org.mmbase.security.classsecurity

Class ClassAuthenticationWrapper

java.lang.Object

org.mmbase.security.Configurable

org.mmbase.security.Authentication

org.mmbase.security.classsecurity.ClassAuthenticationWrapper

All Implemented Interfaces:

AuthenticationData

public class ClassAuthenticationWrapper
extends Authentication

ClassAuthenticationWrapper wraps another Authentication implemention, and adds an extra configuration file. In this configuration file the wrapped Authentication can be specified (and its configuration file if it needs one). Besides that, also authentication credentials can be linked to classes in this XML configuration file.

Since:

MMBase-1.8

Version:

$Id$

Author:

Michiel Meeuwissen

Field Summary

Fields inherited from class org.mmbase.security.Authentication

attributes, PARAMETERS_ANONYMOUS, PARAMETERS_NAME_PASSWORD, PARAMETERS_USERS

Fields inherited from class org.mmbase.security.Configurable

configResource, configWatcher, manager

Fields inherited from interface org.mmbase.security.AuthenticationData

METHOD_ANONYMOUS, METHOD_ASIS, METHOD_DEFAULT, METHOD_DELEGATE, METHOD_HTTP, METHOD_LOGINPAGE, METHOD_LOGOUT, METHOD_PAGELOGON, METHOD_SESSIONDELEGATE, METHOD_SESSIONLOGON, METHOD_UNSET, PARAMETER_AUTHENTICATE, PARAMETER_LOGOUT, PARAMETER_PASSWORD, PARAMETER_RANK, PARAMETER_SESSIONNAME, PARAMETER_USERNAME, PARAMETER_USERNAMES, STORES_CONTEXT_IN_OWNER, STRINGS

Constructor Summary

Constructors

Constructor and Description
ClassAuthenticationWrapper()

Method Summary

Modifier and Type	Method and Description
boolean	isValid(UserContext userContext) The method returns whether the UserContext has become invalid for some reason (change in security config?)
protected void	load() This method should be overridden by an extending class.
protected UserContext	login(Map loginInfo, Object[] parameters) logs-in using the first match on the class from the configuration file.
UserContext	login(String application, Map loginInfo, Object[] parameters) This method will verify the login, and give a UserContext back if the login procedure was successful.

Methods inherited from class org.mmbase.security.Authentication

createParameters, getAttribute, getDefaultMethod, getKey, getMethod, getMethod, getNode, getTypes, getTypes, getUserBuilder

Methods inherited from class org.mmbase.security.Configurable

load

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ClassAuthenticationWrapper

public ClassAuthenticationWrapper()

Method Detail

load

protected void load()
             throws SecurityException

This method should be overridden by an extending class. It should further initialize the class. It can optionally retrieve settings from the general security configuration file (available as the 'configResource' member). Security implementations with complicated configuration would typically retrieve a path to their own configuration file only. Reads the configuration file and instantiates and loads the wrapped Authentication.

Specified by:

load in class Configurable

Throws:

SecurityException

login

protected UserContext login(Map loginInfo,
                            Object[] parameters)
                     throws SecurityException

logs-in using the first match on the class from the configuration file.

Parameters:

loginInfo - If there are possible credentials already, they can be in this map. The new one will be added. If it is null, a new Map is instantiated.

parameters - Required by the login method of Authentication. I think noone ever uses it.

Throws:

SecurityException

login

public UserContext login(String application,
                         Map loginInfo,
                         Object[] parameters)
                  throws SecurityException

This method will verify the login, and give a UserContext back if the login procedure was successful.

Specified by:

login in class Authentication

Parameters:

application - A String that further specifies the login method (one implementation could handle more then one methods) A typical value might be 'username/password'. Possible values are returned by Authentication.getTypes(). This is also called 'authentication', or '(authentication) type' in several contextes.

loginInfo - A Map containing the credentials or other objects which might be used to obtain them (e.g. request/response objects). It might also be 'null', in which case your implementation normally should return the 'anonymous' user (or null, if no such user can be defined). This Map can (or must) be supplied by Authentication.createParameters(java.lang.String) (using the setter-methods and the Parameters.toMap(java.util.Map<java.lang.String, java.lang.Object>) method of the resulting Parameters object).

parameters - A list of optional parameters, may also (and will often) be null.

Returns:

null if no valid credentials were supplied, a (perhaps new) UserContext if login succeeded.

Throws:

SecurityException - When something strange happened, or authentication was unsuccessful.

isValid

public boolean isValid(UserContext userContext)
                throws SecurityException

The method returns whether the UserContext has become invalid for some reason (change in security config?)

Parameters:

userContext - The UserContext of which we want to know the rights

Returns:

true when valid, otherwise false

Throws:

SecurityException - When something strange happened