Interface AuthenticationHandler
- All Known Implementing Classes:
AbstractUsernamePasswordAuthHandler
,AnonymousAuthenticationHandler
,AuthenticationHandlerAdapter
,DbAuthenticationHandler
,ForcedTwoFactorAuthenticationHandler
,OpenIdAuthenticationHandler
,RuleRoleHandler
,SessionAuthenticationHandler
,TwoFactorAuthenticationHandler
An AuthenticationHandler can authenticate a given Challenge
using the supplied Credentials
.
It may vote for or against successful authentication of the passed
Challenge
by calling its Challenge.vote(ch.tocco.nice2.security.api.auth.ImmutableChallenge.State)
}
method with an appropriate state.
If a handler cannot cope with the given Credentials
it may not vote at all
leaving authentication decision to other hanlders.
Authentication-Handlers may also be able to set new credentials. In this case, the old credentials that this handler can cope with must be specified to retrieve the principal. The new credentials must be of certain type, this handler supports.
Authentication-Handlers may implement a function to request credentials if a user has forgotten them. In this case old credentials must be supplied to retrieve the principal. Those old credentials are usually incomplete while they must specify enough information for the handler to retrieve the principal. For example, if the password is requested, the old credentials may only hold the username or email address.
-
Field Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
authenticate
(Challenge challenge, Credentials credentials) Authenticates the given challenge by voting for or against it.getName()
Return a name of this handler, used for logging.void
postAuthenticate
(Challenge challenge) After authentication has been successful for all registered AuthenticationHandlers, the post-authentication step is invoked to add more authorization information to the principal which is sure to be not null and authenticated when this method is invoked.default void
postEventListeners
(Challenge challenge) After authentication has been successful for all registered AuthenticationHandlers and after the success event listeners have been call, the postEventListeners step is invoked.boolean
updateCredentials
(Credentials oldCredentials, Credentials newCredentials) Updates the credentials for this handler.
-
Field Details
-
ANONYMOUS_HANDLER_ORDER
static final int ANONYMOUS_HANDLER_ORDER- See Also:
-
SESSION_HASH_HANDLER_ORDER
static final int SESSION_HASH_HANDLER_ORDER- See Also:
-
SESSION_ID_ATTRIBUTE
- See Also:
-
PRINCIPAL_PK_ATTRIBUTE
- See Also:
-
API_KEY_PK_ATTRIBUTE
- See Also:
-
-
Method Details
-
getName
String getName()Return a name of this handler, used for logging. -
authenticate
Authenticates the given challenge by voting for or against it.
If the supplied credentials are unknown to this handler, it may not vote at all, indicating no meaningful knowledge about the challenge.
- Parameters:
challenge
- the authentication challengecredentials
- the credentials supplied by client in case of non-recoverable error. An exception will immediately stop authentication process to failed state.
-
postAuthenticate
After authentication has been successful for all registered AuthenticationHandlers, the post-authentication step is invoked to add more authorization information to the principal which is sure to be not null and authenticated when this method is invoked.
This handler may also decide in this step to give a new vote for this challenge which overrides the previously given vote.
If this throws any exception, authentication process is immediately stopped to failed state.
- Parameters:
challenge
- the challenge to authenticate
-
postEventListeners
After authentication has been successful for all registered AuthenticationHandlers and after the success event listeners have been call, the postEventListeners step is invoked. This could be useful if something needs to be checked after the listeners have been invoked. This handler may also decide in this step to give a new vote for this challenge which overrides the previously given vote. If this throws any exception, authentication process is immediately stopped to failed state. Therefore, it may occur that the authentication listeners are called with state `SUCCESS` and after that again for the same challenge with state `FAILED`, if the authentication failed resp. was cancelled in this step.- Parameters:
challenge
- the authentication challenge
-
updateCredentials
Updates the credentials for this handler.If this handler is not supporting this, return
.false
In case of an exception, the whole process is stopped immediately.
- Parameters:
oldCredentials
- the old credentials are used to get the principalnewCredentials
- the new credentials to set. authentication handlers should only support their sepcific type of credentials- Returns:
- true if credentials were updated successfully, false if skipped
-