Class AuthenticationServiceImpl
- java.lang.Object
-
- org.alfresco.repo.security.authentication.AbstractAuthenticationService
-
- org.alfresco.repo.security.authentication.AuthenticationServiceImpl
-
- All Implemented Interfaces:
ActivateableBean,AuthenticationService
- Direct Known Subclasses:
MutableAuthenticationServiceImpl
public class AuthenticationServiceImpl extends AbstractAuthenticationService implements ActivateableBean
-
-
Field Summary
-
Fields inherited from class org.alfresco.repo.security.authentication.AbstractAuthenticationService
GUEST_AUTHENTICATION_NOT_SUPPORTED
-
-
Constructor Summary
Constructors Constructor Description AuthenticationServiceImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidauthenticate(java.lang.String userName, char[] password)Carry out an authentication attempt.voidauthenticateAsGuest()Authenticate as the guest user.booleanauthenticationExists(java.lang.String userName)Check if the given authentication exists.voidclearCurrentSecurityContext()Remove the current security informationintcountTickets(boolean nonExpiredOnly)booleangetAllowsUserCreation()booleangetAllowsUserDeletion()booleangetAllowsUserPasswordChange()booleangetAuthenticationEnabled(java.lang.String userName)Is an authentication enabled or disabled?java.lang.StringgetCurrentTicket()Get the current ticket as a stringjava.lang.StringgetCurrentUserName()Get the name of the currently authenticated user.java.util.Set<java.lang.String>getDefaultAdministratorUserNames()Gets a set of user names who should be considered 'administrators' by default.java.util.Set<java.lang.String>getDefaultGuestUserNames()Gets a set of user names who should be considered 'guests' by default.java.lang.StringgetDomain()java.util.Set<java.lang.String>getDomains()Get the domain to which this instance of an authentication service applies.java.util.Set<java.lang.String>getDomainsThatAllowUserCreation()Does this instance alow user to be created?java.util.Set<java.lang.String>getDomainsThatAllowUserDeletion()Does this instance allow users to be deleted?java.util.Set<java.lang.String>getDomiansThatAllowUserPasswordChanges()Does this instance allow users to update their passwords?java.lang.StringgetNewTicket()Get a new ticket as a stringprotected java.lang.StringgetPrevalidationTenantDomain()This method is called from thevalidate(String)method.java.lang.StringgetProtectedUserKey(java.lang.String userName)Creates a key by combining the service instance ID with the username.java.util.Set<org.alfresco.repo.security.authentication.TicketComponent>getTicketComponents()java.util.Set<java.lang.String>getUsersWithTickets(boolean nonExpiredOnly)booleanguestUserAuthenticationAllowed()Check if Guest user authentication is allowed.voidinvalidateTicket(java.lang.String ticket)Invalidate a single ticket by IDintinvalidateTickets(boolean expiredOnly)voidinvalidateUserSession(java.lang.String userName)Invalidate any tickets held by the user.booleanisActive()Determines whether this bean is active.booleanisCurrentUserTheSystemUser()Is the current user the system user?booleanisProtectionEnabled()booleanisUserProtected(java.lang.String userName)voidrecordFailedAuthentication(java.lang.String userName)Method records a failed login attempt.voidsetAllowsUserCreation(boolean allowsUserCreation)voidsetAllowsUserDeletion(boolean allowsUserDeletion)voidsetAllowsUserPasswordChange(boolean allowsUserPasswordChange)voidsetAuthenticationComponent(AuthenticationComponent authenticationComponent)voidsetDomain(java.lang.String domain)voidsetPersonService(PersonService personService)voidsetProtectedUsersCache(org.alfresco.repo.cache.SimpleCache<java.lang.String,org.alfresco.repo.security.authentication.ProtectedUser> protectedUsersCache)voidsetProtectionEnabled(boolean protectionEnabled)voidsetProtectionLimit(int protectionLimit)voidsetProtectionPeriodSeconds(int protectionPeriodSeconds)voidsetTicketComponent(org.alfresco.repo.security.authentication.TicketComponent ticketComponent)voidvalidate(java.lang.String ticket)Validate a ticket.-
Methods inherited from class org.alfresco.repo.security.authentication.AbstractAuthenticationService
getAllowedUsers, getMaxUsers, preAuthenticationCheck, setSysAdminParams
-
-
-
-
Method Detail
-
setProtectionPeriodSeconds
public void setProtectionPeriodSeconds(int protectionPeriodSeconds)
-
setProtectionEnabled
public void setProtectionEnabled(boolean protectionEnabled)
-
isProtectionEnabled
public boolean isProtectionEnabled()
-
setProtectionLimit
public void setProtectionLimit(int protectionLimit)
-
setProtectedUsersCache
