Package ch.tocco.nice2.security.spi.auth

Interface AuthenticationHandler

All Known Implementing Classes:

AbstractUsernamePasswordAuthHandler, AnonymousAuthenticationHandler, AuthenticationHandlerAdapter, DbAuthenticationHandler, ForcedTwoFactorAuthenticationHandler, OpenIdAuthenticationHandler, RuleRoleHandler, SessionAuthenticationHandler, TwoFactorAuthenticationHandler

public interface AuthenticationHandler

An AuthenticationHandler can authenticate a given Challenge using the supplied Credentials.

It may vote for or against successful authentication of the passed Challenge by calling its Challenge.vote(ch.tocco.nice2.security.api.auth.ImmutableChallenge.State)} method with an appropriate state.

If a handler cannot cope with the given Credentials it may not vote at all leaving authentication decision to other hanlders.

Authentication-Handlers may also be able to set new credentials. In this case, the old credentials that this handler can cope with must be specified to retrieve the principal. The new credentials must be of certain type, this handler supports.

Authentication-Handlers may implement a function to request credentials if a user has forgotten them. In this case old credentials must be supplied to retrieve the principal. Those old credentials are usually incomplete while they must specify enough information for the handler to retrieve the principal. For example, if the password is requested, the old credentials may only hold the username or email address.

Field Summary

Fields

Modifier and Type	Field	Description
static final int	ANONYMOUS_HANDLER_ORDER
static final String	API_KEY_PK_ATTRIBUTE
static final String	PRINCIPAL_PK_ATTRIBUTE
static final int	SESSION_HASH_HANDLER_ORDER
static final String	SESSION_ID_ATTRIBUTE

Method Summary

Modifier and Type	Method	Description
void	authenticate(Challenge challenge, Credentials credentials)	Authenticates the given challenge by voting for or against it.
String	getName()	Return a name of this handler, used for logging.
void	postAuthenticate(Challenge challenge)	After authentication has been successful for all registered AuthenticationHandlers, the post-authentication step is invoked to add more authorization information to the principal which is sure to be not null and authenticated when this method is invoked.
default void	postEventListeners(Challenge challenge)	After authentication has been successful for all registered AuthenticationHandlers and after the success event listeners have been call, the postEventListeners step is invoked.
boolean	updateCredentials(Credentials oldCredentials, Credentials newCredentials)	Updates the credentials for this handler.

Field Details

ANONYMOUS_HANDLER_ORDER

static final int ANONYMOUS_HANDLER_ORDER

See Also:

• Constant Field Values

SESSION_HASH_HANDLER_ORDER

static final int SESSION_HASH_HANDLER_ORDER

See Also:

• Constant Field Values

SESSION_ID_ATTRIBUTE

static final String SESSION_ID_ATTRIBUTE

See Also:

• Constant Field Values

PRINCIPAL_PK_ATTRIBUTE

static final String PRINCIPAL_PK_ATTRIBUTE

See Also:

• Constant Field Values

API_KEY_PK_ATTRIBUTE

static final String API_KEY_PK_ATTRIBUTE

See Also:

• Constant Field Values

Method Details

getName

String getName()

Return a name of this handler, used for logging.

authenticate

void authenticate(Challenge challenge,
 Credentials credentials)

Authenticates the given challenge by voting for or against it.

If the supplied credentials are unknown to this handler, it may not vote at all, indicating no meaningful knowledge about the challenge.

Parameters:

challenge - the authentication challenge

credentials - the credentials supplied by client in case of non-recoverable error. An exception will immediately stop authentication process to failed state.

postAuthenticate

void postAuthenticate(Challenge challenge)

After authentication has been successful for all registered AuthenticationHandlers, the post-authentication step is invoked to add more authorization information to the principal which is sure to be not null and authenticated when this method is invoked.

This handler may also decide in this step to give a new vote for this challenge which overrides the previously given vote.

If this throws any exception, authentication process is immediately stopped to failed state.

Parameters:

challenge - the challenge to authenticate

postEventListeners

default void postEventListeners(Challenge challenge)

After authentication has been successful for all registered AuthenticationHandlers and after the success event listeners have been call, the postEventListeners step is invoked. This could be useful if something needs to be checked after the listeners have been invoked. This handler may also decide in this step to give a new vote for this challenge which overrides the previously given vote. If this throws any exception, authentication process is immediately stopped to failed state. Therefore, it may occur that the authentication listeners are called with state `SUCCESS` and after that again for the same challenge with state `FAILED`, if the authentication failed resp. was cancelled in this step.

Parameters:

challenge - the authentication challenge

updateCredentials

boolean updateCredentials(Credentials oldCredentials,
 Credentials newCredentials)

Updates the credentials for this handler.

If this handler is not supporting this, return false

.

In case of an exception, the whole process is stopped immediately.

Parameters:

oldCredentials - the old credentials are used to get the principal

newCredentials - the new credentials to set. authentication handlers should only support their sepcific type of credentials

Returns:

true if credentials were updated successfully, false if skipped