Class SilverpeasJCRLoginModule

  • All Implemented Interfaces:
    LoginModule
    Direct Known Subclasses:
    SilverpeasSimpleJCRLoginModule, SilverpeasTokenJCRLoginModule

    public abstract class SilverpeasJCRLoginModule
    extends org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
    Common classes for all LoginModules that takes in charge the authentication of a user accessing the Silverpeas JCR. This abstract class provides an implementation of the LoginModule.login(), LoginModule.commit() and LoginModule.logout() methods and for doing it expects the concrete classes to implement two methods: authenticateUser(Credentials) to authenticate a user accessing the repository by his credentials, and AbstractLoginModule.getSupportedCredentials() to indicate the type of credentials the LoginModule supports. Indeed, each SilverpeasJCRLoginModule class is defined for a given type of credentials which can require a specific way of authentication process. For instance, one LoginModule to authenticate a user by his tuple login/domain/password and another one to authenticate a user by his own API token. Once a user is authenticated, his profile (as a User instance) is then set within a SilverpeasUserPrincipal object. Because the content of the JCR is, in Silverpeas, a sensitive data, anonymous authentication must be by default rejected. Only authentication of the system (or system user) can be accepted and as such it should be automatically represented by the virtual Silverpeas system user in the SilverpeasUserPrincipal.
    • Constructor Detail

      • SilverpeasJCRLoginModule

        public SilverpeasJCRLoginModule()
    • Method Detail

      • initialize

        public void initialize​(Subject subject,
                               CallbackHandler callbackHandler,
                               Map<String,​?> sharedState,
                               Map<String,​?> options)
        Specified by:
        initialize in interface LoginModule
        Overrides:
        initialize in class org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
      • commit

        public boolean commit()
      • logout

        public boolean logout()
                       throws LoginException
        Specified by:
        logout in interface LoginModule
        Overrides:
        logout in class org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
        Throws:
        LoginException
      • isInitialized

        public boolean isInitialized()
        Is this module initialized?
        Returns:
        true if the module was initialized before any use. False otherwise.
      • clearState

        protected void clearState()
        Overrides:
        clearState in class org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
      • getAllCredentials

        protected Set<Object> getAllCredentials()
      • getAllPrincipals

        protected Set<Principal> getAllPrincipals()
      • authenticateUser

        protected abstract User authenticateUser​(javax.jcr.Credentials credentials)
                                          throws LoginException
        Authenticates the user behind the specified credentials.
        Parameters:
        credentials - the credentials of a user in Silverpeas.
        Returns:
        the user identified by the given credentials if and only if the authentication succeeds.
        Throws:
        LoginException - if the authentication of the user fails.
      • getAccessContext

        @Nonnull
        protected AccessContext getAccessContext​(javax.jcr.Credentials credentials)
        Gets the peculiar context under which the user behind the specified credentials accesses the JCR. The context has to be fetched through some attributes in the specified credentials. By default, this method returns AccessContext.EMPTY meaning no peculiar access context.
        Parameters:
        credentials - the credentials of the user in which some attributes have been set in order to define the current access context of the user.
        Returns:
        the current access context of the user. By default, no peculiar context.