Class AbstractChainingAuthenticationService
- java.lang.Object
-
- org.alfresco.repo.security.authentication.AbstractAuthenticationService
-
- org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService
-
- All Implemented Interfaces:
AuthenticationService,MutableAuthenticationService
- Direct Known Subclasses:
ChainingAuthenticationServiceImpl,SubsystemChainingAuthenticationService
public abstract class AbstractChainingAuthenticationService extends AbstractAuthenticationService implements MutableAuthenticationService
A base class for chaining authentication services. Where appropriate, methods will 'chain' across multipleAuthenticationServiceinstances, as returned bygetUsableAuthenticationServices().- Author:
- dward
-
-
Field Summary
Fields Modifier and Type Field Description protected org.apache.commons.logging.Loglogger-
Fields inherited from class org.alfresco.repo.security.authentication.AbstractAuthenticationService
GUEST_AUTHENTICATION_NOT_SUPPORTED
-
-
Constructor Summary
Constructors Constructor Description AbstractChainingAuthenticationService()Instantiates a new abstract chaining authentication service.
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description voidauthenticate(java.lang.String userName, char[] password)Carry out an authentication attempt.voidauthenticateAsGuest()Authenticate as the guest user.booleanauthenticationExists(java.lang.String userName)Check if the given authentication exists.voidclearCurrentSecurityContext()Remove the current security informationintcountTickets(boolean nonExpiredOnly)voidcreateAuthentication(java.lang.String userName, char[] password)Create an authentication for the given user.voiddeleteAuthentication(java.lang.String userName)Delete an authentication entrybooleangetAuthenticationEnabled(java.lang.String userName)Is an authentication enabled or disabled?java.lang.StringgetCurrentTicket()Get the current ticket as a stringjava.lang.StringgetCurrentUserName()Get the name of the currently authenticated user.java.util.Set<java.lang.String>getDefaultAdministratorUserNames()Gets a set of user names who should be considered 'administrators' by default.java.util.Set<java.lang.String>getDefaultGuestUserNames()Gets a set of user names who should be considered 'guests' by default.java.util.Set<java.lang.String>getDomains()Get the domain to which this instance of an authentication service applies.java.util.Set<java.lang.String>getDomainsThatAllowUserCreation()Does this instance alow user to be created?java.util.Set<java.lang.String>getDomainsThatAllowUserDeletion()Does this instance allow users to be deleted?java.util.Set<java.lang.String>getDomiansThatAllowUserPasswordChanges()Does this instance allow users to update their passwords?protected java.lang.StringgetId(AuthenticationService authService)Should be overridden to returns the ID of the authService for use in debug.abstract MutableAuthenticationServicegetMutableAuthenticationService()Gets the mutable authentication service.java.lang.StringgetNewTicket()Get a new ticket as a stringjava.util.Set<org.alfresco.repo.security.authentication.TicketComponent>getTicketComponents()protected abstract java.util.List<AuthenticationService>getUsableAuthenticationServices()Gets the authentication services across which methods will chain.java.util.Set<java.lang.String>getUsersWithTickets(boolean nonExpiredOnly)booleanguestUserAuthenticationAllowed()Check if Guest user authentication is allowed.voidinvalidateTicket(java.lang.String ticket)Invalidate a single ticket by IDintinvalidateTickets(boolean nonExpiredOnly)voidinvalidateUserSession(java.lang.String userName)Invalidate any tickets held by the user.booleanisAuthenticationCreationAllowed()Determines whether authentication creation is allowed.booleanisAuthenticationMutable(java.lang.String userName)Determines whether this user's authentication may be mutated via the other methods.booleanisCurrentUserTheSystemUser()Is the current user the system user?voidsetAuthentication(java.lang.String userName, char[] newPassword)Set the login information for a user (typically called by an admin user)voidsetAuthenticationEnabled(java.lang.String userName, boolean enabled)Enable or disable an authentication entryvoidupdateAuthentication(java.lang.String userName, char[] oldPassword, char[] newPassword)Update the login information for the user (typically called by the user)voidvalidate(java.lang.String ticket)Validate a ticket.-
