Package org.silverpeas.core.security.authentication

Class AuthenticationService

  • @Service
public class AuthenticationService
extends Object
    A service for authenticating a user in Silverpeas. This service is the entry point for any authentication process as it wraps all the mechanism and the delegation to perform the actual authentication. This service wraps all the mechanism to perform the authentication process itself. It uses for doing an authentication server that is mapped with the user domain.

    • Constructor Detail

      • AuthenticationService

        protected AuthenticationService()
        Constructs a new AuthenticationService instance.

    • Method Detail

      • getAllDomains

        public List<Domain> getAllDomains()
        Gets all the available user domains. A domain in Silverpeas is a repository of users with its its own authentication process. At each user domain is associated an authentication server that is responsible of the authentication of the domain's users.
        Returns:
        an unmodifiable list of user domains.

      • authenticate

        public String authenticate​(AuthenticationCredential userCredential)
        Authenticates a user with the specified authentication credential. If the authentication succeed, the security-related capabilities, mapped to the user's credential, are set from information sent back by the authentication server related to the domain to which the user belongs.
        Parameters:
        userCredential - the credential of the user to use to authenticate him.
        Returns:
        an authentication key or null if the authentication fails. The authentication key identifies uniquely the status of the user authentication and it is unique to the user so that he can be identified from it.

      • isInError

        public boolean isInError​(String authenticationKey)
        Is the specified authentication key represents an error status?
        Parameters:
        authenticationKey - the key returned by the authentication process.
        Returns:
        true if the key is in fact an authentication error status.

      • changePassword

        public void changePassword​(AuthenticationCredential credential,
                           String newPassword)
                    throws AuthenticationException
        Changes the password of the specified user credential with the specified new one. In order to change the password of a user, the user will be first authenticated. The specified credential won't be updated by the password change.
        Parameters:
        credential - the current authentication credential of the user.
        newPassword - User new password the new password to set.
        Throws:
        AuthenticationException - if an error occurs while changing the password of the specified credential.

      • changePasswordAndEmail

        public void changePasswordAndEmail​(AuthenticationCredential credential,
                                   String newPassword,
                                   String email)
                            throws AuthenticationException
        Changes the password and email of the specified user credential with the specified new ones. In order to change the password and email of a user, the user will be first authenticated. The specified credential won't be updated by the password change.
        Parameters:
        credential - the current authentication credential of the user.
        newPassword - User new password the new password to set.
        email - User email the email to set.
        Throws:
        AuthenticationException - if an error occurs while changing the password and email of the specified credential.

      • getAuthenticationKey

        public String getAuthenticationKey​(String login,
                                   String domainId)
                            throws AuthenticationException
        Gets an authentication key for a given user from its specified login and from the domain to which he belongs. This method doesn't perform any authentication but it only set a new authentication key for the given user. This method can be used, for example, to let a user who has forgotten its password of setting a new one.
        Parameters:
        login - the user login.
        domainId - the unique identifier of the domain of the user.
        Returns:
        an authentication key.
        Throws:
        AuthenticationException

      • resetPassword

        public void resetPassword​(AuthenticationCredential credential,
                          String newPassword)
                   throws AuthenticationException
        Resets the specified password of the user behind the specified authentication credential with the specified one. The reset operation can only be performed if the password change is allowed by the domain to which the user belongs. It doesn't require the user to be authenticated but, as consequence, requires to be run in a privileged mode (only an administrator or the system itself can do this operation). The privileged mode isn't checked by this method, hence it is the responsibility of the caller to ensure this. The specified credential won't be updated by the password reset.
        Parameters:
        credential - the authentication credential of the user for which the password has to be reset.
        newPassword - the password with which the credential password will be reset.
        Throws:
        AuthenticationException - if an error occurs while resetting the credential password.

      • isPasswordChangeAllowed

        public boolean isPasswordChangeAllowed​(String domainId)
        Is the change of a user password is allowed by specified user domain?
        Parameters:
        domainId - the unique identifier of the user domain.
        Returns:
        true if the password of the users in the specified domain can be changed, false otherwise.