org.alfresco.repo.security.authentication

Class AuthenticationServiceImpl

java.lang.Object

org.alfresco.repo.security.authentication.AbstractAuthenticationService

org.alfresco.repo.security.authentication.AuthenticationServiceImpl

All Implemented Interfaces:

ActivateableBean, AuthenticationService

Direct Known Subclasses:

MutableAuthenticationServiceImpl

public class AuthenticationServiceImpl
extends AbstractAuthenticationService
implements ActivateableBean

Field Summary

Fields inherited from class org.alfresco.repo.security.authentication.AbstractAuthenticationService

GUEST_AUTHENTICATION_NOT_SUPPORTED

Constructor Summary

Constructors

Constructor and Description
AuthenticationServiceImpl()

Method Summary

Modifier and Type	Method and Description
void	authenticate(String userName, char[] password) Carry out an authentication attempt.
void	authenticateAsGuest() Authenticate as the guest user.
boolean	authenticationExists(String userName) Check if the given authentication exists.
void	clearCurrentSecurityContext() Remove the current security information
int	countTickets(boolean nonExpiredOnly)
boolean	getAllowsUserCreation()
boolean	getAllowsUserDeletion()
boolean	getAllowsUserPasswordChange()
boolean	getAuthenticationEnabled(String userName) Is an authentication enabled or disabled?
String	getCurrentTicket() Get the current ticket as a string
String	getCurrentUserName() Get the name of the currently authenticated user.
Set<String>	getDefaultAdministratorUserNames() Gets a set of user names who should be considered 'administrators' by default.
Set<String>	getDefaultGuestUserNames() Gets a set of user names who should be considered 'guests' by default.
String	getDomain()
Set<String>	getDomains() Get the domain to which this instance of an authentication service applies.
Set<String>	getDomainsThatAllowUserCreation() Does this instance alow user to be created?
Set<String>	getDomainsThatAllowUserDeletion() Does this instance allow users to be deleted?
Set<String>	getDomiansThatAllowUserPasswordChanges() Does this instance allow users to update their passwords?
String	getNewTicket() Get a new ticket as a string
protected String	getPrevalidationTenantDomain() This method is called from the validate(String) method.
Set<org.alfresco.repo.security.authentication.TicketComponent>	getTicketComponents()
Set<String>	getUsersWithTickets(boolean nonExpiredOnly)
boolean	guestUserAuthenticationAllowed() Check if Guest user authentication is allowed.
void	invalidateTicket(String ticket) Invalidate a single ticket by ID
int	invalidateTickets(boolean expiredOnly)
void	invalidateUserSession(String userName) Invalidate any tickets held by the user.
boolean	isActive() Determines whether this bean is active.
boolean	isCurrentUserTheSystemUser() Is the current user the system user?
boolean	isUserProtected(String userName)
void	recordFailedAuthentication(String userName) Method records a failed login attempt.
void	setAllowsUserCreation(boolean allowsUserCreation)
void	setAllowsUserDeletion(boolean allowsUserDeletion)
void	setAllowsUserPasswordChange(boolean allowsUserPasswordChange)
void	setAuthenticationComponent(AuthenticationComponent authenticationComponent)
void	setDomain(String domain)
void	setPersonService(PersonService personService)
void	setProtectedUsersCache(org.alfresco.repo.cache.SimpleCache<String,org.alfresco.repo.security.authentication.ProtectedUser> protectedUsersCache)
void	setProtectionEnabled(boolean protectionEnabled)
void	setProtectionLimit(int protectionLimit)
void	setProtectionPeriodSeconds(int protectionPeriodSeconds)
void	setTicketComponent(org.alfresco.repo.security.authentication.TicketComponent ticketComponent)
void	validate(String ticket) Validate a ticket.

Methods inherited from class org.alfresco.repo.security.authentication.AbstractAuthenticationService

getAllowedUsers, getMaxUsers, preAuthenticationCheck, setSysAdminParams

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticationServiceImpl

public AuthenticationServiceImpl()

Method Detail

setProtectionPeriodSeconds

public void setProtectionPeriodSeconds(int protectionPeriodSeconds)

setProtectionEnabled

public void setProtectionEnabled(boolean protectionEnabled)

setProtectionLimit

public void setProtectionLimit(int protectionLimit)

setProtectedUsersCache

public void setProtectedUsersCache(org.alfresco.repo.cache.SimpleCache<String,org.alfresco.repo.security.authentication.ProtectedUser> protectedUsersCache)

setPersonService

public void setPersonService(PersonService personService)

setTicketComponent

public void setTicketComponent(org.alfresco.repo.security.authentication.TicketComponent ticketComponent)

setAuthenticationComponent

public void setAuthenticationComponent(AuthenticationComponent authenticationComponent)

isActive

public boolean isActive()

Description copied from interface: ActivateableBean

Determines whether this bean is active.

Specified by:

isActive in interface ActivateableBean

Returns:

true if this bean is active

authenticate

public void authenticate(String userName,
                         char[] password)
                  throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: AuthenticationService

Carry out an authentication attempt. If successful the user is set to the current user. The current user is a part of the thread context.

Specified by:

authenticate in interface AuthenticationService

Parameters:

userName - the username

password - the passowrd

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

isUserProtected

public boolean isUserProtected(String userName)

Returns:

true if user is 'protected' from brute force attack

recordFailedAuthentication

public void recordFailedAuthentication(String userName)

Method records a failed login attempt. If the number of recorded failures exceeds protectionLimit the user will be considered 'protected'.

getCurrentUserName

public String getCurrentUserName()
                          throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: AuthenticationService

Get the name of the currently authenticated user.

