org.mmbase.security.implementation.aselect
Class ASelectAuthentication

java.lang.Object
  extended by org.mmbase.security.Configurable
      extended by org.mmbase.security.Authentication
          extended by org.mmbase.security.implementation.cloudcontext.CloudContextAuthentication
              extended by org.mmbase.security.implementation.aselect.ASelectAuthentication
All Implemented Interfaces:
AuthenticationData

public class ASelectAuthentication
extends CloudContextAuthentication

ASelect Authentication implementation for MMBase based on the ASelect agent. See http://aselect.surfnet.

Since:
MMBase-1.7
Version:
$Id: ASelectAuthentication.java 42853 2010-07-11 11:14:18Z michiel $
Author:
Arnout Hannink (Alfa & Ariss), Michiel Meeuwissen (Publieke Omroep Internet Services)

Field Summary
protected  Parameter[] CREDENTIALS
           
protected  Parameter[] LOGOUT
           
static String NAMESPACE
           
static String XSD
           
static String XSD_LOC
           
 
Fields inherited from class org.mmbase.security.Authentication
attributes, PARAMETERS_ANONYMOUS, PARAMETERS_NAME_PASSWORD, PARAMETERS_USERS
 
Fields inherited from class org.mmbase.security.Configurable
configResource, configWatcher, manager
 
Fields inherited from interface org.mmbase.security.AuthenticationData
METHOD_ANONYMOUS, METHOD_ASIS, METHOD_DEFAULT, METHOD_DELEGATE, METHOD_HTTP, METHOD_LOGINPAGE, METHOD_LOGOUT, METHOD_PAGELOGON, METHOD_SESSIONDELEGATE, METHOD_SESSIONLOGON, METHOD_UNSET, PARAMETER_AUTHENTICATE, PARAMETER_LOGOUT, PARAMETER_PASSWORD, PARAMETER_RANK, PARAMETER_SESSIONNAME, PARAMETER_USERNAME, PARAMETER_USERNAMES, STORES_CONTEXT_IN_OWNER, STRINGS
 
Constructor Summary
ASelectAuthentication()
           
 
Method Summary
protected  Map authenticate(HttpServletRequest request, HttpServletResponse response, String application, String user)
           
protected  boolean authentication(HttpServletRequest request, HttpServletResponse response, String application, String requestedUser)
          Performs the work of authentication and session management.
protected  void configureByProperties(String agentConf)
          A-Select 1.3 backwards compatibility
static Map convertCGIMessage(String message)
          This method will convert a string of key=value&key=value etc.
 Parameters createParameters(String application)
          For a given authentication type returns a parameters object to fill with credentials.
protected  UserContext getAnonymousUser()
           
protected  String getAppUrl(HttpServletRequest request, HttpServletResponse response)
          Returns an URL for the the current request.
protected  String getASelectOrganization(HttpServletRequest request)
          Retrieves the A-Select Organization Id from the cookies.
protected  String getASelectSessionId(HttpServletRequest request)
          Retrieves the A-Select Session Id from the cookies.
protected  String getASelectUserId(HttpServletRequest request)
          Retrieves the A-Select User Id from the cookies.
 int getDefaultMethod(String protocol)
          The security implementation can override a default method.
protected  Rank getRank(String userName)
           
 String[] getTypes(int method)
          For a given method, returns the available 'applications'.
 boolean isValid(UserContext userContext)
          The method returns whether the UserContext has become invalid for some reason (change in security config?)
protected  void load()
          This method should be overridden by an extending class.
 UserContext login(String application, Map loginInfo, Object[] parameters)
          This method will verify the login, and give a UserContext back if the login procedure was successful.
protected  void logout(HttpServletRequest request, HttpServletResponse response, String application)
          Processes the logout of a user.
protected  void logoutASelectServer(HttpServletRequest request, HttpServletResponse response, String application)
           
static void main(String[] args)
           
 
Methods inherited from class org.mmbase.security.implementation.cloudcontext.CloudContextAuthentication
getInstance, getUserBuilder, getUserProvider
 
Methods inherited from class org.mmbase.security.Authentication
getAttribute, getKey, getMethod, getMethod, getNode, getTypes
 
Methods inherited from class org.mmbase.security.Configurable
load
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

XSD

public static final String XSD
See Also:
Constant Field Values

XSD_LOC

public static final String XSD_LOC
See Also:
Constant Field Values

NAMESPACE

public static final String NAMESPACE
See Also:
Constant Field Values

CREDENTIALS

protected final Parameter[] CREDENTIALS

LOGOUT

protected final Parameter[] LOGOUT
Constructor Detail

ASelectAuthentication

public ASelectAuthentication()
Method Detail

configureByProperties

protected void configureByProperties(String agentConf)
A-Select 1.3 backwards compatibility


load

protected void load()
Description copied from class: Configurable
This method should be overridden by an extending class. It should further initialize the class. It can optionally retrieve settings from the general security configuration file (available as the 'configResource' member). Security implementations with complicated configuration would typically retrieve a path to their own configuration file only.

Specified by:
load in class Configurable

getAnonymousUser

protected UserContext getAnonymousUser()

getRank

protected Rank getRank(String userName)

login

public UserContext login(String application,
                         Map loginInfo,
                         Object[] parameters)
                  throws SecurityException
Description copied from class: Authentication
This method will verify the login, and give a UserContext back if the login procedure was successful.

