org.alfresco.repo.security.authentication

Class AbstractAuthenticationComponent

java.lang.Object

org.alfresco.repo.security.authentication.AbstractAuthenticationComponent

All Implemented Interfaces:

AuthenticationComponent, AuthenticationContext

Direct Known Subclasses:

AbstractChainingAuthenticationComponent, AuthenticationComponentImpl, JAASAuthenticationComponent, LDAPAuthenticationComponentImpl, NTLMAuthenticationComponentImpl, SimpleAcceptOrRejectAllAuthenticationComponentImpl

public abstract class AbstractAuthenticationComponent
extends Object
implements AuthenticationComponent

This class abstract the support required to set up and query the Acegi context for security enforcement. There are some simple default method implementations to support simple authentication.

Author:

Andy Hind

Nested Class Summary

Nested classes/interfaces inherited from interface org.alfresco.repo.security.authentication.AuthenticationComponent

AuthenticationComponent.UserNameValidationMode

Constructor Summary

Constructors

Constructor and Description
AbstractAuthenticationComponent()

Method Summary

Modifier and Type	Method and Description
void	authenticate(String userName, char[] password) Authenticate
protected void	authenticateImpl(String userName, char[] password) Default unsupported authentication implementation - as of 2.1 this is the best way to implement your own authentication component as it will support guest login - prior to this direct over ride for authenticate(String , char[]) was used.
void	clearCurrentSecurityContext() Remove the current security information
Boolean	getAllowGuestLogin()
net.sf.acegisecurity.Authentication	getCurrentAuthentication() Get the current authentication context
String	getCurrentUserName() Get the current user name.
Set<String>	getDefaultAdministratorUserNames() Gets a set of user names who for this particular authentication system should be considered administrators by default.
Set<String>	getDefaultGuestUserNames() Gets a set of user names who for this particular authentication system should be considered guests by default.
String	getGuestUserName() Get the name of the Guest User note: for MT, will get guest for default domain only
String	getGuestUserName(String tenantDomain) Get the name of the guest user
org.alfresco.service.cmr.repository.NodeService	getNodeService()
int	getNumberFailedAuthentications()
int	getNumberSuccessfulAuthentications()
PersonService	getPersonService()
String	getSystemUserName() Get the name of the system user note: for MT, will get system for default domain only
String	getSystemUserName(String tenantDomain) Get the name of the system user
TransactionService	getTransactionService()
protected net.sf.acegisecurity.UserDetails	getUserDetails(String userName) Default implementation that makes an ACEGI object on the fly
String	getUserDomain(String userName) Extracts the tenant domain name from a user name
boolean	guestUserAuthenticationAllowed() True if Guest user authentication is allowed, false otherwise
protected abstract boolean	implementationAllowsGuestLogin()
boolean	isCurrentUserTheSystemUser() Is the current user the system user?
boolean	isGuestUserName(String userName) True if this is a guest user ?
boolean	isSystemUserName(String userName) Is this the system user ?
protected void	onAuthenticate()
protected void	onFail()
void	setAllowGuestLogin(Boolean allowGuestLogin) Set if guest login is supported.
void	setAuthenticationContext(AuthenticationContext authenticationContext)
net.sf.acegisecurity.Authentication	setCurrentAuthentication(net.sf.acegisecurity.Authentication authentication) Explicitly set the current suthentication.
net.sf.acegisecurity.Authentication	setCurrentUser(String userName) Explicitly set the current user to be authenticated.
net.sf.acegisecurity.Authentication	setCurrentUser(String userName, AuthenticationComponent.UserNameValidationMode validationMode) Explicitly set the current user to be authenticated.
void	setDefaultAdministratorUserNameList(String defaultAdministratorUserNames) Convenience method to allow the administrator user names to be specified as a comma separated list
void	setDefaultAdministratorUserNames(Set<String> defaultAdministratorUserNames) Sets the user names who for this particular authentication system should be considered administrators by default.
void	setDefaultGuestUserNameList(String defaultGuestUserNames) Convenience method to allow the administrator user names to be specified as a comma separated list
void	setDefaultGuestUserNames(Set<String> defaultGuestUserNames) Sets the user names who for this particular authentication system should be considered administrators by default.
net.sf.acegisecurity.Authentication	setGuestUserAsCurrentUser() Set the guest user as the current user.
void	setNodeService(org.alfresco.service.cmr.repository.NodeService nodeService)
void	setPersonService(PersonService personService)
net.sf.acegisecurity.Authentication	setSystemUserAsCurrentUser() Set the system user as the current user note: for MT, will set to default domain only
net.sf.acegisecurity.Authentication	setSystemUserAsCurrentUser(String tenantDomain) Set the system user as the current user.
void	setTransactionService(TransactionService transactionService)
net.sf.acegisecurity.Authentication	setUserDetails(net.sf.acegisecurity.UserDetails ud) Explicitly set the given validated user details to be authenticated.
void	setUserRegistrySynchronizer(UserRegistrySynchronizer userRegistrySynchronizer)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractAuthenticationComponent

public AbstractAuthenticationComponent()

Method Detail

setAllowGuestLogin

public void setAllowGuestLogin(Boolean allowGuestLogin)

Set if guest login is supported.

