org.mmbase.security.implementation.basic
Class AuthenticationHandler

java.lang.Object
  extended byorg.mmbase.security.Configurable
      extended byorg.mmbase.security.Authentication
          extended byorg.mmbase.security.implementation.basic.AuthenticationHandler
All Implemented Interfaces:
AuthenticationData

public class AuthenticationHandler
extends Authentication

Authentication based on a config files. There is an XML file (`authentication.xml') which defines several modules (conected to the 'module/method' String). There are now three moduiles in this implementation. 'anonymous' for the anonyunous user. 'name/password' for 'basic users'. The username/passwords of the basic users are defined in an account.properties file. The last module is 'admin' which authenticates only on password.

Version:
$Id: AuthenticationHandler.java,v 1.10 2005/07/09 15:29:12 nklasens Exp $
Author:
Eduard Witteveen
To Do:
MM: I think it should be possible for admin to login with name/password to, how else could you use HTTP authentication (e.g. admin pages).

Field Summary
static String DTD_BASICSECURITY_1_0
           
static String PUBLIC_ID_BASICSECURITY_1_0
           
 
Fields inherited from class org.mmbase.security.Authentication
PARAMETERS_ANONYMOUS, PARAMETERS_NAME_PASSWORD, PARAMETERS_USERS
 
Fields inherited from class org.mmbase.security.Configurable
configFile, configResource, configWatcher, manager
 
Fields inherited from interface org.mmbase.security.AuthenticationData
METHOD_ANONYMOUS, METHOD_ASIS, METHOD_DEFAULT, METHOD_DELEGATE, METHOD_HTTP, METHOD_LOGINPAGE, METHOD_LOGOUT, METHOD_PAGELOGON, METHOD_SESSIONDELEGATE, METHOD_SESSIONLOGON, METHOD_UNSET, PARAMETER_AUTHENTICATE, PARAMETER_LOGOUT, PARAMETER_PASSWORD, PARAMETER_RANK, PARAMETER_SESSIONNAME, PARAMETER_USERNAME, PARAMETER_USERNAMES, STRINGS
 
Constructor Summary
AuthenticationHandler()
           
 
Method Summary
 boolean isValid(UserContext usercontext)
          this method does nothing..
protected  void load()
          This method should be overrided by an extending class.
 UserContext login(String moduleName, Map loginInfo, Object[] parameters)
          This method will verify the login, and give a UserContext back if the login procedure was successful.
 
Methods inherited from class org.mmbase.security.Authentication
createParameters, getDefaultMethod, getKey, getMethod, getTypes, getTypes
 
Methods inherited from class org.mmbase.security.Configurable
load
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PUBLIC_ID_BASICSECURITY_1_0

public static final String PUBLIC_ID_BASICSECURITY_1_0
See Also:
Constant Field Values

DTD_BASICSECURITY_1_0

public static final String DTD_BASICSECURITY_1_0
See Also:
Constant Field Values
Constructor Detail

AuthenticationHandler

public AuthenticationHandler()
Method Detail

load

protected void load()
Description copied from class: Configurable
This method should be overrided by an extending class. It should further initialize the class. It can optionally retrieve settings from the general security configuration file (available as the 'configFile' member). Security implementations with complicated configuration would typically retrieve a path to their own configuration file only.

Specified by:
load in class Configurable

login

public UserContext login(String moduleName,
                         Map loginInfo,
                         Object[] parameters)
                  throws SecurityException
Description copied from class: Authentication
This method will verify the login, and give a UserContext back if the login procedure was successful.

Specified by:
login in class Authentication
Parameters:
moduleName - A String that further specifies the login method (one implementation could handle more then one methods) A typical value might be 'username/password'.
loginInfo - A Map containing the credentials or other objects which might be used to obtain them (e.g. request/response objects). It might also be 'null', in which case your implementation normally should return the 'anonymous' user (or null, if no such user can be defined).
parameters - A list of optional parameters, may also (and will often) be null.
Returns:
nullThrows:
SecurityException - When something strang happened

isValid

public boolean isValid(UserContext usercontext)
                throws SecurityException
this method does nothing..

Parameters:
usercontext - The UserContext of which we want to know the rights
Returns:
true when valid, otherwise false
Throws:
SecurityException - When something strange happened


MMBase build 1.8.1.20060716