Package org.silverpeas.core.jcr.security
Class SilverpeasJCRLoginModule
- java.lang.Object
-
- org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
-
- org.silverpeas.core.jcr.security.SilverpeasJCRLoginModule
-
- All Implemented Interfaces:
LoginModule
- Direct Known Subclasses:
SilverpeasSimpleJCRLoginModule
,SilverpeasTokenJCRLoginModule
public abstract class SilverpeasJCRLoginModule extends org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
Common classes for allLoginModule
s that takes in charge the authentication of a user accessing the Silverpeas JCR. This abstract class provides an implementation of theLoginModule.login()
,LoginModule.commit()
andLoginModule.logout()
methods and for doing it expects the concrete classes to implement two methods:authenticateUser(Credentials)
to authenticate a user accessing the repository by his credentials, andAbstractLoginModule.getSupportedCredentials()
to indicate the type of credentials theLoginModule
supports. Indeed, eachSilverpeasJCRLoginModule
class is defined for a given type of credentials which can require a specific way of authentication process. For instance, oneLoginModule
to authenticate a user by his tuple login/domain/password and another one to authenticate a user by his own API token. Once a user is authenticated, his profile (as aUser
instance) is then set within aSilverpeasUserPrincipal
object. Because the content of the JCR is, in Silverpeas, a sensitive data, anonymous authentication must be by default rejected. Only authentication of the system (or system user) can be accepted and as such it should be automatically represented by the virtual Silverpeas system user in theSilverpeasUserPrincipal
.
-
-
Constructor Summary
Constructors Constructor Description SilverpeasJCRLoginModule()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected abstract User
authenticateUser(javax.jcr.Credentials credentials)
Authenticates the user behind the specified credentials.protected void
clearState()
boolean
commit()
protected AccessContext
getAccessContext(javax.jcr.Credentials credentials)
Gets the peculiar context under which the user behind the specified credentials accesses the JCR.protected Set<Object>
getAllCredentials()
protected Set<Principal>
getAllPrincipals()
void
initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
boolean
isInitialized()
Is this module initialized?boolean
login()
boolean
logout()
-
Methods inherited from class org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
abort, closeSystemSession, getCredentials, getLoginModuleMonitor, getPrincipalProvider, getPrincipals, getPrincipals, getRoot, getSecurityProvider, getSharedCredentials, getSharedLoginName, getSharedPreAuthLogin, getSupportedCredentials, getUserManager, getWhiteboard, logout, onError, setAuthInfo
-
-
-
-
Method Detail
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
- Specified by:
initialize
in interfaceLoginModule
- Overrides:
initialize
in classorg.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
-
login
public boolean login() throws LoginException
- Throws:
LoginException
-
commit
public boolean commit()
-
logout
public boolean logout() throws LoginException
- Specified by:
logout
in interfaceLoginModule
- Overrides:
logout
in classorg.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
- Throws:
LoginException
-
isInitialized
public boolean isInitialized()
Is this module initialized?- Returns:
- true if the module was initialized before any use. False otherwise.
-
clearState
protected void clearState()
- Overrides:
clearState
in classorg.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
-
authenticateUser
protected abstract User authenticateUser(javax.jcr.Credentials credentials) throws LoginException
Authenticates the user behind the specified credentials.- Parameters:
credentials
- the credentials of a user in Silverpeas.- Returns:
- the user identified by the given credentials if and only if the authentication succeeds.
- Throws:
LoginException
- if the authentication of the user fails.
-
getAccessContext
@Nonnull protected AccessContext getAccessContext(javax.jcr.Credentials credentials)
Gets the peculiar context under which the user behind the specified credentials accesses the JCR. The context has to be fetched through some attributes in the specified credentials. By default, this method returnsAccessContext.EMPTY
meaning no peculiar access context.- Parameters:
credentials
- the credentials of the user in which some attributes have been set in order to define the current access context of the user.- Returns:
- the current access context of the user. By default, no peculiar context.
-
-