org.mmbase.security
Class Authentication

java.lang.Object
  org.mmbase.security.Configurable
      org.mmbase.security.Authentication

All Implemented Interfaces:

AuthenticationData

Direct Known Subclasses:

ASelectAuthentication, Authenticate, Authenticate, AuthenticationHandler, ClassAuthenticationWrapper, ContextAuthentication, NoAuthentication

public abstract class Authentication

extends Configurable

implements AuthenticationData

This class is a abstract implementation of the Authentication. To make your own implementation of authentication, you have to extend this class.

Version:

$Id: Authentication.java,v 1.34 2006/01/17 21:25:28 michiel Exp $

Author:

Eduard Witteveen, Michiel Meeuwissen (javadocs)

Field Summary

protected static Parameter[]	PARAMETERS_ANONYMOUS
protected static Parameter[]	PARAMETERS_NAME_PASSWORD
protected static Parameter[]	PARAMETERS_USERS

Fields inherited from class org.mmbase.security.Configurable

configFile, configResource, configWatcher, manager

Fields inherited from interface org.mmbase.security.AuthenticationData

METHOD_ANONYMOUS, METHOD_ASIS, METHOD_DEFAULT, METHOD_DELEGATE, METHOD_HTTP, METHOD_LOGINPAGE, METHOD_LOGOUT, METHOD_PAGELOGON, METHOD_SESSIONDELEGATE, METHOD_SESSIONLOGON, METHOD_UNSET, PARAMETER_AUTHENTICATE, PARAMETER_LOGOUT, PARAMETER_PASSWORD, PARAMETER_RANK, PARAMETER_SESSIONNAME, PARAMETER_USERNAME, PARAMETER_USERNAMES, STRINGS

Constructor Summary

Authentication()

Method Summary

Parameters	createParameters(String application) For a given authentication type returns a parameters object to fill with credentials.
int	getDefaultMethod(String protocol) The security implementation can override a default method. The default default method (as implemented in Authentication for the 'http' protocol is HTTP (which means that basic authentication of the http protocol can be used), but may not be feasible for every implementation (it is e.g. useless if the security implementation does not have name/password authentication).
long	getKey() Some unique key associated with this security configuration.
int	getMethod(String m) Several 'methods' to authenticate could be available.
String[]	getTypes() Gives all availabe authentication types. The first one can be used as the default.
String[]	getTypes(int method) For a given method, returns the available 'applications'. The first one can be used as the default.
abstract UserContext	login(String application, Map loginInfo, Object[] parameters) This method will verify the login, and give a UserContext back if the login procedure was successful.

Methods inherited from class org.mmbase.security.Configurable

load, load

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.mmbase.security.AuthenticationData

isValid

Field Detail

PARAMETERS_USERS

protected static final Parameter[] PARAMETERS_USERS

PARAMETERS_ANONYMOUS

protected static final Parameter[] PARAMETERS_ANONYMOUS

PARAMETERS_NAME_PASSWORD

protected static final Parameter[] PARAMETERS_NAME_PASSWORD

Constructor Detail

Authentication

public Authentication()

Method Detail

login

public abstract UserContext login(String application,
                                  Map loginInfo,
                                  Object[] parameters)
                           throws SecurityException

This method will verify the login, and give a UserContext back if the login procedure was successful.

Parameters:

application - A String that further specifies the login method (one implementation could handle more then one methods) A typical value might be 'username/password'.

loginInfo - A Map containing the credentials or other objects which might be used to obtain them (e.g. request/response objects). It might also be 'null', in which case your implementation normally should return the 'anonymous' user (or null, if no such user can be defined).

parameters - A list of optional parameters, may also (and will often) be null.

Returns:

nullThrows:

SecurityException - When something strang happened

getMethod

public int getMethod(String m)

Description copied from interface: AuthenticationData

Several 'methods' to authenticate could be available. This method converts a user-friendly string describing the 'method' to a integer constant which can be used in AuthenticationData.getTypes(int).

Specified by:

getMethod in interface AuthenticationData

Parameters:

m - A String like 'http', 'anonymous', 'loginpage', or 'delegatesession'.

Returns:

An integer contant.

Since:

MMBase-1.8

getDefaultMethod

public int getDefaultMethod(String protocol)

The security implementation can override a default method. The default default method (as implemented in Authentication for the 'http' protocol is HTTP (which means that basic authentication of the http protocol can be used), but may not be feasible for every implementation (it is e.g. useless if the security implementation does not have name/password authentication).

Specified by:

getDefaultMethod in interface AuthenticationData

Parameters:

protocol - For which protocol or null, which means 'HTTP/1.1'.

Since:

MMBase-1.8

getTypes

public String[] getTypes()

Gives all availabe authentication types. The first one can be used as the default.

Specified by:

getTypes in interface AuthenticationData

Since:

MMBase-1.8

getTypes

public String[] getTypes(int method)

For a given method, returns the available 'applications'. The first one can be used as the default.

Specified by:

getTypes in interface AuthenticationData

Since:

MMBase-1.8

createParameters

public Parameters createParameters(String application)

Description copied from interface: AuthenticationData

For a given authentication type returns a parameters object to fill with credentials. Parameters.toMap() can be used as the second argument for login(java.lang.String, java.util.Map, java.lang.Object[])

Specified by:

createParameters in interface AuthenticationData

getKey

public long getKey()

Some unique key associated with this security configuration. It can be explicitely set with the 'key' entry in security.xml. It falls back to the current time in millis at the time of initialization of authentication.

Since:

MMBase-1.8