Package org.silverpeas.core.security.authentication

Class AuthenticationService

  • All Implemented Interfaces:
    Authentication
    @Service
@Singleton
public class AuthenticationService
extends Object
implements Authentication
    A service for authenticating a user in Silverpeas. This service is the entry point for any authentication process as it wraps all the mechanism and the delegation to perform the actual authentication.

    This service wraps all the mechanism to perform the authentication process itself. It uses for doing an authentication server that is mapped with the user domain.

    • Constructor Detail

      • AuthenticationService

        protected AuthenticationService()
        Constructs a new AuthenticationService instance.

    • Method Detail

      • getAllAuthDomains

        @Nonnull
public List<AuthDomain> getAllAuthDomains()
        Gets all the available user domains. A domain in Silverpeas is a repository of users with its own authentication process.

        At each user domain is associated an authentication server that is responsible for the authentication of the domain's users.

        Specified by:
        getAllAuthDomains in interface Authentication
        Returns:
        an unmodifiable list of user domains.

      • authenticate

        public AuthenticationResponse authenticate​(AuthenticationCredential userCredential)
        Description copied from interface: Authentication
        Authenticates a user with the specified authentication credential.

        If the authentication succeeds, the security-related capabilities, mapped to the user's credential, are set from information sent back by the authentication server related to the domain to which the user belongs.

        Specified by:
        authenticate in interface Authentication
        Parameters:
        userCredential - the credential of the user to use to authenticate him.
        Returns:
        the response of the authentication with its status (success, failure or rejected). In the case of a successful authentication, the response carries the authentication token from which the user can be then identified later.

      • changePassword

        public void changePassword​(AuthenticationCredential credential,
                           String newPassword)
                    throws AuthenticationException
        Changes the password of the specified user credential with the specified new one. In order to change the password of a user, the user will be first authenticated. The specified credential won't be updated by the password change.
        Parameters:
        credential - the current authentication credential of the user.
        newPassword - User new password the new password to set.
        Throws:
        AuthenticationException - if an error occurs while changing the password of the specified credential.

      • changePasswordAndEmail

        public void changePasswordAndEmail​(AuthenticationCredential credential,
                                   String newPassword,
                                   String email)
                            throws AuthenticationException
        Changes the password and email of the specified user credential with the specified new ones. In order to change the password and email of a user, the user will be first authenticated. The specified credential won't be updated by the password change.
        Parameters:
        credential - the current authentication credential of the user.
        newPassword - User new password the new password to set.
        email - User email the email to set.
        Throws:
        AuthenticationException - if an error occurs while changing the password and email of the specified credential.

      • getAuthToken

        public String getAuthToken​(AuthenticationCredential credential)
        Description copied from interface: Authentication
        Gets an authentication token for a given user from its specified login and from the domain to which he belongs. This method doesn't perform any authentication, but it only set a new authentication token for the given user. This method can be used, for example, to allow a user who has forgotten its password to set a new one without having to be authenticated.

        To use with caution as this can be a security flaw to use this method to bypass any authentication process. It is only for administrative tasks or inner technical tasks requiring an authentication token for them to be completed.

        Specified by:
        getAuthToken in interface Authentication
        Parameters:
        credential - the credential of the user required to identify his account in Silverpeas. At least his login and his domain identifier has to be set.
        Returns:
        an authentication key.

      • resetPassword

        public void resetPassword​(AuthenticationCredential credential,
                          String newPassword)
                   throws AuthenticationException
        Resets the specified password of the user behind the specified authentication credential with the specified one. The reset operation can only be performed if the password change is allowed by the domain to which the user belongs. It doesn't require the user to be authenticated but, as consequence, requires to be run in a privileged mode (only an administrator or the system itself can do this operation). The privileged mode isn't checked by this method, hence it is the responsibility of the caller to ensure this. The specified credential won't be updated by the password reset.
        Parameters:
        credential - the authentication credential of the user for which the password has to be reset.
        newPassword - the password with which the credential password will be reset.
        Throws:
        AuthenticationException - if an error occurs while resetting the credential password.