
return this.authenticationDao.loadUserByUsername(username);