Specified by:
login in class Authentication
Parameters:
application - A String that further specifies the login method (one implementation could handle more then one methods) A typical value might be 'username/password'. Possible values are returned by Authentication.getTypes(). This is also called 'authentication', or '(authentication) type' in several contextes.
loginInfo - A Map containing the credentials or other objects which might be used to obtain them (e.g. request/response objects). It might also be 'null', in which case your implementation normally should return the 'anonymous' user (or null, if no such user can be defined). This Map can (or must) be supplied by Authentication.createParameters(java.lang.String) (using the setter-methods and the Parameters.toMap(java.util.Map) method of the resulting Parameters object).
parameters - A list of optional parameters, may also (and will often) be null.
Returns:
null if no valid credentials were supplied, a (perhaps new) UserContext if login succeeded.
Throws:
SecurityException - When something strange happened, or authentication was unsuccessful.

isValid

public boolean isValid(UserContext userContext)
                throws SecurityException
Description copied from interface: AuthenticationData
The method returns whether the UserContext has become invalid for some reason (change in security config?)

Parameters:
userContext - The UserContext of which we want to know the rights
Returns:
true when valid, otherwise false
Throws:
SecurityException - When something strange happened

getAppUrl

protected String getAppUrl(HttpServletRequest request,
                           HttpServletResponse response)
Returns an URL for the the current request.


authenticate

protected Map authenticate(HttpServletRequest request,
                           HttpServletResponse response,
                           String application,
                           String user)
                    throws org.aselect.system.exception.ASelectCommunicationException,
                           IOException
Throws:
org.aselect.system.exception.ASelectCommunicationException
IOException

authentication

protected boolean authentication(HttpServletRequest request,
                                 HttpServletResponse response,
                                 String application,
                                 String requestedUser)
Performs the work of authentication and session management. This function should be called for each request to the Servlet.
If the user has a valid session, true will be returned and de Servlet can process the request.
If not, this module has redirected the user to A-Select or has thrown an exception.
. In the situation a user is not yet authenticated the Servlet wil get severel requests with authentication parameters. That's why this function should be called before processing the request by the servlet.

Parameters:
request - the current HTTP request. Used to obtain the parameters for authentication.
response - the current HTTP response
Returns:
true if the user was authenticated, false otherwise.
If false is returned the Servlet should not write anything to the client because the client was already redirected!
Throws:
ASelectException - If the module could not perform the authenticate request

getASelectUserId

protected String getASelectUserId(HttpServletRequest request)
Retrieves the A-Select User Id from the cookies.

Parameters:
request - the current HTTP request. Used to obtain the cookie(s)
Returns:
The A-Select user id or null if not set

getASelectOrganization

protected String getASelectOrganization(HttpServletRequest request)
Retrieves the A-Select Organization Id from the cookies.

Parameters:
request - the current HTTP request. Used to obtain the cookie(s)
Returns:
The A-Select organization id or null if not set

getASelectSessionId

protected String getASelectSessionId(HttpServletRequest request)
Retrieves the A-Select Session Id from the cookies.

Parameters:
request - the current HTTP request. Used to obtain the cookie(s)
Returns:
The A-Select session id or null if not set

logoutASelectServer

protected void logoutASelectServer(HttpServletRequest request,
                                   HttpServletResponse response,
                                   String application)
                            throws SecurityException
Throws:
SecurityException

logout

protected void logout(HttpServletRequest request,
                      HttpServletResponse response,
                      String application)
               throws SecurityException
Processes the logout of a user.

Parameters:
request - the current HTTP request
response - the current HTTP response.
Throws:
SecurityException

convertCGIMessage

public static Map convertCGIMessage(String message)
This method will convert a string of key=value&key=value etc. tuples (aka a CGI request string) into a hashtable for much easier processing.
Note: The key names are all converted to lowercase.

To Do:
can we not simply use request.getParameter?

getDefaultMethod

public int getDefaultMethod(String protocol)
Description copied from class: Authentication
The security implementation can override a default method. The default default method (as implemented in Authentication for the 'http' protocol is HTTP (which means that basic authentication of the http protocol can be used), but may not be feasible for every implementation (it is e.g. useless if the security implementation does not have name/password authentication).

Specified by:
getDefaultMethod in interface AuthenticationData
Overrides:
getDefaultMethod in class Authentication
Parameters:
protocol - For which protocol or null, which means 'for HTTP/1.1'.

getTypes

public String[] getTypes(int method)
Description copied from class: Authentication

For a given method, returns the available 'applications'. The first one can be used as the default.

Typically for the method AuthenticationData.METHOD_ANONYMOUS at least 'anonymous' must be returned, and for AuthenticationData.METHOD_DELEGATE at least 'class'. Everything else is optional, because are not generic.

Specified by:
getTypes in interface AuthenticationData
Overrides:
getTypes in class Authentication

createParameters

public Parameters createParameters(String application)
Description copied from class: Authentication
For a given authentication type returns a parameters object to fill with credentials. Parameters.toMap(java.util.Map) can be used as the second argument for Authentication.login(java.lang.String, java.util.Map, java.lang.Object[]) Given a certain 'application' this will return a Parameters which tells you exactly which parameters you can and must supply to Authentication.login(String, java.util.Map, Object[]).

Specified by:
createParameters in interface AuthenticationData
Overrides:
createParameters in class Authentication

main

public static void main(String[] args)


MMBase 2.0-SNAPSHOT - null