org.mmbase.security

Class Authentication

java.lang.Object

org.mmbase.security.Configurable

org.mmbase.security.Authentication

All Implemented Interfaces:

AuthenticationData

Direct Known Subclasses:

Authenticate, AuthenticationHandler, ClassAuthenticationWrapper, CloudContextAuthentication, ContextAuthentication, NoAuthentication

public abstract class Authentication
extends Configurable
implements AuthenticationData

This class is an abstract implementation of user authentication in MMBase. To make your own implementation of authentication, you have to extend this class.

Version:

$Id$

Author:

Eduard Witteveen, Michiel Meeuwissen (javadocs)

Field Summary

Fields

Modifier and Type	Field and Description
protected Map<String,Object>	attributes
(package private) long	key
protected static Parameter[]	PARAMETERS_ANONYMOUS
protected static Parameter[]	PARAMETERS_NAME_PASSWORD
protected static Parameter[]	PARAMETERS_USERS

Fields inherited from class org.mmbase.security.Configurable

configResource, configWatcher, manager

Fields inherited from interface org.mmbase.security.AuthenticationData

METHOD_ANONYMOUS, METHOD_ASIS, METHOD_DEFAULT, METHOD_DELEGATE, METHOD_HTTP, METHOD_LOGINPAGE, METHOD_LOGOUT, METHOD_PAGELOGON, METHOD_SESSIONDELEGATE, METHOD_SESSIONLOGON, METHOD_UNSET, PARAMETER_AUTHENTICATE, PARAMETER_LOGOUT, PARAMETER_PASSWORD, PARAMETER_RANK, PARAMETER_SESSIONNAME, PARAMETER_USERNAME, PARAMETER_USERNAMES, STORES_CONTEXT_IN_OWNER, STRINGS

Constructor Summary

Constructors

Constructor and Description
Authentication()

Method Summary

Modifier and Type	Method and Description
Parameters	createParameters(String application) For a given authentication type returns a parameters object to fill with credentials.
Object	getAttribute(String key) Allows the user to retrieve specific attributes on the underlying implementation.
int	getDefaultMethod(String protocol) The security implementation can override a default method.
long	getKey() Some unique key associated with this security configuration.
static String	getMethod(int m)
int	getMethod(String m) Several 'methods' to authenticate could be available.
int	getNode(UserContext userContext) This method returns an MMBase node that corresponds with the given UserContext
String[]	getTypes() Gives all available authentication types.
String[]	getTypes(int method) For a given method, returns the available 'applications'.
String	getUserBuilder() This method returns the builder name of the nodes that will be returned by the AuthenticationData.getNode(UserContext) call.
abstract UserContext	login(String application, Map<String,?> loginInfo, Object[] parameters) This method will verify the login, and give a UserContext back if the login procedure was successful.

Methods inherited from class org.mmbase.security.Configurable

load, load

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.mmbase.security.AuthenticationData

isValid

Field Detail

attributes

protected final Map<String,Object> attributes

PARAMETERS_USERS

protected static final Parameter[] PARAMETERS_USERS

PARAMETERS_ANONYMOUS

protected static final Parameter[] PARAMETERS_ANONYMOUS

PARAMETERS_NAME_PASSWORD

protected static final Parameter[] PARAMETERS_NAME_PASSWORD

key

long key

Constructor Detail

Authentication

public Authentication()

Method Detail

login

public abstract UserContext login(String application,
                                  Map<String,?> loginInfo,
                                  Object[] parameters)
                           throws SecurityException

This method will verify the login, and give a UserContext back if the login procedure was successful.

Parameters:

application - A String that further specifies the login method (one implementation could handle more then one methods) A typical value might be 'username/password'. Possible values are returned by getTypes(). This is also called 'authentication', or '(authentication) type' in several contextes.

loginInfo - A Map containing the credentials or other objects which might be used to obtain them (e.g. request/response objects). It might also be 'null', in which case your implementation normally should return the 'anonymous' user (or null, if no such user can be defined). This Map can (or must) be supplied by createParameters(java.lang.String) (using the setter-methods and the Parameters.toMap(java.util.Map<java.lang.String, java.lang.Object>) method of the resulting Parameters object).

parameters - A list of optional parameters, may also (and will often) be null.

Returns:

null if no valid credentials were supplied, a (perhaps new) UserContext if login succeeded.

