Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.atlassian.crowd.integration.acegi
Class CrowdAuthenticationProvider

java.lang.Object
  extended by com.atlassian.crowd.integration.acegi.CrowdAuthenticationProvider
All Implemented Interfaces:
org.acegisecurity.providers.AuthenticationProvider
Direct Known Subclasses:
RemoteCrowdAuthenticationProvider
public abstract class CrowdAuthenticationProvider
extends Object
implements org.acegisecurity.providers.AuthenticationProvider

The CrowdAuthenticationProvider can be used in both SSO and non-SSO mode.

When coupled with the CrowdSSOAuthenticationProcessingFilter, single-sign on is establish via the Crowd server and Crowd SSO tokens.

When coupled with the ACEGI AuthenticationProcessingFilter, centralised authentication is established via the Crowd server.

Author:
Shihab Hamid

Field Summary
protected  String applicationName
           
 
Constructor Summary
protected CrowdAuthenticationProvider(String applicationName)
          The defaultApplicationName to use when an application name has not been supplied in the AuthenticationToken.details().
 
Method Summary
 org.acegisecurity.Authentication authenticate(org.acegisecurity.Authentication authentication)
          Performs authentication with the same contract as AuthenticationManager.authenticate(org.acegisecurity.Authentication).
protected abstract  String authenticate(String username, String password, ValidationFactor[] validationFactors)
          Authenticate a remote user and return the Crowd SSO token string.
protected  org.acegisecurity.Authentication authenticateCrowdSSO(CrowdSSOAuthenticationToken ssoToken)
          Attempts to authenticate based on an existing Crowd token and validation factors from a HttpServletRequest.
protected  org.acegisecurity.Authentication authenticateUsernamePassword(org.acegisecurity.providers.UsernamePasswordAuthenticationToken passwordToken)
          Attempts to authenticate a login request based on username (principal), password (credentials), and (optional) ValidationFactor[]s (details).
protected abstract  boolean isAuthenticated(String token, ValidationFactor[] validationFactors)
          Determine if a remote user is authenticated via SSO based on the supplied SSO token string and validation factors.
protected abstract  CrowdUserDetails loadUserByToken(String token)
          Retrieve a user from Crowd by looking up the principal by their authenticated Crowd token.
protected abstract  CrowdUserDetails loadUserByUsername(String username)
          Retreive the user details for a user based on their username.
 boolean supports(org.acegisecurity.providers.AbstractAuthenticationToken authenticationToken)
           
 boolean supports(Class authentication)
          Returns true if this AuthenticationProvider supports the indicated Authentication object.
protected  org.acegisecurity.AuthenticationException translateException(Exception e)
          Converts Crowd-specific exceptions to Acegi-friendly exceptions.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

applicationName

protected final String applicationName
Constructor Detail

CrowdAuthenticationProvider

protected CrowdAuthenticationProvider(String applicationName)
The defaultApplicationName to use when an application name has not been supplied in the AuthenticationToken.details().

This applicationName should correspond to the name of an application within Crowd.

Parameters:
applicationName - Crowd application name.
Method Detail

authenticate

public org.acegisecurity.Authentication authenticate(org.acegisecurity.Authentication authentication)
                                              throws org.acegisecurity.AuthenticationException
Performs authentication with the same contract as AuthenticationManager.authenticate(org.acegisecurity.Authentication).

This AuthenticationProvider supports UsernamePasswordAuthenticationTokens for login operations where a username, password and possiblyy validation factors (for SSO) are provided. It also supports CrowdSSOAuthenticationToken for authentication verification operations, where the SSO token and validation factors are provided for SSO authentication.

See CrowdAuthenticationProvider.authenticateUsernamePassword() and CrowdAuthenticationProvider.authenticateCrowdSSO() for more specific information on the authentication process.

Specified by:
authenticate in interface org.acegisecurity.providers.AuthenticationProvider
Parameters:
authentication - the authentication request object.
Returns:
a fully authenticated object including credentials. May return null if the AuthenticationProvider is unable to support authentication of the passed Authentication object. In such a case, the next AuthenticationProvider that supports the presented Authentication class will be tried.
Throws:
org.acegisecurity.AuthenticationException - if authentication fails.

authenticateUsernamePassword

protected org.acegisecurity.Authentication authenticateUsernamePassword(org.acegisecurity.providers.UsernamePasswordAuthenticationToken passwordToken)
                                                                 throws org.acegisecurity.AuthenticationException
Attempts to authenticate a login request based on username (principal), password (credentials), and (optional) ValidationFactor[]s (details).

The returned Authentication will be either: - a UsernamePasswordAuthenticationToken, if the request has no ValidationFactor[]s and hence is not SSO. The credentials will be the password. - a CrowdSSOAuthenticationToken, if the request does have ValidationFactor[]s. The credentials will be set to the SSO token string.

