Interface Authentication

  • All Known Implementing Classes:
    AuthenticationService

    public interface Authentication
    Authentication of a user in Silverpeas. The process of authentication is itself delegated to backends that wrap transparently the communication with external user services. Those services managing the authentication can be simply a database, an LDAP server or an SSO service. At each backend corresponds a user Silverpeas domain and hence this is by the domain identifier the service to delegate the authentication is figured out by this authentication.
    Author:
    mmoquillon
    • Method Detail

      • get

        static Authentication get()
        Gets an Authentication object. Only one implementation should be provided.
        Returns:
        an instance of the implementation of this interface.
      • isThereMultipleDomainsDefined

        default boolean isThereMultipleDomainsDefined()
        Is there several authentication domains with their own authentication process defined currently in Silverpeas?
        Returns:
        true if there is more than one authentication domain currently defined in Silverpeas. False otherwise.
      • getAllAuthDomains

        @Nonnull
        List<AuthDomain> getAllAuthDomains()
        Gets all the domains in Silverpeas that are able to take in charge the authentication of its own users. Other domains (those for which no authentication protocol is defined) aren't returned.
        Returns:
        a list of all authentication domains that support currently the authentication of its own users.
      • authenticate

        AuthenticationResponse authenticate​(AuthenticationCredential userCredential)
        Authenticates a user with the specified authentication credential.

        If the authentication succeeds, the security-related capabilities, mapped to the user's credential, are set from information sent back by the authentication server related to the domain to which the user belongs.

        Parameters:
        userCredential - the credential of the user to use to authenticate him.
        Returns:
        the response of the authentication with its status (success, failure or rejected). In the case of a successful authentication, the response carries the authentication token from which the user can be then identified later.
      • getAuthToken

        String getAuthToken​(AuthenticationCredential credential)
        Gets an authentication token for a given user from its specified login and from the domain to which he belongs. This method doesn't perform any authentication, but it only set a new authentication token for the given user. This method can be used, for example, to allow a user who has forgotten its password to set a new one without having to be authenticated.

        To use with caution as this can be a security flaw to use this method to bypass any authentication process. It is only for administrative tasks or inner technical tasks requiring an authentication token for them to be completed.

        Parameters:
        credential - the credential of the user required to identify his account in Silverpeas. At least his login and his domain identifier has to be set.
        Returns:
        an authentication key.
      • getUserByAuthToken

        User getUserByAuthToken​(String authToken)
                         throws AuthenticationException
        Gets the user that was previously authenticated and that is identified by the specified authentication token. The token should be provided by either the authentication process (see authenticate(AuthenticationCredential)) or simply by a new authentication token generation (see getAuthToken(AuthenticationCredential))
        Parameters:
        authToken - an authentication token provided by the authentication system.
        Returns:
        the user in Silverpeas identified by the given token.
        Throws:
        AuthenticationException - if no such token exists or if there is an error while getting the corresponding user.