Throws:

SecurityException - When something strange happened, or authentication was unsuccessful.

getNode

public int getNode(UserContext userContext)
            throws SecurityException,
                   UnsupportedOperationException

This method returns an MMBase node that corresponds with the given UserContext

Specified by:

getNode in interface AuthenticationData

Throws:

UnsupportedOperationException - If the current authentication implementation does not associate UserContext's with MMBase nodes at all.

SecurityException

Since:

MMBase-1.9

getUserBuilder

public String getUserBuilder()
                      throws UnsupportedOperationException

This method returns the builder name of the nodes that will be returned by the AuthenticationData.getNode(UserContext) call.

Specified by:

getUserBuilder in interface AuthenticationData

Throws:

UnsupportedOperationException - If the current authentication implementation does not associate user with MMBase nodes at all.

Since:

MMBase-1.9

getMethod

public final int getMethod(String m)

Several 'methods' to authenticate could be available. A method is a kind of protocol which must be used to authenticate some body.

Not all authentication methods may be applicable for all communication protocols (like http, https etc).

This method converts a user-friendly string describing the 'method' to a integer constant which can be used in AuthenticationData.getTypes(int).

Specified by:

getMethod in interface AuthenticationData

Parameters:

m - A String like 'http', 'anonymous', 'loginpage', or 'delegatesession'.

Returns:

An integer contant. AuthenticationData.METHOD_DELEGATE, AuthenticationData.METHOD_PAGELOGON, AuthenticationData.METHOD_HTTP, AuthenticationData.METHOD_ASIS, AuthenticationData.METHOD_LOGOUT, AuthenticationData.METHOD_LOGINPAGE AuthenticationData.METHOD_SESSIONDELEGATE, AuthenticationData.METHOD_SESSIONLOGON. This method was introduced before java 1.5 (where the return type would more obviously be a AuthenticionMethod enumeration).

Since:

MMBase-1.8

See Also:

AuthenticationData.getDefaultMethod(java.lang.String)

getMethod

public static final String getMethod(int m)

Since:

MMBase-1.9

getDefaultMethod

public int getDefaultMethod(String protocol)

The security implementation can override a default method. The default default method (as implemented in Authentication for the 'http' protocol is HTTP (which means that basic authentication of the http protocol can be used), but may not be feasible for every implementation (it is e.g. useless if the security implementation does not have name/password authentication).

Specified by:

getDefaultMethod in interface AuthenticationData

Parameters:

protocol - For which protocol or null, which means 'for HTTP/1.1'.

Since:

MMBase-1.8

getTypes

public String[] getTypes()

Gives all available authentication types. The first one can be used as the default. Typically, an implementation should at least support 'anonynmous' and 'class'.

Since most of the time we are using HTTP any way, types for the method AuthenticationData.METHOD_HTTP ('name/password' based) and method AuthenticationData.METHOD_LOGINPAGE (AuthenticationData.createParameters(java.lang.String) can request anything presentable in a HTML-form) are common too.

Specified by:

getTypes in interface AuthenticationData

Since:

MMBase-1.8

getTypes

public String[] getTypes(int method)

For a given method, returns the available 'applications'. The first one can be used as the default.

Typically for the method AuthenticationData.METHOD_ANONYMOUS at least 'anonymous' must be returned, and for AuthenticationData.METHOD_DELEGATE at least 'class'. Everything else is optional, because are not generic.

Specified by:

getTypes in interface AuthenticationData

Since:

MMBase-1.8

createParameters

public Parameters createParameters(String application)

For a given authentication type returns a parameters object to fill with credentials. Parameters.toMap(java.util.Map<java.lang.String, java.lang.Object>) can be used as the second argument for login(java.lang.String, java.util.Map<java.lang.String, ?>, java.lang.Object[]) Given a certain 'application' this will return a Parameters which tells you exactly which parameters you can and must supply to login(String, java.util.Map, Object[]).

Specified by:

createParameters in interface AuthenticationData

Since:

MMBase-1.8

getKey

public long getKey()

Some unique key associated with this security configuration. It can be explicitly set with the 'key' entry in security.xml. It falls back to the current time in milliseconds at the time of initialization of authentication.

The advantage of explicitly configuring it, is that serialized user-contextes remain valid after a restart of MMBase, and users need not to log in again then.

Since:

MMBase-1.8

getAttribute

public Object getAttribute(String key)

Description copied from interface: AuthenticationData

Allows the user to retrieve specific attributes on the underlying implementation.

Specified by:

getAttribute in interface AuthenticationData