public void setProtectedUsersCache(org.alfresco.repo.cache.SimpleCache<java.lang.String,org.alfresco.repo.security.authentication.ProtectedUser> protectedUsersCache)
-
setPersonService
public void setPersonService(PersonService personService)
-
setTicketComponent
public void setTicketComponent(org.alfresco.repo.security.authentication.TicketComponent ticketComponent)
-
setAuthenticationComponent
public void setAuthenticationComponent(AuthenticationComponent authenticationComponent)
-
isActive
public boolean isActive()
Description copied from interface:ActivateableBeanDetermines whether this bean is active.- Specified by:
isActivein interfaceActivateableBean- Returns:
trueif this bean is active
-
authenticate
public void authenticate(java.lang.String userName, char[] password) throws org.alfresco.repo.security.authentication.AuthenticationExceptionDescription copied from interface:AuthenticationServiceCarry out an authentication attempt. If successful the user is set to the current user. The current user is a part of the thread context.- Specified by:
authenticatein interfaceAuthenticationService- Parameters:
userName- the usernamepassword- the passowrd- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
isUserProtected
public boolean isUserProtected(java.lang.String userName)
- Returns:
trueif user is 'protected' from brute force attack
-
recordFailedAuthentication
public void recordFailedAuthentication(java.lang.String userName)
Method records a failed login attempt. If the number of recorded failures exceedsprotectionLimitthe user will be considered 'protected'.
-
getProtectedUserKey
public java.lang.String getProtectedUserKey(java.lang.String userName)
Creates a key by combining the service instance ID with the username. This are the type of keys maintained by protectedUsersCache map.
-
getCurrentUserName
public java.lang.String getCurrentUserName() throws org.alfresco.repo.security.authentication.AuthenticationExceptionDescription copied from interface:AuthenticationServiceGet the name of the currently authenticated user.- Specified by:
getCurrentUserNamein interfaceAuthenticationService- Returns:
- String
- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
invalidateUserSession
public void invalidateUserSession(java.lang.String userName) throws org.alfresco.repo.security.authentication.AuthenticationExceptionDescription copied from interface:AuthenticationServiceInvalidate any tickets held by the user.- Specified by:
invalidateUserSessionin interfaceAuthenticationService- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
getUsersWithTickets
public java.util.Set<java.lang.String> getUsersWithTickets(boolean nonExpiredOnly)
- Specified by:
getUsersWithTicketsin classAbstractAuthenticationService
-
invalidateTicket
public void invalidateTicket(java.lang.String ticket) throws org.alfresco.repo.security.authentication.AuthenticationExceptionDescription copied from interface:AuthenticationServiceInvalidate a single ticket by ID- Specified by:
invalidateTicketin interfaceAuthenticationService- Parameters:
ticket- String- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
countTickets
public int countTickets(boolean nonExpiredOnly)
- Specified by:
countTicketsin classAbstractAuthenticationService
-
invalidateTickets
public int invalidateTickets(boolean expiredOnly)
- Specified by:
invalidateTicketsin classAbstractAuthenticationService
-
validate
public void validate(java.lang.String ticket) throws org.alfresco.repo.security.authentication.AuthenticationExceptionDescription copied from interface:AuthenticationServiceValidate a ticket. Set the current user name accordingly.- Specified by:
validatein interfaceAuthenticationService- Parameters:
ticket- String- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
getPrevalidationTenantDomain
protected java.lang.String getPrevalidationTenantDomain()
This method is called from thevalidate(String)method. If this method returns null then the user's tenant will be obtained from the username. This is generally correct in the case where the user can be associated with just one tenant. Override this method in order to force the selection of a different tenant (for whatever reason).- Returns:
- String
-
getCurrentTicket
public java.lang.String getCurrentTicket() throws org.alfresco.repo.security.authentication.AuthenticationExceptionDescription copied from interface:AuthenticationServiceGet the current ticket as a string- Specified by:
getCurrentTicketin interfaceAuthenticationService- Returns:
- String
- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