Methods inherited from class org.alfresco.repo.security.authentication.AbstractAuthenticationService
getAllowedUsers, getMaxUsers, preAuthenticationCheck, setSysAdminParams
-
-
-
-
Method Detail
-
getMutableAuthenticationService
public abstract MutableAuthenticationService getMutableAuthenticationService()
Gets the mutable authentication service.- Returns:
- the mutable authentication service
-
getUsableAuthenticationServices
protected abstract java.util.List<AuthenticationService> getUsableAuthenticationServices()
Gets the authentication services across which methods will chain.- Returns:
- the usable authentication services
-
createAuthentication
public void createAuthentication(java.lang.String userName, char[] password) throws org.alfresco.repo.security.authentication.AuthenticationExceptionDescription copied from interface:MutableAuthenticationServiceCreate an authentication for the given user.- Specified by:
createAuthenticationin interfaceMutableAuthenticationService- Parameters:
userName- Stringpassword- char[]- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
updateAuthentication
public void updateAuthentication(java.lang.String userName, char[] oldPassword, char[] newPassword) throws org.alfresco.repo.security.authentication.AuthenticationExceptionDescription copied from interface:MutableAuthenticationServiceUpdate the login information for the user (typically called by the user)- Specified by:
updateAuthenticationin interfaceMutableAuthenticationService- Parameters:
userName- StringoldPassword- char[]newPassword- char[]- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
setAuthentication
public void setAuthentication(java.lang.String userName, char[] newPassword) throws org.alfresco.repo.security.authentication.AuthenticationExceptionSet the login information for a user (typically called by an admin user)- Specified by:
setAuthenticationin interfaceMutableAuthenticationService- Parameters:
userName- StringnewPassword- char[]- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
deleteAuthentication
public void deleteAuthentication(java.lang.String userName) throws org.alfresco.repo.security.authentication.AuthenticationExceptionDelete an authentication entry- Specified by:
deleteAuthenticationin interfaceMutableAuthenticationService- Parameters:
userName- String- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
setAuthenticationEnabled
public void setAuthenticationEnabled(java.lang.String userName, boolean enabled) throws org.alfresco.repo.security.authentication.AuthenticationExceptionEnable or disable an authentication entry- Specified by:
setAuthenticationEnabledin interfaceMutableAuthenticationService- Parameters:
userName- Stringenabled- boolean- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
isAuthenticationMutable
public boolean isAuthenticationMutable(java.lang.String userName)
Determines whether this user's authentication may be mutated via the other methods.- Specified by:
isAuthenticationMutablein interfaceMutableAuthenticationService- Parameters:
userName- the user ID- Returns:
trueif this user's authentication may be mutated via the other methods.
-
isAuthenticationCreationAllowed
public boolean isAuthenticationCreationAllowed()
Determines whether authentication creation is allowed.- Specified by:
isAuthenticationCreationAllowedin interfaceMutableAuthenticationService- Returns:
trueif authentication creation is allowed
-
getAuthenticationEnabled
public boolean getAuthenticationEnabled(java.lang.String userName) throws org.alfresco.repo.security.authentication.AuthenticationExceptionIs an authentication enabled or disabled?- Specified by:
getAuthenticationEnabledin interfaceAuthenticationService- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
authenticate
public void authenticate(java.lang.String userName, char[] password) throws org.alfresco.repo.security.authentication.AuthenticationExceptionCarry out an authentication attempt. If successful the user is set to the current user. The current user is a part of the thread context.- Specified by:
authenticatein interfaceAuthenticationService- Parameters:
userName- the usernamepassword- the passowrd- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
getId
protected java.lang.String getId(AuthenticationService authService)
Should be overridden to returns the ID of the authService for use in debug.- Parameters:
authService- in question.- Returns:
- the ID of the authService. This implementation has no way to work this out so returns the simple class name.