Parameters:

allowGuestLogin - Boolean

setAuthenticationContext

public void setAuthenticationContext(AuthenticationContext authenticationContext)

setPersonService

public void setPersonService(PersonService personService)

setNodeService

public void setNodeService(org.alfresco.service.cmr.repository.NodeService nodeService)

setTransactionService

public void setTransactionService(TransactionService transactionService)

setUserRegistrySynchronizer

public void setUserRegistrySynchronizer(UserRegistrySynchronizer userRegistrySynchronizer)

getTransactionService

public TransactionService getTransactionService()

getAllowGuestLogin

public Boolean getAllowGuestLogin()

getNodeService

public org.alfresco.service.cmr.repository.NodeService getNodeService()

getPersonService

public PersonService getPersonService()

authenticate

public void authenticate(String userName,
                         char[] password)
                  throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: AuthenticationComponent

Authenticate

Specified by:

authenticate in interface AuthenticationComponent

Throws:

AuthenticationException

authenticateImpl

protected void authenticateImpl(String userName,
                                char[] password)

Default unsupported authentication implementation - as of 2.1 this is the best way to implement your own authentication component as it will support guest login - prior to this direct over ride for authenticate(String , char[]) was used. This will still work.

Parameters:

userName - String

password - char[]

setCurrentUser

public net.sf.acegisecurity.Authentication setCurrentUser(String userName)
                                                   throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: AuthenticationComponent

Explicitly set the current user to be authenticated.

Specified by:

setCurrentUser in interface AuthenticationComponent

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

setCurrentUser

public net.sf.acegisecurity.Authentication setCurrentUser(String userName,
                                                          AuthenticationComponent.UserNameValidationMode validationMode)

Description copied from interface: AuthenticationComponent

Explicitly set the current user to be authenticated. Specify if the userName is to be checked and fixed

Specified by:

setCurrentUser in interface AuthenticationComponent

getUserDetails

protected net.sf.acegisecurity.UserDetails getUserDetails(String userName)

Default implementation that makes an ACEGI object on the fly

Parameters:

userName - String

Returns:

UserDetails

setCurrentAuthentication

public net.sf.acegisecurity.Authentication setCurrentAuthentication(net.sf.acegisecurity.Authentication authentication)

Description copied from interface: AuthenticationContext

Explicitly set the current suthentication. If the authentication is null the the current authentication is cleared.

Specified by:

setCurrentAuthentication in interface AuthenticationContext

Parameters:

authentication - the current authentication (may be null).

Returns:

Returns the modified authentication instance or null if it was cleared.

getCurrentAuthentication

public net.sf.acegisecurity.Authentication getCurrentAuthentication()
                                                             throws org.alfresco.repo.security.authentication.AuthenticationException

Get the current authentication context

Specified by:

getCurrentAuthentication in interface AuthenticationContext

Returns:

Authentication

Throws:

AuthenticationException

getCurrentUserName

public String getCurrentUserName()
                          throws org.alfresco.repo.security.authentication.AuthenticationException

Get the current user name.

Specified by:

getCurrentUserName in interface AuthenticationContext

Returns:

String

Throws:

AuthenticationException

setSystemUserAsCurrentUser

public net.sf.acegisecurity.Authentication setSystemUserAsCurrentUser()

Set the system user as the current user note: for MT, will set to default domain only

Specified by:

setSystemUserAsCurrentUser in interface AuthenticationContext

Returns:

Authentication

getSystemUserName

public String getSystemUserName()

Get the name of the system user note: for MT, will get system for default domain only

Specified by:

getSystemUserName in interface AuthenticationContext

Returns:

String

isSystemUserName

public boolean isSystemUserName(String userName)

Is this the system user ?

Specified by:

isSystemUserName in interface AuthenticationContext

Returns:

boolean

isCurrentUserTheSystemUser

public boolean isCurrentUserTheSystemUser()

Is the current user the system user?

