org.alfresco.repo.security.authentication

Class AbstractChainingAuthenticationService

java.lang.Object

org.alfresco.repo.security.authentication.AbstractAuthenticationService

org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService

All Implemented Interfaces:

AuthenticationService, MutableAuthenticationService

Direct Known Subclasses:

ChainingAuthenticationServiceImpl, SubsystemChainingAuthenticationService

public abstract class AbstractChainingAuthenticationService
extends AbstractAuthenticationService
implements MutableAuthenticationService

A base class for chaining authentication services. Where appropriate, methods will 'chain' across multiple AuthenticationService instances, as returned by getUsableAuthenticationServices().

Author:

dward

Field Summary

Fields inherited from class org.alfresco.repo.security.authentication.AbstractAuthenticationService

GUEST_AUTHENTICATION_NOT_SUPPORTED

Constructor Summary

Constructors

Constructor and Description
AbstractChainingAuthenticationService() Instantiates a new abstract chaining authentication service.

Method Summary

Modifier and Type	Method and Description
void	authenticate(String userName, char[] password) Carry out an authentication attempt.
void	authenticateAsGuest() Authenticate as the guest user.
boolean	authenticationExists(String userName) Check if the given authentication exists.
void	clearCurrentSecurityContext() Remove the current security information
int	countTickets(boolean nonExpiredOnly)
void	createAuthentication(String userName, char[] password) Create an authentication for the given user.
void	deleteAuthentication(String userName) Delete an authentication entry
boolean	getAuthenticationEnabled(String userName) Is an authentication enabled or disabled?
String	getCurrentTicket() Get the current ticket as a string
String	getCurrentUserName() Get the name of the currently authenticated user.
Set<String>	getDefaultAdministratorUserNames() Gets a set of user names who should be considered 'administrators' by default.
Set<String>	getDefaultGuestUserNames() Gets a set of user names who should be considered 'guests' by default.
Set<String>	getDomains() Get the domain to which this instance of an authentication service applies.
Set<String>	getDomainsThatAllowUserCreation() Does this instance alow user to be created?
Set<String>	getDomainsThatAllowUserDeletion() Does this instance allow users to be deleted?
Set<String>	getDomiansThatAllowUserPasswordChanges() Does this instance allow users to update their passwords?
protected String	getId(AuthenticationService authService) Should be overridden to returns the ID of the authService for use in debug.
abstract MutableAuthenticationService	getMutableAuthenticationService() Gets the mutable authentication service.
String	getNewTicket() Get a new ticket as a string
Set<org.alfresco.repo.security.authentication.TicketComponent>	getTicketComponents()
protected abstract List<AuthenticationService>	getUsableAuthenticationServices() Gets the authentication services across which methods will chain.
Set<String>	getUsersWithTickets(boolean nonExpiredOnly)
boolean	guestUserAuthenticationAllowed() Check if Guest user authentication is allowed.
void	invalidateTicket(String ticket) Invalidate a single ticket by ID
int	invalidateTickets(boolean nonExpiredOnly)
void	invalidateUserSession(String userName) Invalidate any tickets held by the user.
boolean	isAuthenticationCreationAllowed() Determines whether authentication creation is allowed.
boolean	isAuthenticationMutable(String userName) Determines whether this user's authentication may be mutated via the other methods.
boolean	isCurrentUserTheSystemUser() Is the current user the system user?
void	setAuthentication(String userName, char[] newPassword) Set the login information for a user (typically called by an admin user)
void	setAuthenticationEnabled(String userName, boolean enabled) Enable or disable an authentication entry
void	updateAuthentication(String userName, char[] oldPassword, char[] newPassword) Update the login information for the user (typically called by the user)
void	validate(String ticket) Validate a ticket.

Methods inherited from class org.alfresco.repo.security.authentication.AbstractAuthenticationService

getAllowedUsers, getMaxUsers, preAuthenticationCheck, setSysAdminParams

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractChainingAuthenticationService

public AbstractChainingAuthenticationService()

Instantiates a new abstract chaining authentication service.

