AuthenticatorSecman

Authenticator implementation that authenticates the ApplicationUser .

Verifies that

  • the user exists

  • the user is UNLOCKED

  • the user has a persisted ApplicationUser#getEncryptedPassword() encrypted password

  • the provided raw-password, when encrypted, matches the persisted one

This Authenticator is a fallback and is only used if there is no other implementation available.

API

AuthenticatorSecman.java
class AuthenticatorSecman {
  AuthenticatorSecman(ApplicationUserRepository applicationUserRepository, PasswordEncoder passwordEncoder)
  boolean canAuthenticate(Class<? extends AuthenticationRequest> authenticationRequestClass)
  InteractionContext authenticate(AuthenticationRequest request, String code)
  void logout()
}