Specified by:

isCurrentUserTheSystemUser in interface AuthenticationContext

Returns:

boolean

getGuestUserName

public String getGuestUserName()

Get the name of the Guest User note: for MT, will get guest for default domain only

Specified by:

getGuestUserName in interface AuthenticationContext

Returns:

String

getGuestUserName

public String getGuestUserName(String tenantDomain)

Description copied from interface: AuthenticationContext

Get the name of the guest user

Specified by:

getGuestUserName in interface AuthenticationContext

setGuestUserAsCurrentUser

public net.sf.acegisecurity.Authentication setGuestUserAsCurrentUser()
                                                              throws org.alfresco.repo.security.authentication.AuthenticationException

Set the guest user as the current user. note: for MT, will set to default domain only

Specified by:

setGuestUserAsCurrentUser in interface AuthenticationComponent

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

isGuestUserName

public boolean isGuestUserName(String userName)

Description copied from interface: AuthenticationContext

True if this is a guest user ?

Specified by:

isGuestUserName in interface AuthenticationContext

implementationAllowsGuestLogin

protected abstract boolean implementationAllowsGuestLogin()

guestUserAuthenticationAllowed

public boolean guestUserAuthenticationAllowed()

Description copied from interface: AuthenticationComponent

True if Guest user authentication is allowed, false otherwise

Specified by:

guestUserAuthenticationAllowed in interface AuthenticationComponent

Returns:

true if Guest user authentication is allowed, false otherwise

clearCurrentSecurityContext

public void clearCurrentSecurityContext()

Remove the current security information

Specified by:

clearCurrentSecurityContext in interface AuthenticationContext

getDefaultAdministratorUserNames

public Set<String> getDefaultAdministratorUserNames()

Gets a set of user names who for this particular authentication system should be considered administrators by default. If the security framework is case sensitive these values should be case sensitive user names. If the security framework is not case sensitive these values should be the lower-case user names.

Specified by:

getDefaultAdministratorUserNames in interface AuthenticationComponent

Returns:

a set of user names

setDefaultAdministratorUserNames

public void setDefaultAdministratorUserNames(Set<String> defaultAdministratorUserNames)

Sets the user names who for this particular authentication system should be considered administrators by default.

Parameters:

defaultAdministratorUserNames - a set of user names

setDefaultAdministratorUserNameList

public void setDefaultAdministratorUserNameList(String defaultAdministratorUserNames)

Convenience method to allow the administrator user names to be specified as a comma separated list

Parameters:

defaultAdministratorUserNames - String

getDefaultGuestUserNames

public Set<String> getDefaultGuestUserNames()

Description copied from interface: AuthenticationComponent

Gets a set of user names who for this particular authentication system should be considered guests by default. If the security framework is case sensitive these values should be case sensitive user names. If the security framework is not case sensitive these values should be the lower-case user names.

Specified by:

getDefaultGuestUserNames in interface AuthenticationComponent

Returns:

a set of user names

setDefaultGuestUserNames

public void setDefaultGuestUserNames(Set<String> defaultGuestUserNames)

Sets the user names who for this particular authentication system should be considered administrators by default.

Parameters:

defaultGuestUserNames - a set of user names

setDefaultGuestUserNameList

public void setDefaultGuestUserNameList(String defaultGuestUserNames)

Convenience method to allow the administrator user names to be specified as a comma separated list

Parameters:

defaultGuestUserNames - String

getSystemUserName

public String getSystemUserName(String tenantDomain)

Description copied from interface: AuthenticationContext

Get the name of the system user

Specified by:

getSystemUserName in interface AuthenticationContext

getUserDomain

public String getUserDomain(String userName)

Description copied from interface: AuthenticationContext

Extracts the tenant domain name from a user name

Specified by:

getUserDomain in interface AuthenticationContext

Parameters:

userName - a user name

Returns:

a tenant domain name

setSystemUserAsCurrentUser

public net.sf.acegisecurity.Authentication setSystemUserAsCurrentUser(String tenantDomain)

Description copied from interface: AuthenticationContext

Set the system user as the current user.

Specified by:

setSystemUserAsCurrentUser in interface AuthenticationContext

setUserDetails

public net.sf.acegisecurity.Authentication setUserDetails(net.sf.acegisecurity.UserDetails ud)

Description copied from interface: AuthenticationContext

Explicitly set the given validated user details to be authenticated.

Specified by:

setUserDetails in interface AuthenticationContext

Parameters:

ud - the User Details

Returns:

Authentication

onAuthenticate

protected void onAuthenticate()

onFail

protected void onFail()

getNumberSuccessfulAuthentications

public int getNumberSuccessfulAuthentications()

getNumberFailedAuthentications

public int getNumberFailedAuthentications()