Method Detail

getMutableAuthenticationService

public abstract MutableAuthenticationService getMutableAuthenticationService()

Gets the mutable authentication service.

Returns:

the mutable authentication service

getUsableAuthenticationServices

protected abstract List<AuthenticationService> getUsableAuthenticationServices()

Gets the authentication services across which methods will chain.

Returns:

the usable authentication services

createAuthentication

public void createAuthentication(String userName,
                                 char[] password)
                          throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: MutableAuthenticationService

Create an authentication for the given user.

Specified by:

createAuthentication in interface MutableAuthenticationService

Parameters:

userName - String

password - char[]

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

updateAuthentication

public void updateAuthentication(String userName,
                                 char[] oldPassword,
                                 char[] newPassword)
                          throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: MutableAuthenticationService

Update the login information for the user (typically called by the user)

Specified by:

updateAuthentication in interface MutableAuthenticationService

Parameters:

userName - String

oldPassword - char[]

newPassword - char[]

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

setAuthentication

public void setAuthentication(String userName,
                              char[] newPassword)
                       throws org.alfresco.repo.security.authentication.AuthenticationException

Set the login information for a user (typically called by an admin user)

Specified by:

setAuthentication in interface MutableAuthenticationService

Parameters:

userName - String

newPassword - char[]

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

deleteAuthentication

public void deleteAuthentication(String userName)
                          throws org.alfresco.repo.security.authentication.AuthenticationException

Delete an authentication entry

Specified by:

deleteAuthentication in interface MutableAuthenticationService

Parameters:

userName - String

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

setAuthenticationEnabled

public void setAuthenticationEnabled(String userName,
                                     boolean enabled)
                              throws org.alfresco.repo.security.authentication.AuthenticationException

Enable or disable an authentication entry

Specified by:

setAuthenticationEnabled in interface MutableAuthenticationService

Parameters:

userName - String

enabled - boolean

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

isAuthenticationMutable

public boolean isAuthenticationMutable(String userName)

Determines whether this user's authentication may be mutated via the other methods.

Specified by:

isAuthenticationMutable in interface MutableAuthenticationService

Parameters:

userName - the user ID

Returns:

true if this user's authentication may be mutated via the other methods.

isAuthenticationCreationAllowed

public boolean isAuthenticationCreationAllowed()

Determines whether authentication creation is allowed.

Specified by:

isAuthenticationCreationAllowed in interface MutableAuthenticationService

Returns:

true if authentication creation is allowed

getAuthenticationEnabled

public boolean getAuthenticationEnabled(String userName)
                                 throws org.alfresco.repo.security.authentication.AuthenticationException

Is an authentication enabled or disabled?

Specified by:

getAuthenticationEnabled in interface AuthenticationService

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

authenticate

public void authenticate(String userName,
                         char[] password)
                  throws org.alfresco.repo.security.authentication.AuthenticationException

Carry out an authentication attempt. If successful the user is set to the current user. The current user is a part of the thread context.

Specified by:

authenticate in interface AuthenticationService

Parameters:

userName - the username

password - the passowrd

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

getId

protected String getId(AuthenticationService authService)

Should be overridden to returns the ID of the authService for use in debug.

Parameters:

authService - in question.

Returns:

the ID of the authService. This implementation has no way to work this out so returns the simple class name.

authenticateAsGuest

public void authenticateAsGuest()
                         throws org.alfresco.repo.security.authentication.AuthenticationException

Authenticate as the guest user. This may not be allowed and throw an exception.

Specified by:

authenticateAsGuest in interface AuthenticationService

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

guestUserAuthenticationAllowed

public boolean guestUserAuthenticationAllowed()

Check if Guest user authentication is allowed.

