org.mmbase.security
Class Authentication

java.lang.Object
  extended byorg.mmbase.security.Configurable
      extended byorg.mmbase.security.Authentication
All Implemented Interfaces:
AuthenticationData
Direct Known Subclasses:
ASelectAuthentication, Authenticate, Authenticate, AuthenticationHandler, ClassAuthenticationWrapper, ContextAuthentication, NoAuthentication

public abstract class Authentication
extends Configurable
implements AuthenticationData

This class is a abstract implementation of the Authentication. To make your own implementation of authentication, you have to extend this class.

Version:
$Id: Authentication.java,v 1.34 2006/01/17 21:25:28 michiel Exp $
Author:
Eduard Witteveen, Michiel Meeuwissen (javadocs)

Field Summary
protected static Parameter[] PARAMETERS_ANONYMOUS
           
protected static Parameter[] PARAMETERS_NAME_PASSWORD
           
protected static Parameter[] PARAMETERS_USERS
           
 
Fields inherited from class org.mmbase.security.Configurable
configFile, configResource, configWatcher, manager
 
Fields inherited from interface org.mmbase.security.AuthenticationData
METHOD_ANONYMOUS, METHOD_ASIS, METHOD_DEFAULT, METHOD_DELEGATE, METHOD_HTTP, METHOD_LOGINPAGE, METHOD_LOGOUT, METHOD_PAGELOGON, METHOD_SESSIONDELEGATE, METHOD_SESSIONLOGON, METHOD_UNSET, PARAMETER_AUTHENTICATE, PARAMETER_LOGOUT, PARAMETER_PASSWORD, PARAMETER_RANK, PARAMETER_SESSIONNAME, PARAMETER_USERNAME, PARAMETER_USERNAMES, STRINGS
 
Constructor Summary
Authentication()
           
 
Method Summary
 Parameters createParameters(String application)
          For a given authentication type returns a parameters object to fill with credentials.
 int getDefaultMethod(String protocol)
          The security implementation can override a default method. The default default method (as implemented in Authentication for the 'http' protocol is HTTP (which means that basic authentication of the http protocol can be used), but may not be feasible for every implementation (it is e.g. useless if the security implementation does not have name/password authentication).
 long getKey()
          Some unique key associated with this security configuration.
 int getMethod(String m)
          Several 'methods' to authenticate could be available.
 String[] getTypes()
          Gives all availabe authentication types. The first one can be used as the default.
 String[] getTypes(int method)
          For a given method, returns the available 'applications'. The first one can be used as the default.
abstract  UserContext login(String application, Map loginInfo, Object[] parameters)
          This method will verify the login, and give a UserContext back if the login procedure was successful.
 
Methods inherited from class org.mmbase.security.Configurable
load, load
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.mmbase.security.AuthenticationData
isValid
 

Field Detail

PARAMETERS_USERS

protected static final Parameter[] PARAMETERS_USERS

PARAMETERS_ANONYMOUS

protected static final Parameter[] PARAMETERS_ANONYMOUS

PARAMETERS_NAME_PASSWORD

protected static final Parameter[] PARAMETERS_NAME_PASSWORD
Constructor Detail

Authentication

public Authentication()
Method Detail

login

public abstract UserContext login(String application,
                                  Map loginInfo,
                                  Object[] parameters)
                           throws SecurityException
This method will verify the login, and give a UserContext back if the login procedure was successful.

Parameters:
application - A String that further specifies the login method (one implementation could handle more then one methods) A typical value might be 'username/password'.
loginInfo - A Map containing the credentials or other objects which might be used to obtain them (e.g. request/response objects). It might also be 'null', in which case your implementation normally should return the 'anonymous' user (or null, if no such user can be defined).
parameters - A list of optional parameters, may also (and will often) be null.
Returns:
nullThrows:
SecurityException - When something strang happened

getMethod

public int getMethod(String m)
Description copied from interface: AuthenticationData
Several 'methods' to authenticate could be available. This method converts a user-friendly string describing the 'method' to a integer constant which can be used in AuthenticationData.getTypes(int).

Specified by:
getMethod in interface AuthenticationData
Parameters:
m - A String like 'http', 'anonymous', 'loginpage', or 'delegatesession'.
Returns:
An integer contant.
Since:
MMBase-1.8

getDefaultMethod

public int getDefaultMethod(String protocol)
The security implementation can override a default method. The default default method (as implemented in Authentication for the 'http' protocol is HTTP (which means that basic authentication of the http protocol can be used), but may not be feasible for every implementation (it is e.g. useless if the security implementation does not have name/password authentication).

Specified by:
getDefaultMethod in interface AuthenticationData
Parameters:
protocol - For which protocol or null, which means 'HTTP/1.1'.
Since:
MMBase-1.8

getTypes

public String[] getTypes()
Gives all availabe authentication types. The first one can be used as the default.

Specified by:
getTypes in interface AuthenticationData
Since:
MMBase-1.8

getTypes

public String[] getTypes(int method)
For a given method, returns the available 'applications'. The first one can be used as the default.

Specified by:
getTypes in interface AuthenticationData
Since:
MMBase-1.8

createParameters

public Parameters createParameters(String application)
Description copied from interface: AuthenticationData
For a given authentication type returns a parameters object to fill with credentials. Parameters.toMap() can be used as the second argument for login(java.lang.String, java.util.Map, java.lang.Object[])

Specified by:
createParameters in interface AuthenticationData

getKey

public long getKey()
Some unique key associated with this security configuration. It can be explicitely set with the 'key' entry in security.xml. It falls back to the current time in millis at the time of initialization of authentication.

Since:
MMBase-1.8


MMBase build 1.8.1.20060716