Class AuthenticationProtocol
- java.lang.Object
-
- org.silverpeas.core.security.authentication.AuthenticationProtocol
-
- Direct Known Subclasses:
AuthenticationLDAP
,AuthenticationSQL
public abstract class AuthenticationProtocol extends Object
A set of security-related operations about a user authentication.The authentication is performed by a server of a remote authentication service and an instance of this class manages for Silverpeas the negotiation with the service to perform the asked security-related operation.
Each concrete implementation of this abstract class must implement the communication protocol with the server of the remote service; it is dedicated to a given authentication service.
- Author:
- tleroi, mmoquillon
-
-
Field Summary
Fields Modifier and Type Field Description protected boolean
enabled
static String
PASSWORD_CHANGE_ALLOWED
static String
PASSWORD_IS_ABOUT_TO_EXPIRE
-
Constructor Summary
Constructors Constructor Description AuthenticationProtocol()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description void
authenticate(AuthenticationCredential credential)
Authenticates the user with its specified credential (containing a password in clear).void
changePassword(AuthenticationCredential credential, String newPassword)
Changes the password of the user, authenticated with the specified credential, with the specified new one.protected abstract <T> void
closeConnection(AuthenticationConnection<T> connection)
Closes the connection that was previously opened with the server of the remote authentication service.protected abstract <T> void
doAuthentication(AuthenticationConnection<T> connection, AuthenticationCredential credential)
Does the authentication by using the specified connection with the remote server and with with the specified user credential.protected <T> void
doChangePassword(AuthenticationConnection<T> connection, AuthenticationCredential credential, String newPassword)
Does the password change by using the specified connection with the remote server and with with the specified user credential and new password.protected <T> void
doResetPassword(AuthenticationConnection<T> connection, String login, boolean loginIgnoreCase, String newPassword)
Does the password reset by using the specified connection with the remote server the user login for which the password has to be reset and a new password.String
getServerName()
Gets the name of the authentication server with which this authentication communicates.void
init(String authenticationServerName, org.silverpeas.kernel.bundle.SettingBundle settings)
Initializes this authentication with the specified settings to communicate with a server of an authentication service.boolean
isEnabled()
Is this authentication enabled?protected abstract void
loadProperties(org.silverpeas.kernel.bundle.SettingBundle settings)
Loads the specified properties to set the communication information with the authentication service.protected abstract <T> AuthenticationConnection<T>
openConnection()
Opens a connection with a server of the remote authentication service.void
resetPassword(String login, boolean loginIgnoreCase, String newPassword)
Resets the password associated with the specified login of a user with the new specified one.
-
-
-
Field Detail
-
enabled
protected boolean enabled
-
PASSWORD_IS_ABOUT_TO_EXPIRE
public static final String PASSWORD_IS_ABOUT_TO_EXPIRE
- See Also:
- Constant Field Values
-
PASSWORD_CHANGE_ALLOWED
public static final String PASSWORD_CHANGE_ALLOWED
- See Also:
- Constant Field Values
-
-
Method Detail
-
isEnabled
public boolean isEnabled()
Is this authentication enabled? When an authentication is enabled, it can be performed against an authentication service.- Returns:
- true if it is enabled, false otherwise.
-
getServerName
public String getServerName()
Gets the name of the authentication server with which this authentication communicates.- Returns:
- the name of the server behind the remote authentication service.
-
init
public void init(String authenticationServerName, org.silverpeas.kernel.bundle.SettingBundle settings)
Initializes this authentication with the specified settings to communicate with a server of an authentication service.- Parameters:
authenticationServerName
- the name of a remote service behind a given authentication service.settings
- the settings of the server communication.
-
authenticate
public void authenticate(AuthenticationCredential credential) throws AuthenticationException
Authenticates the user with its specified credential (containing a password in clear). If the user cannot be authenticated, an exception is thrown, whatever the reason. If the authentication could not be performed because the credentials are invalid (e.g. wrong password), the AuthenticationException code should be set to EXCEPTION_BAD_CREDENTIALS.- Parameters:
credential
- the credential to use to authenticate the user.- Throws:
AuthenticationException
- if an error occurs while authenticating the user.