The principal will be set to the UserDetails object corresponding to the username. The granted authorities will be UserDetails.getAuthorities().

Parameters:
passwordToken - authentication token containing the username, password and (optiona) ValidationFactor[]s.
Returns:
an authenticated Authentication token.
Throws:
org.acegisecurity.AuthenticationException - if there was a problem authenticating the username/password combination.

isAuthenticated

protected abstract boolean isAuthenticated(String token,
                                           ValidationFactor[] validationFactors)
                                    throws InvalidAuthorizationTokenException,
                                           RemoteException,
                                           ApplicationAccessDeniedException,
                                           InvalidAuthenticationException
Determine if a remote user is authenticated via SSO based on the supplied SSO token string and validation factors.

Parameters:
token - Crowd SSO token.
validationFactors - validation factors.
Returns:
true iff the remote user is authenticated.
Throws:
InvalidAuthorizationTokenException - invalid application client.
RemoteException - Crowd server error.
ApplicationAccessDeniedException - user does not have access to the application.
InvalidAuthenticationException

authenticate

protected abstract String authenticate(String username,
                                       String password,
                                       ValidationFactor[] validationFactors)
                                throws InvalidAuthorizationTokenException,
                                       InvalidAuthenticationException,
                                       RemoteException,
                                       InactiveAccountException,
                                       ApplicationAccessDeniedException,
                                       ApplicationAccessDeniedException,
                                       ExpiredCredentialException
Authenticate a remote user and return the Crowd SSO token string.

Parameters:
username - username of the remote user.
password - password of the remote user.
validationFactors - validation factors from the remote user.
Returns:
Crowd SSO token string
Throws:
InvalidAuthorizationTokenException - invalid application client.
InvalidAuthenticationException - invalid username/password.
RemoteException - Crowd server error.
InactiveAccountException - inactive user account.
ApplicationAccessDeniedException - user does not have access to the application.
ExpiredCredentialException - The user's credentials have expired. The user must change their credentials in order to successfully authenticate.

loadUserByUsername

protected abstract CrowdUserDetails loadUserByUsername(String username)
                                                throws org.acegisecurity.userdetails.UsernameNotFoundException,
                                                       org.springframework.dao.DataAccessException
Retreive the user details for a user based on their username.

Parameters:
username - username of user.
Returns:
user details of user.
Throws:
org.acegisecurity.userdetails.UsernameNotFoundException - user with supplied username does not exist.
org.springframework.dao.DataAccessException - error retrieving user.

loadUserByToken

protected abstract CrowdUserDetails loadUserByToken(String token)
                                             throws CrowdSSOTokenInvalidException,
                                                    org.springframework.dao.DataAccessException
Retrieve a user from Crowd by looking up the principal by their authenticated Crowd token.

Parameters:
token - Crowd SSO token string.
Returns:
CrowdUserDetails corresponding to the principal.
Throws:
CrowdSSOTokenInvalidException - if the provided token is invalid.
org.springframework.dao.DataAccessException - error retrieveing user.

authenticateCrowdSSO

protected org.acegisecurity.Authentication authenticateCrowdSSO(CrowdSSOAuthenticationToken ssoToken)
                                                         throws org.acegisecurity.AuthenticationException
Attempts to authenticate based on an existing Crowd token and validation factors from a HttpServletRequest.

The credentials of the ssoToken must be set to the String representation of the Crowd SSO token, the details must be set to the ValidationFactor[]s from the request.

The returned authentication will be a CrowdSSOAuthenticationToken with the same SSO token string credential. The principal will be set to the UserDetails object corresponding to the username. The granted authorities will be UserDetails.getAuthorities().

Parameters:
ssoToken - ssoToken containing the token string credential and validation factors as details.
Returns:
an authenticated Authentication token.
Throws:
org.acegisecurity.AuthenticationException - if there was a problem verifying the existing token is valid.

translateException

protected org.acegisecurity.AuthenticationException translateException(Exception e)
Converts Crowd-specific exceptions to Acegi-friendly exceptions.

Parameters:
e - Crowd-specific exception.
Returns:
Acegi-friendly exception.

supports

public boolean supports(Class authentication)
Returns true if this AuthenticationProvider supports the indicated Authentication object.

The CrowdAuthenticationProvider supports UsernamePasswordAuthenticationTokens and CrowdSSOAuthenticationTokens.

Specified by:
supports in interface org.acegisecurity.providers.AuthenticationProvider

supports

public boolean supports(org.acegisecurity.providers.AbstractAuthenticationToken authenticationToken)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2012 Atlassian. All Rights Reserved.