getNewTicket
public java.lang.String getNewTicket()
Description copied from interface:AuthenticationServiceGet a new ticket as a string- Specified by:
getNewTicketin interfaceAuthenticationService- Returns:
- String
-
clearCurrentSecurityContext
public void clearCurrentSecurityContext()
Description copied from interface:AuthenticationServiceRemove the current security information- Specified by:
clearCurrentSecurityContextin interfaceAuthenticationService
-
isCurrentUserTheSystemUser
public boolean isCurrentUserTheSystemUser()
Description copied from interface:AuthenticationServiceIs the current user the system user?- Specified by:
isCurrentUserTheSystemUserin interfaceAuthenticationService
-
authenticateAsGuest
public void authenticateAsGuest() throws org.alfresco.repo.security.authentication.AuthenticationExceptionDescription copied from interface:AuthenticationServiceAuthenticate as the guest user. This may not be allowed and throw an exception.- Specified by:
authenticateAsGuestin interfaceAuthenticationService- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
guestUserAuthenticationAllowed
public boolean guestUserAuthenticationAllowed()
Description copied from interface:AuthenticationServiceCheck if Guest user authentication is allowed.- Specified by:
guestUserAuthenticationAllowedin interfaceAuthenticationService- Returns:
- true if Guest user authentication is allowed, false otherwise
-
getAllowsUserCreation
public boolean getAllowsUserCreation()
-
setAllowsUserCreation
public void setAllowsUserCreation(boolean allowsUserCreation)
-
getAllowsUserDeletion
public boolean getAllowsUserDeletion()
-
setAllowsUserDeletion
public void setAllowsUserDeletion(boolean allowsUserDeletion)
-
getAllowsUserPasswordChange
public boolean getAllowsUserPasswordChange()
-
setAllowsUserPasswordChange
public void setAllowsUserPasswordChange(boolean allowsUserPasswordChange)
-
getDomain
public java.lang.String getDomain()
-
setDomain
public void setDomain(java.lang.String domain)
-
getDomains
public java.util.Set<java.lang.String> getDomains()
Description copied from interface:AuthenticationServiceGet the domain to which this instance of an authentication service applies.- Specified by:
getDomainsin interfaceAuthenticationService- Returns:
- The domain name
-
getDomainsThatAllowUserCreation
public java.util.Set<java.lang.String> getDomainsThatAllowUserCreation()
Description copied from interface:AuthenticationServiceDoes this instance alow user to be created?- Specified by:
getDomainsThatAllowUserCreationin interfaceAuthenticationService
-
getDomainsThatAllowUserDeletion
public java.util.Set<java.lang.String> getDomainsThatAllowUserDeletion()
Description copied from interface:AuthenticationServiceDoes this instance allow users to be deleted?- Specified by:
getDomainsThatAllowUserDeletionin interfaceAuthenticationService
-
getDomiansThatAllowUserPasswordChanges
public java.util.Set<java.lang.String> getDomiansThatAllowUserPasswordChanges()
Description copied from interface:AuthenticationServiceDoes this instance allow users to update their passwords?- Specified by:
getDomiansThatAllowUserPasswordChangesin interfaceAuthenticationService
-
getTicketComponents
public java.util.Set<org.alfresco.repo.security.authentication.TicketComponent> getTicketComponents()
- Specified by:
getTicketComponentsin classAbstractAuthenticationService
-
getDefaultAdministratorUserNames
public java.util.Set<java.lang.String> getDefaultAdministratorUserNames()
Gets a set of user names who should be considered 'administrators' by default.- Specified by:
getDefaultAdministratorUserNamesin interfaceAuthenticationService- Returns:
- a set of user names
-
getDefaultGuestUserNames
public java.util.Set<java.lang.String> getDefaultGuestUserNames()
Gets a set of user names who should be considered 'guests' by default.- Specified by:
getDefaultGuestUserNamesin interfaceAuthenticationService- Returns:
- a set of user names
-
authenticationExists
public boolean authenticationExists(java.lang.String userName)
Check if the given authentication exists.- Specified by:
authenticationExistsin interfaceAuthenticationService- Parameters:
userName- the username- Returns:
- Returns true if the authentication exists
-
getAuthenticationEnabled
public boolean getAuthenticationEnabled(java.lang.String userName) throws org.alfresco.repo.security.authentication.AuthenticationExceptionIs an authentication enabled or disabled?- Specified by:
getAuthenticationEnabledin interfaceAuthenticationService- Throws:
org.alfresco.repo.security.authentication.AuthenticationException
-
-