-
changePassword
public void changePassword(AuthenticationCredential credential, String newPassword) throws AuthenticationException
Changes the password of the user, authenticated with the specified credential, with the specified new one. The user must be authenticated for doing a such operation. The specified credential won't be updated by the password change. If the user cannot be authenticated, an exception is thrown, whatever the reason. If the authentication could not be performed because the credentials are invalid (e.g. wrong password), the AuthenticationException code should be set to EXCEPTION_BAD_CREDENTIALS.- Parameters:
credential
- the user credential used in an authentication with Silverpeas.newPassword
- user new password- Throws:
AuthenticationException
- if an error occurs while changing the user password.
-
resetPassword
public void resetPassword(String login, boolean loginIgnoreCase, String newPassword) throws AuthenticationException
Resets the password associated with the specified login of a user with the new specified one. Contrary to the password change, this operation doesn't require the user to be authenticated; it isn't a password modification but a reset of it generally under the control of the system. If the login of the user doesn't exist or if the reset cannot be done an exception is thrown.- Parameters:
login
- the user loginloginIgnoreCase
- true to ignore case when comparing the loginnewPassword
- the new password- Throws:
AuthenticationException
- if an error occurs while resetting the user password.
-
loadProperties
protected abstract void loadProperties(org.silverpeas.kernel.bundle.SettingBundle settings)
Loads the specified properties to set the communication information with the authentication service.- Parameters:
settings
- the communication settings.
-
openConnection
protected abstract <T> AuthenticationConnection<T> openConnection() throws AuthenticationException
Opens a connection with a server of the remote authentication service. The policy of the connection management is left to the concrete Authentication implementation.- Type Parameters:
T
- the type of the authentication server's connector.- Returns:
- a connection with a remote authentication server.
- Throws:
AuthenticationException
- if no connection can be established with a server of the remote authentication service.
-
closeConnection
protected abstract <T> void closeConnection(AuthenticationConnection<T> connection) throws AuthenticationException
Closes the connection that was previously opened with the server of the remote authentication service. The policy of the connection management is left to the concrete Authentication implementation.- Type Parameters:
T
- the type of the authentication server's connector.- Parameters:
connection
- the connection with a remote authentication server.- Throws:
AuthenticationException
- if no connection was previously opened or if the connection cannot be closed for any reason.
-
doAuthentication
protected abstract <T> void doAuthentication(AuthenticationConnection<T> connection, AuthenticationCredential credential) throws AuthenticationException
Does the authentication by using the specified connection with the remote server and with with the specified user credential.- Type Parameters:
T
- the type of the authentication server's connector.- Parameters:
connection
- the connection with a remote authentication server.credential
- the credential to use to authenticate the user.- Throws:
AuthenticationException
- if an error occurs while authenticating the user.
-
doChangePassword
protected <T> void doChangePassword(AuthenticationConnection<T> connection, AuthenticationCredential credential, String newPassword) throws AuthenticationException
Does the password change by using the specified connection with the remote server and with with the specified user credential and new password. By default, this operation is considered as not supported by the remote authentication service and throws then an UnsupportedOperationException exception. If the authentication service supports this operation, the concrete Authentication implementation has to implement this method.- Type Parameters:
T
- the type of the authentication server's connector.- Parameters:
connection
- the connection with a remote authentication server.credential
- the credential to use to authenticate the user.newPassword
- the new password that will replace the one in the user credential.- Throws:
AuthenticationException
- if an error occurs while changing the user password.
-
doResetPassword
protected <T> void doResetPassword(AuthenticationConnection<T> connection, String login, boolean loginIgnoreCase, String newPassword) throws AuthenticationException
Does the password reset by using the specified connection with the remote server the user login for which the password has to be reset and a new password. By default, this operation is considered as not supported by the remote authentication service and throws then an UnsupportedOperationException exception. If the authentication service supports this operation, the concrete Authentication implementation has to implement this method.- Type Parameters:
T
- the type of the authentication server's connector.- Parameters:
connection
- the connection with a remote authentication server.login
- the login of the user for which the password has to be reset.loginIgnoreCase
- true to ignore case when comparing the login.newPassword
- the new password with which the user password will be reset.- Throws:
AuthenticationException
- if an error occurs while resetting the user password.
-
-