Class AuthenticationProtocol

  • Direct Known Subclasses:
    AuthenticationLDAP, AuthenticationSQL

    public abstract class AuthenticationProtocol
    extends Object
    A set of security-related operations about a user authentication.

    The authentication is performed by a server of a remote authentication service and an instance of this class manages for Silverpeas the negotiation with the service to perform the asked security-related operation.

    Each concrete implementation of this abstract class must implement the communication protocol with the server of the remote service; it is dedicated to a given authentication service.

    Author:
    tleroi, mmoquillon
    • Constructor Detail

      • AuthenticationProtocol

        public AuthenticationProtocol()
    • Method Detail

      • isEnabled

        public boolean isEnabled()
        Is this authentication enabled? When an authentication is enabled, it can be performed against an authentication service.
        Returns:
        true if it is enabled, false otherwise.
      • getServerName

        public String getServerName()
        Gets the name of the authentication server with which this authentication communicates.
        Returns:
        the name of the server behind the remote authentication service.
      • init

        public void init​(String authenticationServerName,
                         org.silverpeas.kernel.bundle.SettingBundle settings)
        Initializes this authentication with the specified settings to communicate with a server of an authentication service.
        Parameters:
        authenticationServerName - the name of a remote service behind a given authentication service.
        settings - the settings of the server communication.
      • authenticate

        public void authenticate​(AuthenticationCredential credential)
                          throws AuthenticationException
        Authenticates the user with its specified credential (containing a password in clear). If the user cannot be authenticated, an exception is thrown, whatever the reason. If the authentication could not be performed because the credentials are invalid (e.g. wrong password), the AuthenticationException code should be set to EXCEPTION_BAD_CREDENTIALS.
        Parameters:
        credential - the credential to use to authenticate the user.
        Throws:
        AuthenticationException - if an error occurs while authenticating the user.
      • changePassword

        public void changePassword​(AuthenticationCredential credential,
                                   String newPassword)
                            throws AuthenticationException
        Changes the password of the user, authenticated with the specified credential, with the specified new one. The user must be authenticated for doing a such operation. The specified credential won't be updated by the password change. If the user cannot be authenticated, an exception is thrown, whatever the reason. If the authentication could not be performed because the credentials are invalid (e.g. wrong password), the AuthenticationException code should be set to EXCEPTION_BAD_CREDENTIALS.
        Parameters:
        credential - the user credential used in an authentication with Silverpeas.
        newPassword - user new password
        Throws:
        AuthenticationException - if an error occurs while changing the user password.
      • resetPassword

        public void resetPassword​(String login,
                                  boolean loginIgnoreCase,
                                  String newPassword)
                           throws AuthenticationException
        Resets the password associated with the specified login of a user with the new specified one. Contrary to the password change, this operation doesn't require the user to be authenticated; it isn't a password modification but a reset of it generally under the control of the system. If the login of the user doesn't exist or if the reset cannot be done an exception is thrown.
        Parameters:
        login - the user login
        loginIgnoreCase - true to ignore case when comparing the login
        newPassword - the new password
        Throws:
        AuthenticationException - if an error occurs while resetting the user password.
      • loadProperties

        protected abstract void loadProperties​(org.silverpeas.kernel.bundle.SettingBundle settings)
        Loads the specified properties to set the communication information with the authentication service.
        Parameters:
        settings - the communication settings.
      • openConnection

        protected abstract <T> AuthenticationConnection<T> openConnection()
                                                                   throws AuthenticationException
        Opens a connection with a server of the remote authentication service. The policy of the connection management is left to the concrete Authentication implementation.
        Type Parameters:
        T - the type of the authentication server's connector.
        Returns:
        a connection with a remote authentication server.
        Throws:
        AuthenticationException - if no connection can be established with a server of the remote authentication service.
      • closeConnection

        protected abstract <T> void closeConnection​(AuthenticationConnection<T> connection)
                                             throws AuthenticationException
        Closes the connection that was previously opened with the server of the remote authentication service. The policy of the connection management is left to the concrete Authentication implementation.
        Type Parameters:
        T - the type of the authentication server's connector.
        Parameters:
        connection - the connection with a remote authentication server.
        Throws:
        AuthenticationException - if no connection was previously opened or if the connection cannot be closed for any reason.
      • doAuthentication

        protected abstract <T> void doAuthentication​(AuthenticationConnection<T> connection,
                                                     AuthenticationCredential credential)
                                              throws AuthenticationException
        Does the authentication by using the specified connection with the remote server and with with the specified user credential.
        Type Parameters:
        T - the type of the authentication server's connector.
        Parameters:
        connection - the connection with a remote authentication server.
        credential - the credential to use to authenticate the user.
        Throws:
        AuthenticationException - if an error occurs while authenticating the user.
      • doChangePassword

        protected <T> void doChangePassword​(AuthenticationConnection<T> connection,
                                            AuthenticationCredential credential,
                                            String newPassword)
                                     throws AuthenticationException
        Does the password change by using the specified connection with the remote server and with with the specified user credential and new password. By default, this operation is considered as not supported by the remote authentication service and throws then an UnsupportedOperationException exception. If the authentication service supports this operation, the concrete Authentication implementation has to implement this method.
        Type Parameters:
        T - the type of the authentication server's connector.
        Parameters:
        connection - the connection with a remote authentication server.
        credential - the credential to use to authenticate the user.
        newPassword - the new password that will replace the one in the user credential.
        Throws:
        AuthenticationException - if an error occurs while changing the user password.
      • doResetPassword

        protected <T> void doResetPassword​(AuthenticationConnection<T> connection,
                                           String login,
                                           boolean loginIgnoreCase,
                                           String newPassword)
                                    throws AuthenticationException
        Does the password reset by using the specified connection with the remote server the user login for which the password has to be reset and a new password. By default, this operation is considered as not supported by the remote authentication service and throws then an UnsupportedOperationException exception. If the authentication service supports this operation, the concrete Authentication implementation has to implement this method.
        Type Parameters:
        T - the type of the authentication server's connector.
        Parameters:
        connection - the connection with a remote authentication server.
        login - the login of the user for which the password has to be reset.
        loginIgnoreCase - true to ignore case when comparing the login.
        newPassword - the new password with which the user password will be reset.
        Throws:
        AuthenticationException - if an error occurs while resetting the user password.