Specified by:

getCurrentUserName in interface AuthenticationService

Returns:

String

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

invalidateUserSession

public void invalidateUserSession(String userName)
                           throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: AuthenticationService

Invalidate any tickets held by the user.

Specified by:

invalidateUserSession in interface AuthenticationService

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

getUsersWithTickets

public Set<String> getUsersWithTickets(boolean nonExpiredOnly)

Specified by:

getUsersWithTickets in class AbstractAuthenticationService

invalidateTicket

public void invalidateTicket(String ticket)
                      throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: AuthenticationService

Invalidate a single ticket by ID

Specified by:

invalidateTicket in interface AuthenticationService

Parameters:

ticket - String

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

countTickets

public int countTickets(boolean nonExpiredOnly)

Specified by:

countTickets in class AbstractAuthenticationService

invalidateTickets

public int invalidateTickets(boolean expiredOnly)

Specified by:

invalidateTickets in class AbstractAuthenticationService

validate

public void validate(String ticket)
              throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: AuthenticationService

Validate a ticket. Set the current user name accordingly.

Specified by:

validate in interface AuthenticationService

Parameters:

ticket - String

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

getPrevalidationTenantDomain

protected String getPrevalidationTenantDomain()

This method is called from the validate(String) method. If this method returns null then the user's tenant will be obtained from the username. This is generally correct in the case where the user can be associated with just one tenant. Override this method in order to force the selection of a different tenant (for whatever reason).

Returns:

String

getCurrentTicket

public String getCurrentTicket()
                        throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: AuthenticationService

Get the current ticket as a string

Specified by:

getCurrentTicket in interface AuthenticationService

Returns:

String

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

getNewTicket

public String getNewTicket()

Description copied from interface: AuthenticationService

Get a new ticket as a string

Specified by:

getNewTicket in interface AuthenticationService

Returns:

String

clearCurrentSecurityContext

public void clearCurrentSecurityContext()

Description copied from interface: AuthenticationService

Remove the current security information

Specified by:

clearCurrentSecurityContext in interface AuthenticationService

isCurrentUserTheSystemUser

public boolean isCurrentUserTheSystemUser()

Description copied from interface: AuthenticationService

Is the current user the system user?

Specified by:

isCurrentUserTheSystemUser in interface AuthenticationService

authenticateAsGuest

public void authenticateAsGuest()
                         throws org.alfresco.repo.security.authentication.AuthenticationException

Description copied from interface: AuthenticationService

Authenticate as the guest user. This may not be allowed and throw an exception.

Specified by:

authenticateAsGuest in interface AuthenticationService

Throws:

org.alfresco.repo.security.authentication.AuthenticationException

guestUserAuthenticationAllowed

public boolean guestUserAuthenticationAllowed()

Description copied from interface: AuthenticationService

Check if Guest user authentication is allowed.

Specified by:

guestUserAuthenticationAllowed in interface AuthenticationService

Returns:

true if Guest user authentication is allowed, false otherwise

getAllowsUserCreation

public boolean getAllowsUserCreation()

setAllowsUserCreation

public void setAllowsUserCreation(boolean allowsUserCreation)

getAllowsUserDeletion

public boolean getAllowsUserDeletion()

setAllowsUserDeletion

public void setAllowsUserDeletion(boolean allowsUserDeletion)

getAllowsUserPasswordChange

public boolean getAllowsUserPasswordChange()

setAllowsUserPasswordChange

public void setAllowsUserPasswordChange(boolean allowsUserPasswordChange)

getDomain

public String getDomain()

setDomain

public void setDomain(String domain)

getDomains

public Set<String> getDomains()

Description copied from interface: AuthenticationService

Get the domain to which this instance of an authentication service applies.

Specified by:

getDomains in interface AuthenticationService

Returns:

The domain name

getDomainsThatAllowUserCreation

public Set<String> getDomainsThatAllowUserCreation()

Description copied from interface: AuthenticationService

Does this instance alow user to be created?

Specified by:

getDomainsThatAllowUserCreation in interface AuthenticationService

getDomainsThatAllowUserDeletion

public Set<String> getDomainsThatAllowUserDeletion()

Description copied from interface: AuthenticationService

Does this instance allow users to be deleted?

Specified by:

getDomainsThatAllowUserDeletion in interface AuthenticationService

getDomiansThatAllowUserPasswordChanges

public Set<String> getDomiansThatAllowUserPasswordChanges()

Description copied from interface: AuthenticationService

Does this instance allow users to update their passwords?

Specified by:

getDomiansThatAllowUserPasswordChanges in interface AuthenticationService

getTicketComponents

public Set<org.alfresco.repo.security.authentication.TicketComponent> getTicketComponents()

Specified by:

getTicketComponents in class AbstractAuthenticationService

getDefaultAdministratorUserNames

public Set<String> getDefaultAdministratorUserNames()

Gets a set of user names who should be considered 'administrators' by default.

Specified by:

getDefaultAdministratorUserNames in interface AuthenticationService

Returns:

a set of user names

getDefaultGuestUserNames

public Set<String> getDefaultGuestUserNames()

Gets a set of user names who should be considered 'guests' by default.

Specified by:

getDefaultGuestUserNames in interface AuthenticationService

Returns:

a set of user names

authenticationExists

public boolean authenticationExists(String userName)

Check if the given authentication exists.

Specified by:

authenticationExists in interface AuthenticationService

Parameters:

userName - the username

Returns:

Returns true if the authentication exists

getAuthenticationEnabled

public boolean getAuthenticationEnabled(String userName)
                                 throws org.alfresco.repo.security.authentication.AuthenticationException

Is an authentication enabled or disabled?

Specified by:

getAuthenticationEnabled in interface AuthenticationService

Throws:

org.alfresco.repo.security.authentication.AuthenticationException