Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.mmbase.security.implementation.aselect
Class ASelectAuthentication

java.lang.Object
  extended byorg.mmbase.security.Configurable
      extended byorg.mmbase.security.Authentication
          extended byorg.mmbase.security.implementation.aselect.ASelectAuthentication
All Implemented Interfaces:
AuthenticationData
public class ASelectAuthentication
extends Authentication

ASelect Authentication implementation for MMBase based on the ASelect agent. See http://aselect.surfnet.

Since:
MMBase-1.7
Version:
$Id: ASelectAuthentication.java,v 1.11 2006/01/17 22:44:58 michiel Exp $
Author:
Arnout Hannink (Alfa & Ariss), Michiel Meeuwissen (Publieke Omroep Internet Services)

Field Summary
protected  Parameter[] CREDENTIALS
           
protected  Parameter[] LOGOUT
           
 
Fields inherited from class org.mmbase.security.Authentication
PARAMETERS_ANONYMOUS, PARAMETERS_NAME_PASSWORD, PARAMETERS_USERS
 
Fields inherited from class org.mmbase.security.Configurable
configFile, configResource, configWatcher, manager
 
Fields inherited from interface org.mmbase.security.AuthenticationData
METHOD_ANONYMOUS, METHOD_ASIS, METHOD_DEFAULT, METHOD_DELEGATE, METHOD_HTTP, METHOD_LOGINPAGE, METHOD_LOGOUT, METHOD_PAGELOGON, METHOD_SESSIONDELEGATE, METHOD_SESSIONLOGON, METHOD_UNSET, PARAMETER_AUTHENTICATE, PARAMETER_LOGOUT, PARAMETER_PASSWORD, PARAMETER_RANK, PARAMETER_SESSIONNAME, PARAMETER_USERNAME, PARAMETER_USERNAMES, STRINGS
 
Constructor Summary
ASelectAuthentication()
           
 
Method Summary
protected  Map authenticate(HttpServletRequest request, HttpServletResponse response, String application, String user)
           
protected  boolean authentication(HttpServletRequest request, HttpServletResponse response, String application, String requestedUser)
          Performs the work of authentication and session management.
protected  void configureByProperties(String agentConf)
          A-Select 1.3 backwards compatibility
static Map convertCGIMessage(String message)
          This method will convert a string of key=value&key=value etc.
 Parameters createParameters(String application)
          For a given authentication type returns a parameters object to fill with credentials.
protected  UserContext getAnonymousUser()
           
protected  String getAppUrl(HttpServletRequest request, HttpServletResponse response)
          Returns an URL for the the current request.
protected  String getASelectOrganization(HttpServletRequest request)
          Retrieves the A-Select Organization Id from the cookies.
protected  String getASelectSessionId(HttpServletRequest request)
          Retrieves the A-Select Session Id from the cookies.
protected  String getASelectUserId(HttpServletRequest request)
          Retrieves the A-Select User Id from the cookies.
 int getDefaultMethod(String protocol)
          The security implementation can override a default method. The default default method (as implemented in Authentication for the 'http' protocol is HTTP (which means that basic authentication of the http protocol can be used), but may not be feasible for every implementation (it is e.g. useless if the security implementation does not have name/password authentication).
protected  Rank getRank(String userName)
           
 String[] getTypes(int method)
          For a given method, returns the available 'applications'. The first one can be used as the default.
 boolean isValid(UserContext userContext)
          The method returns wether the UserContext has become invalid for some reason (change in security config?)
protected  void load()
          This method should be overrided by an extending class.
 UserContext login(String application, Map loginInfo, Object[] parameters)
          This method will verify the login, and give a UserContext back if the login procedure was successful.
protected  void logout(HttpServletRequest request, HttpServletResponse response, String application)
          Processes the logout of a user.
protected  void logoutASelectServer(HttpServletRequest request, HttpServletResponse response, String application)
           
static void main(String[] args)
           
 
Methods inherited from class org.mmbase.security.Authentication
getKey, getMethod, getTypes
 
Methods inherited from class org.mmbase.security.Configurable
load
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CREDENTIALS

protected final Parameter[] CREDENTIALS

LOGOUT

protected final Parameter[] LOGOUT
Constructor Detail

ASelectAuthentication

public ASelectAuthentication()
Method Detail

configureByProperties

protected void configureByProperties(String agentConf)
A-Select 1.3 backwards compatibility

load

protected void load()
Description copied from class: Configurable
This method should be overrided by an extending class. It should further initialize the class. It can optionally retrieve settings from the general security configuration file (available as the 'configFile' member). Security implementations with complicated configuration would typically retrieve a path to their own configuration file only.