Specified by:

guestUserAuthenticationAllowed in interface AuthenticationService

Returns:

true if Guest user authentication is allowed, false otherwise

authenticationExists

public boolean authenticationExists(String userName)

Check if the given authentication exists.

Specified by:

authenticationExists in interface AuthenticationService

Parameters:

userName - the username

Returns:

Returns true if the authentication exists

getCurrentUserName

public String getCurrentUserName()
                          throws org.alfresco.repo.security.authentication.AuthenticationException

Get the name of the currently authenticated user.

Specified by:

getCurrentUserName in interface AuthenticationService

Returns:

String

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

invalidateUserSession

public void invalidateUserSession(String userName)
                           throws org.alfresco.repo.security.authentication.AuthenticationException

Invalidate any tickets held by the user.

Specified by:

invalidateUserSession in interface AuthenticationService

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

invalidateTicket

public void invalidateTicket(String ticket)
                      throws org.alfresco.repo.security.authentication.AuthenticationException

Invalidate a single ticket by ID

Specified by:

invalidateTicket in interface AuthenticationService

Parameters:

ticket - String

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

validate

public void validate(String ticket)
              throws org.alfresco.repo.security.authentication.AuthenticationException

Validate a ticket. Set the current user name accordingly.

Specified by:

validate in interface AuthenticationService

Parameters:

ticket - String

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

getCurrentTicket

public String getCurrentTicket()

Get the current ticket as a string

Specified by:

getCurrentTicket in interface AuthenticationService

Returns:

String

getNewTicket

public String getNewTicket()

Get a new ticket as a string

Specified by:

getNewTicket in interface AuthenticationService

Returns:

String

clearCurrentSecurityContext

public void clearCurrentSecurityContext()

Remove the current security information

Specified by:

clearCurrentSecurityContext in interface AuthenticationService

isCurrentUserTheSystemUser

public boolean isCurrentUserTheSystemUser()

Is the current user the system user?

Specified by:

isCurrentUserTheSystemUser in interface AuthenticationService

getDomains

public Set<String> getDomains()

Get the domain to which this instance of an authentication service applies.

Specified by:

getDomains in interface AuthenticationService

Returns:

The domain name

getDomainsThatAllowUserCreation

public Set<String> getDomainsThatAllowUserCreation()

Does this instance alow user to be created?

Specified by:

getDomainsThatAllowUserCreation in interface AuthenticationService

getDomainsThatAllowUserDeletion

public Set<String> getDomainsThatAllowUserDeletion()

Does this instance allow users to be deleted?

Specified by:

getDomainsThatAllowUserDeletion in interface AuthenticationService

getDomiansThatAllowUserPasswordChanges

public Set<String> getDomiansThatAllowUserPasswordChanges()

Does this instance allow users to update their passwords?

Specified by:

getDomiansThatAllowUserPasswordChanges in interface AuthenticationService

getUsersWithTickets

public Set<String> getUsersWithTickets(boolean nonExpiredOnly)

Specified by:

getUsersWithTickets in class AbstractAuthenticationService

countTickets

public int countTickets(boolean nonExpiredOnly)

Specified by:

countTickets in class AbstractAuthenticationService

invalidateTickets

public int invalidateTickets(boolean nonExpiredOnly)

Specified by:

invalidateTickets in class AbstractAuthenticationService

getTicketComponents

public Set<org.alfresco.repo.security.authentication.TicketComponent> getTicketComponents()

Specified by:

getTicketComponents in class AbstractAuthenticationService

getDefaultAdministratorUserNames

public Set<String> getDefaultAdministratorUserNames()

Gets a set of user names who should be considered 'administrators' by default.

Specified by:

getDefaultAdministratorUserNames in interface AuthenticationService

Returns:

a set of user names

getDefaultGuestUserNames

public Set<String> getDefaultGuestUserNames()

Gets a set of user names who should be considered 'guests' by default.

Specified by:

getDefaultGuestUserNames in interface AuthenticationService

Returns:

a set of user names