org.mmbase.security.implementation.context
Class ContextAuthentication

java.lang.Object
  extended by org.mmbase.security.Configurable
      extended by org.mmbase.security.Authentication
          extended by org.mmbase.security.implementation.context.ContextAuthentication
All Implemented Interfaces:
AuthenticationData

public class ContextAuthentication
extends Authentication

Authentication based on a XML-configuration file. The XML file contains besides users, groups and contexts (used for ContextAuthorization).

Version:
$Id: ContextAuthentication.java 37072 2009-07-21 17:20:43Z michiel $
Author:
Eduard Witteveen
See Also:
ContextAuthorization

Field Summary
static String DTD_SECURITY_CONTEXT_CONFIG_1_0
          DTD resource filename of the Builder DTD version 1.0
static String DTD_SECURITY_CONTEXT_CONFIG_1_1
           
static String DTD_SECURITY_CONTEXT_CONFIG_1_2
           
static String PUBLIC_ID_SECURITY_CONTEXT_CONFIG_1_0
          Public ID of the Builder DTD version 1.0
static String PUBLIC_ID_SECURITY_CONTEXT_CONFIG_1_1
           
static String PUBLIC_ID_SECURITY_CONTEXT_CONFIG_1_2
           
 
Fields inherited from class org.mmbase.security.Authentication
attributes, PARAMETERS_ANONYMOUS, PARAMETERS_NAME_PASSWORD, PARAMETERS_USERS
 
Fields inherited from class org.mmbase.security.Configurable
configResource, configWatcher, manager
 
Fields inherited from interface org.mmbase.security.AuthenticationData
METHOD_ANONYMOUS, METHOD_ASIS, METHOD_DEFAULT, METHOD_DELEGATE, METHOD_HTTP, METHOD_LOGINPAGE, METHOD_LOGOUT, METHOD_PAGELOGON, METHOD_SESSIONDELEGATE, METHOD_SESSIONLOGON, METHOD_UNSET, PARAMETER_AUTHENTICATE, PARAMETER_LOGOUT, PARAMETER_PASSWORD, PARAMETER_RANK, PARAMETER_SESSIONNAME, PARAMETER_USERNAME, PARAMETER_USERNAMES, STORES_CONTEXT_IN_OWNER, STRINGS
 
Constructor Summary
ContextAuthentication()
           
 
Method Summary
 String[] getTypes()
          Gives all available authentication types.
 boolean isValid(UserContext userContext)
          this method does nothing..
protected  void load()
          This method should be overridden by an extending class.
 UserContext login(String moduleName, Map<String,?> loginInfo, Object[] parameters)
          This method will verify the login, and give a UserContext back if the login procedure was successful.
 
Methods inherited from class org.mmbase.security.Authentication
createParameters, getAttribute, getDefaultMethod, getKey, getMethod, getMethod, getNode, getTypes, getUserBuilder
 
Methods inherited from class org.mmbase.security.Configurable
load
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PUBLIC_ID_SECURITY_CONTEXT_CONFIG_1_0

public static final String PUBLIC_ID_SECURITY_CONTEXT_CONFIG_1_0
Public ID of the Builder DTD version 1.0

See Also:
Constant Field Values

PUBLIC_ID_SECURITY_CONTEXT_CONFIG_1_1

public static final String PUBLIC_ID_SECURITY_CONTEXT_CONFIG_1_1
See Also:
Constant Field Values

PUBLIC_ID_SECURITY_CONTEXT_CONFIG_1_2

public static final String PUBLIC_ID_SECURITY_CONTEXT_CONFIG_1_2
See Also:
Constant Field Values

DTD_SECURITY_CONTEXT_CONFIG_1_0

public static final String DTD_SECURITY_CONTEXT_CONFIG_1_0
DTD resource filename of the Builder DTD version 1.0

See Also:
Constant Field Values

DTD_SECURITY_CONTEXT_CONFIG_1_1

public static final String DTD_SECURITY_CONTEXT_CONFIG_1_1
See Also:
Constant Field Values

DTD_SECURITY_CONTEXT_CONFIG_1_2

public static final String DTD_SECURITY_CONTEXT_CONFIG_1_2
See Also:
Constant Field Values
Constructor Detail

ContextAuthentication

public ContextAuthentication()
Method Detail

load

protected void load()
Description copied from class: Configurable
This method should be overridden by an extending class. It should further initialize the class. It can optionally retrieve settings from the general security configuration file (available as the 'configResource' member). Security implementations with complicated configuration would typically retrieve a path to their own configuration file only.

Specified by:
load in class Configurable

login

public UserContext login(String moduleName,
                         Map<String,?> loginInfo,
                         Object[] parameters)
                  throws SecurityException
Description copied from class: Authentication
This method will verify the login, and give a UserContext back if the login procedure was successful.

Specified by:
login in class Authentication
Parameters:
moduleName - A String that further specifies the login method (one implementation could handle more then one methods) A typical value might be 'username/password'. Possible values are returned by Authentication.getTypes(). This is also called 'authentication', or '(authentication) type' in several contextes.
loginInfo - A Map containing the credentials or other objects which might be used to obtain them (e.g. request/response objects). It might also be 'null', in which case your implementation normally should return the 'anonymous' user (or null, if no such user can be defined). This Map can (or must) be supplied by Authentication.createParameters(java.lang.String) (using the setter-methods and the Parameters.toMap(java.util.Map) method of the resulting Parameters object).
parameters - A list of optional parameters, may also (and will often) be null.
Returns:
null if no valid credentials were supplied, a (perhaps new) UserContext if login succeeded.
Throws:
SecurityException - When something strange happened, or authentication was unsuccessful.

isValid

public boolean isValid(UserContext userContext)
                throws SecurityException
this method does nothing..

Parameters:
userContext - The UserContext of which we want to know the rights
Returns:
true when valid, otherwise false
Throws:
SecurityException - When something strange happened

getTypes

public String[] getTypes()
Description copied from class: Authentication

Gives all available authentication types. The first one can be used as the default. Typically, an implementation should at least support 'anonynmous' and 'class'.

Since most of the time we are using HTTP any way, types for the method AuthenticationData.METHOD_HTTP ('name/password' based) and method AuthenticationData.METHOD_LOGINPAGE (AuthenticationData.createParameters(java.lang.String) can request anything presentable in a HTML-form) are common too.

Specified by:
getTypes in interface AuthenticationData
Overrides:
getTypes in class Authentication


MMBase 2.0-SNAPSHOT - null