Specified by:
load in class Configurable

getAnonymousUser

protected UserContext getAnonymousUser()

getRank

protected Rank getRank(String userName)

login

public UserContext login(String application,
                         Map loginInfo,
                         Object[] parameters)
                  throws SecurityException
Description copied from class: Authentication
This method will verify the login, and give a UserContext back if the login procedure was successful.

Specified by:
login in class Authentication
Parameters:
application - A String that further specifies the login method (one implementation could handle more then one methods) A typical value might be 'username/password'.
loginInfo - A Map containing the credentials or other objects which might be used to obtain them (e.g. request/response objects). It might also be 'null', in which case your implementation normally should return the 'anonymous' user (or null, if no such user can be defined).
parameters - A list of optional parameters, may also (and will often) be null.
Returns:
nullThrows:
SecurityException - When something strang happened

isValid

public boolean isValid(UserContext userContext)
                throws SecurityException
Description copied from interface: AuthenticationData
The method returns wether the UserContext has become invalid for some reason (change in security config?)

Parameters:
userContext - The UserContext of which we want to know the rights
Returns:
true when valid, otherwise false
Throws:
SecurityException - When something strange happened

getAppUrl

protected String getAppUrl(HttpServletRequest request,
                           HttpServletResponse response)
Returns an URL for the the current request.

authenticate

protected Map authenticate(HttpServletRequest request,
                           HttpServletResponse response,
                           String application,
                           String user)
                    throws org.aselect.system.exception.ASelectCommunicationException,
                           IOException
Throws:
org.aselect.system.exception.ASelectCommunicationException
IOException

authentication

protected boolean authentication(HttpServletRequest request,
                                 HttpServletResponse response,
                                 String application,
                                 String requestedUser)
Performs the work of authentication and session management. This function should be called for each request to the Servlet.
If the user has a valid session, true will be returned and de Servlet can process the request.
If not, this module has redirected the user to A-Select or has thrown an exception.
. In the situation a user is not yet authenticated the Servlet wil get severel requests with authentication parameters. That's why this function should be called before processing the request by the servlet.

Parameters:
request - the current HTTP request. Used to obtain the parameters for authentication.
response - the current HTTP response
Returns:
true if the user was authenticated, false otherwise.
If false is returned the Servlet should not write anything to the client because the client was already redirected!
Throws:
ASelectException - If the module could not perform the authenticate request

getASelectUserId

protected String getASelectUserId(HttpServletRequest request)
Retrieves the A-Select User Id from the cookies.

Parameters:
request - the current HTTP request. Used to obtain the cookie(s)
Returns:
The A-Select user id or null if not set

getASelectOrganization

protected String getASelectOrganization(HttpServletRequest request)
Retrieves the A-Select Organization Id from the cookies.

Parameters:
request - the current HTTP request. Used to obtain the cookie(s)
Returns:
The A-Select organization id or null if not set

getASelectSessionId

protected String getASelectSessionId(HttpServletRequest request)
Retrieves the A-Select Session Id from the cookies.

Parameters:
request - the current HTTP request. Used to obtain the cookie(s)
Returns:
The A-Select session id or null if not set

logoutASelectServer

protected void logoutASelectServer(HttpServletRequest request,
                                   HttpServletResponse response,
                                   String application)
                            throws SecurityException
Throws:
SecurityException

logout

protected void logout(HttpServletRequest request,
                      HttpServletResponse response,
                      String application)
               throws SecurityException
Processes the logout of a user.

Parameters:
request - the current HTTP request
response - the current HTTP response.
Throws:
SecurityException

convertCGIMessage

public static Map convertCGIMessage(String message)
This method will convert a string of key=value&key=value etc. tuples (aka a CGI request string) into a hashtable for much easier processing.
Note: The key names are all converted to lowercase.

To Do:
can we not simply use request.getParameter?

getDefaultMethod

public int getDefaultMethod(String protocol)
Description copied from class: Authentication
The security implementation can override a default method. The default default method (as implemented in Authentication for the 'http' protocol is HTTP (which means that basic authentication of the http protocol can be used), but may not be feasible for every implementation (it is e.g. useless if the security implementation does not have name/password authentication).

Specified by:
getDefaultMethod in interface AuthenticationData
Overrides:
getDefaultMethod in class Authentication

getTypes

public String[] getTypes(int method)
Description copied from class: Authentication
For a given method, returns the available 'applications'. The first one can be used as the default.

Specified by:
getTypes in interface AuthenticationData
Overrides:
getTypes in class Authentication

createParameters

public Parameters createParameters(String application)
Description copied from interface: AuthenticationData
For a given authentication type returns a parameters object to fill with credentials. Parameters.toMap() can be used as the second argument for Authentication.login(java.lang.String, java.util.Map, java.lang.Object[])

Specified by:
createParameters in interface AuthenticationData
Overrides:
createParameters in class Authentication

main

public static void main(String[] args)
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
MMBase build 1.8.1.20060716