org.mmbase.security.implementation.basic

Class AuthenticationHandler

java.lang.Object

org.mmbase.security.Configurable

org.mmbase.security.Authentication

org.mmbase.security.implementation.basic.AuthenticationHandler

All Implemented Interfaces:

AuthenticationData

public class AuthenticationHandler
extends Authentication

Authentication based on a config files. There is an XML file (`authentication.xml') which defines several modules (conected to the 'module/method' String). There are now three moduiles in this implementation. 'anonymous' for the anonyunous user. 'name/password' for 'basic users'. The username/passwords of the basic users are defined in an account.properties file. The last module is 'admin' which authenticates only on password.

Version:

$Id$

Author:

Eduard Witteveen

To Do:

MM: I think it should be possible for admin to login with name/password to, how else could you use HTTP authentication (e.g. admin pages).

Field Summary

Fields

Modifier and Type	Field and Description
static String	DTD_BASICSECURITY_1_0
static String	PUBLIC_ID_BASICSECURITY_1_0

Fields inherited from class org.mmbase.security.Authentication

attributes, PARAMETERS_ANONYMOUS, PARAMETERS_NAME_PASSWORD, PARAMETERS_USERS

Fields inherited from class org.mmbase.security.Configurable

configResource, configWatcher, manager

Fields inherited from interface org.mmbase.security.AuthenticationData

METHOD_ANONYMOUS, METHOD_ASIS, METHOD_DEFAULT, METHOD_DELEGATE, METHOD_HTTP, METHOD_LOGINPAGE, METHOD_LOGOUT, METHOD_PAGELOGON, METHOD_SESSIONDELEGATE, METHOD_SESSIONLOGON, METHOD_UNSET, PARAMETER_AUTHENTICATE, PARAMETER_LOGOUT, PARAMETER_PASSWORD, PARAMETER_RANK, PARAMETER_SESSIONNAME, PARAMETER_USERNAME, PARAMETER_USERNAMES, STORES_CONTEXT_IN_OWNER, STRINGS

Constructor Summary

Constructors

Constructor and Description
AuthenticationHandler()

Method Summary

Modifier and Type	Method and Description
boolean	isValid(UserContext usercontext) this method does nothing..
protected void	load() This method should be overridden by an extending class.
UserContext	login(String moduleName, Map loginInfo, Object[] parameters) This method will verify the login, and give a UserContext back if the login procedure was successful.

Methods inherited from class org.mmbase.security.Authentication

createParameters, getAttribute, getDefaultMethod, getKey, getMethod, getMethod, getNode, getTypes, getTypes, getUserBuilder

Methods inherited from class org.mmbase.security.Configurable

load

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PUBLIC_ID_BASICSECURITY_1_0

public static final String PUBLIC_ID_BASICSECURITY_1_0

See Also:

Constant Field Values

DTD_BASICSECURITY_1_0

public static final String DTD_BASICSECURITY_1_0

See Also:

Constant Field Values

Constructor Detail

AuthenticationHandler

public AuthenticationHandler()

Method Detail

load

protected void load()

Description copied from class: Configurable

This method should be overridden by an extending class. It should further initialize the class. It can optionally retrieve settings from the general security configuration file (available as the 'configResource' member). Security implementations with complicated configuration would typically retrieve a path to their own configuration file only.

Specified by:

load in class Configurable

login

public UserContext login(String moduleName,
                         Map loginInfo,
                         Object[] parameters)
                  throws SecurityException

Description copied from class: Authentication

This method will verify the login, and give a UserContext back if the login procedure was successful.

Specified by:

login in class Authentication

Parameters:

moduleName - A String that further specifies the login method (one implementation could handle more then one methods) A typical value might be 'username/password'. Possible values are returned by Authentication.getTypes(). This is also called 'authentication', or '(authentication) type' in several contextes.

loginInfo - A Map containing the credentials or other objects which might be used to obtain them (e.g. request/response objects). It might also be 'null', in which case your implementation normally should return the 'anonymous' user (or null, if no such user can be defined). This Map can (or must) be supplied by Authentication.createParameters(java.lang.String) (using the setter-methods and the Parameters.toMap(java.util.Map<java.lang.String, java.lang.Object>) method of the resulting Parameters object).

parameters - A list of optional parameters, may also (and will often) be null.

Returns:

null if no valid credentials were supplied, a (perhaps new) UserContext if login succeeded.

Throws:

SecurityException - When something strange happened, or authentication was unsuccessful.

isValid

public boolean isValid(UserContext usercontext)
                throws SecurityException

this method does nothing..

Parameters:

usercontext - The UserContext of which we want to know the rights

Returns:

true when valid, otherwise false

Throws:

SecurityException - When something strange happened