Class AuthenticationService
- java.lang.Object
-
- org.silverpeas.core.security.authentication.AuthenticationService
-
@Service public class AuthenticationService extends Object
A service for authenticating a user in Silverpeas. This service is the entry point for any authentication process as it wraps all the mechanism and the delegation to perform the actual authentication. This service wraps all the mechanism to perform the authentication process itself. It uses for doing an authentication server that is mapped with the user domain.
-
-
Field Summary
Fields Modifier and Type Field Description static String
ERROR_AUTHENTICATION_FAILURE
static String
ERROR_INCORRECT_LOGIN_PWD
static String
ERROR_INCORRECT_LOGIN_PWD_DOMAIN
static String
ERROR_PASSWORD_NOT_AVAILABLE
static String
ERROR_PWD_EXPIRED
static String
ERROR_PWD_MUST_BE_CHANGED
-
Constructor Summary
Constructors Modifier Constructor Description protected
AuthenticationService()
Constructs a new AuthenticationService instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
authenticate(AuthenticationCredential userCredential)
Authenticates a user with the specified authentication credential.void
changePassword(AuthenticationCredential credential, String newPassword)
Changes the password of the specified user credential with the specified new one.void
changePasswordAndEmail(AuthenticationCredential credential, String newPassword, String email)
Changes the password and email of the specified user credential with the specified new ones.List<Domain>
getAllDomains()
Gets all the available user domains.String
getAuthenticationKey(String login, String domainId)
Gets an authentication key for a given user from its specified login and from the domain to which he belongs.boolean
isInError(String authenticationKey)
Is the specified authentication key represents an error status?boolean
isPasswordChangeAllowed(String domainId)
Is the change of a user password is allowed by specified user domain?void
resetPassword(AuthenticationCredential credential, String newPassword)
Resets the specified password of the user behind the specified authentication credential with the specified one.
-
-
-
Field Detail
-
ERROR_PWD_EXPIRED
public static final String ERROR_PWD_EXPIRED
- See Also:
- Constant Field Values
-
ERROR_PWD_MUST_BE_CHANGED
public static final String ERROR_PWD_MUST_BE_CHANGED
- See Also:
- Constant Field Values
-
ERROR_INCORRECT_LOGIN_PWD
public static final String ERROR_INCORRECT_LOGIN_PWD
- See Also:
- Constant Field Values
-
ERROR_AUTHENTICATION_FAILURE
public static final String ERROR_AUTHENTICATION_FAILURE
- See Also:
- Constant Field Values
-
ERROR_PASSWORD_NOT_AVAILABLE
public static final String ERROR_PASSWORD_NOT_AVAILABLE
- See Also:
- Constant Field Values
-
ERROR_INCORRECT_LOGIN_PWD_DOMAIN
public static final String ERROR_INCORRECT_LOGIN_PWD_DOMAIN
- See Also:
- Constant Field Values
-
-
Method Detail
-
getAllDomains
public List<Domain> getAllDomains()
Gets all the available user domains. A domain in Silverpeas is a repository of users with its its own authentication process. At each user domain is associated an authentication server that is responsible of the authentication of the domain's users.- Returns:
- an unmodifiable list of user domains.
-
authenticate
public String authenticate(AuthenticationCredential userCredential)
Authenticates a user with the specified authentication credential. If the authentication succeed, the security-related capabilities, mapped to the user's credential, are set from information sent back by the authentication server related to the domain to which the user belongs.- Parameters:
userCredential
- the credential of the user to use to authenticate him.- Returns:
- an authentication key or null if the authentication fails. The authentication key identifies uniquely the status of the user authentication and it is unique to the user so that he can be identified from it.
-
isInError
public boolean isInError(String authenticationKey)
Is the specified authentication key represents an error status?- Parameters:
authenticationKey
- the key returned by the authentication process.- Returns:
- true if the key is in fact an authentication error status.
-
changePassword
public void changePassword(AuthenticationCredential credential, String newPassword) throws AuthenticationException
Changes the password of the specified user credential with the specified new one. In order to change the password of a user, the user will be first authenticated. The specified credential won't be updated by the password change.- Parameters:
credential
- the current authentication credential of the user.newPassword
- User new password the new password to set.- Throws:
AuthenticationException
- if an error occurs while changing the password of the specified credential.
-
changePasswordAndEmail
public void changePasswordAndEmail(AuthenticationCredential credential, String newPassword, String email) throws AuthenticationException
Changes the password and email of the specified user credential with the specified new ones. In order to change the password and email of a user, the user will be first authenticated. The specified credential won't be updated by the password change.- Parameters:
credential
- the current authentication credential of the user.newPassword
- User new password the new password to set.email
- User email the email to set.- Throws:
AuthenticationException
- if an error occurs while changing the password and email of the specified credential.
-
getAuthenticationKey
public String getAuthenticationKey(String login, String domainId) throws AuthenticationException
Gets an authentication key for a given user from its specified login and from the domain to which he belongs. This method doesn't perform any authentication but it only set a new authentication key for the given user. This method can be used, for example, to let a user who has forgotten its password of setting a new one.- Parameters:
login
- the user login.domainId
- the unique identifier of the domain of the user.- Returns:
- an authentication key.
- Throws:
AuthenticationException
-
resetPassword
public void resetPassword(AuthenticationCredential credential, String newPassword) throws AuthenticationException
Resets the specified password of the user behind the specified authentication credential with the specified one. The reset operation can only be performed if the password change is allowed by the domain to which the user belongs. It doesn't require the user to be authenticated but, as consequence, requires to be run in a privileged mode (only an administrator or the system itself can do this operation). The privileged mode isn't checked by this method, hence it is the responsibility of the caller to ensure this. The specified credential won't be updated by the password reset.- Parameters:
credential
- the authentication credential of the user for which the password has to be reset.newPassword
- the password with which the credential password will be reset.- Throws:
AuthenticationException
- if an error occurs while resetting the credential password.
-
isPasswordChangeAllowed
public boolean isPasswordChangeAllowed(String domainId)
Is the change of a user password is allowed by specified user domain?- Parameters:
domainId
- the unique identifier of the user domain.- Returns:
- true if the password of the users in the specified domain can be changed, false otherwise.
-
-