-
authenticateAsGuest
public void authenticateAsGuest() throws org.alfresco.repo.security.authentication.AuthenticationExceptionAuthenticate as the guest user. This may not be allowed and throw an exception.- Specified by:
authenticateAsGuestin interfaceAuthenticationService- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
guestUserAuthenticationAllowed
public boolean guestUserAuthenticationAllowed()
Check if Guest user authentication is allowed.- Specified by:
guestUserAuthenticationAllowedin interfaceAuthenticationService- Returns:
- true if Guest user authentication is allowed, false otherwise
-
authenticationExists
public boolean authenticationExists(java.lang.String userName)
Check if the given authentication exists.- Specified by:
authenticationExistsin interfaceAuthenticationService- Parameters:
userName- the username- Returns:
- Returns true if the authentication exists
-
getCurrentUserName
public java.lang.String getCurrentUserName() throws org.alfresco.repo.security.authentication.AuthenticationExceptionGet the name of the currently authenticated user.- Specified by:
getCurrentUserNamein interfaceAuthenticationService- Returns:
- String
- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
invalidateUserSession
public void invalidateUserSession(java.lang.String userName) throws org.alfresco.repo.security.authentication.AuthenticationExceptionInvalidate any tickets held by the user.- Specified by:
invalidateUserSessionin interfaceAuthenticationService- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
invalidateTicket
public void invalidateTicket(java.lang.String ticket) throws org.alfresco.repo.security.authentication.AuthenticationExceptionInvalidate a single ticket by ID- Specified by:
invalidateTicketin interfaceAuthenticationService- Parameters:
ticket- String- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
validate
public void validate(java.lang.String ticket) throws org.alfresco.repo.security.authentication.AuthenticationExceptionValidate a ticket. Set the current user name accordingly.- Specified by:
validatein interfaceAuthenticationService- Parameters:
ticket- String- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
getCurrentTicket
public java.lang.String getCurrentTicket()
Get the current ticket as a string- Specified by:
getCurrentTicketin interfaceAuthenticationService- Returns:
- String
-
getNewTicket
public java.lang.String getNewTicket()
Get a new ticket as a string- Specified by:
getNewTicketin interfaceAuthenticationService- Returns:
- String
-
clearCurrentSecurityContext
public void clearCurrentSecurityContext()
Remove the current security information- Specified by:
clearCurrentSecurityContextin interfaceAuthenticationService
-
isCurrentUserTheSystemUser
public boolean isCurrentUserTheSystemUser()
Is the current user the system user?- Specified by:
isCurrentUserTheSystemUserin interfaceAuthenticationService
-
getDomains
public java.util.Set<java.lang.String> getDomains()
Get the domain to which this instance of an authentication service applies.- Specified by:
getDomainsin interfaceAuthenticationService- Returns:
- The domain name
-
getDomainsThatAllowUserCreation
public java.util.Set<java.lang.String> getDomainsThatAllowUserCreation()
Does this instance alow user to be created?- Specified by:
getDomainsThatAllowUserCreationin interfaceAuthenticationService
-
getDomainsThatAllowUserDeletion
public java.util.Set<java.lang.String> getDomainsThatAllowUserDeletion()
Does this instance allow users to be deleted?- Specified by:
getDomainsThatAllowUserDeletionin interfaceAuthenticationService
-
getDomiansThatAllowUserPasswordChanges
public java.util.Set<java.lang.String> getDomiansThatAllowUserPasswordChanges()
Does this instance allow users to update their passwords?- Specified by:
getDomiansThatAllowUserPasswordChangesin interfaceAuthenticationService
-
getUsersWithTickets
public java.util.Set<java.lang.String> getUsersWithTickets(boolean nonExpiredOnly)
- Specified by:
getUsersWithTicketsin classAbstractAuthenticationService
-
countTickets
public int countTickets(boolean nonExpiredOnly)
- Specified by:
countTicketsin classAbstractAuthenticationService
-
invalidateTickets
public int invalidateTickets(boolean nonExpiredOnly)
- Specified by:
invalidateTicketsin classAbstractAuthenticationService
-
getTicketComponents
public java.util.Set<org.alfresco.repo.security.authentication.TicketComponent> getTicketComponents()
- Specified by:
getTicketComponentsin classAbstractAuthenticationService
-
getDefaultAdministratorUserNames
public java.util.Set<java.lang.String> getDefaultAdministratorUserNames()
Gets a set of user names who should be considered 'administrators' by default.- Specified by:
getDefaultAdministratorUserNamesin interfaceAuthenticationService- Returns:
- a set of user names
-
getDefaultGuestUserNames
public java.util.Set<java.lang.String> getDefaultGuestUserNames()
Gets a set of user names who should be considered 'guests' by default.- Specified by:
getDefaultGuestUserNamesin interfaceAuthenticationService- Returns:
- a set of user names
-
-