|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface HttpAuthenticator
This interface is used to manage HTTP authentication.
It is the fundamental class for web/SSO authentication integration.
This interface contains many convenience methods for authentication integration with existing applications. For most applications, using the following methods will be sufficient to achieve SSO:authenticate:
authenticate a user.isAuthenticated:
determine if a request is authenticated.getPrincipal:
retrieve the principal for an authenticated request.logoff:
sign the user out.HttpAuthenticatorFactory to get an
instance of a class, or use an IoC container (like Spring)
to manage the underlying implementation as a singleton.
- See Also:
HttpAuthenticatorImpl
Method Summary
void
authenticate(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String username,
String password)
Authenticate a remote user using SSO.
void
authenticateWithoutValidatingPassword(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String username)
Authenticate a remote user using SSO, without validating their password.
SOAPPrincipal
getPrincipal(javax.servlet.http.HttpServletRequest request)
Attempts to retrieve the principal from the request.
UserAuthenticationContext
getPrincipalAuthenticationContext(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String username,
String password)
Generate a PrincipalAuthenticationContext object containing the
provided username and password, and validation factors from the
the request.
SecurityServerClient
getSecurityServerClient()
Retrieve the underlying SecurityServerClient used
to communicate with the Crowd Security Server.
SoapClientProperties
getSoapClientProperties()
Retrieve the underlying client properties used
to communicate with the Crowd Security Server.
String
getToken(javax.servlet.http.HttpServletRequest request)
Retrieve the Crowd authentication token from the request either via:
a request attribute (not request parameter), OR
a cookie on the request
ValidationFactor[]
getValidationFactors(javax.servlet.http.HttpServletRequest request)
Retrieves validation factors from the request:
Remote Address: the source IP address of the HTTP request.
Original Address: the X-Forwarded-For HTTP header (if present and distinct from the Remote Address).
boolean
isAuthenticated(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Tests whether a request is authenticated via SSO.
void
logoff(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Log off the SSO authenticated user.
void
setPrincipalToken(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String token)
Sets the underlying principal token on:
the request: as an attribute, so the user is authenticated for the span of the request.
the response: as a cookie, so the user is authenticated for subsequent requests.
void
verifyAuthentication(String username,
String password)
Authenticate a remote principal without using SSO.
String
verifyAuthentication(String username,
String password,
ValidationFactor[] validationFactors)
Verifies the authentication of a principal's username/password,
given a set of validation factors.
Method Detail
getSoapClientProperties
SoapClientProperties getSoapClientProperties()
- Retrieve the underlying client properties used
to communicate with the Crowd Security Server.
- Returns:
- client properties.
- See Also:
SecurityServerClient.getSoapClientProperties()
getSecurityServerClient
SecurityServerClient getSecurityServerClient()
- Retrieve the underlying SecurityServerClient used
to communicate with the Crowd Security Server.
- Returns:
- SecurityServerClient.
setPrincipalToken
void setPrincipalToken(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String token)
throws InvalidAuthorizationTokenException,
RemoteException,
InvalidAuthenticationException
- Sets the underlying principal token on:
- the request: as an attribute, so the user is authenticated for the span of the request.
- the response: as a cookie, so the user is authenticated for subsequent requests.
- Parameters:
request
- HttpServletRequestresponse
- HttpServletResponsetoken
- token value to use.
- Throws:
InvalidAuthorizationTokenException
- the application client's token is invalid.
RemoteException
- there was an underlying error communicating with the server.
InvalidAuthenticationException
- the username/password combination is invalid.
getPrincipal
SOAPPrincipal getPrincipal(javax.servlet.http.HttpServletRequest request)
throws InvalidAuthorizationTokenException,
RemoteException,
InvalidTokenException,
InvalidAuthenticationException
- Attempts to retrieve the principal from the request.
- Parameters:
request
- servlet request
- Returns:
- SOAPPrincipal of the authenticated user
- Throws:
InvalidAuthorizationTokenException
- the application client's token is invalid
RemoteException
- there are communication issues between the client and Crowd server
InvalidTokenException
- unable to find the token
InvalidAuthenticationException
- he username/password combination is invalid
getToken
String getToken(javax.servlet.http.HttpServletRequest request)
throws InvalidTokenException
- Retrieve the Crowd authentication token from the request either via:
- a request attribute (not request parameter), OR
- a cookie on the request
- Parameters:
request
- HttpServletRequest.
- Returns:
- value of the token.
- Throws:
InvalidTokenException
- unable to find token in either a request attribute or cookie.- See Also:
setPrincipalToken(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, String)
isAuthenticated
boolean isAuthenticated(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws InvalidAuthorizationTokenException,
RemoteException,
ApplicationAccessDeniedException,
InvalidAuthenticationException
- Tests whether a request is authenticated via SSO.
This only tests against the Crowd server if the validation
interval is exceeded, this value is obtained from crowd.properties AND
that there is a valid token present for the user in the Crowd Cookie.
- Parameters:
request
- HttpServletRequestresponse
- HttpServletResponse
- Returns:
true
if and only if the request has been authenticated
- Throws:
InvalidAuthorizationTokenException
- the application client's token is invalid
RemoteException
- there was an underlying error communicating with the server
ApplicationAccessDeniedException
- user does not have access to the application
InvalidAuthenticationException
- the username/password combination is invalid
authenticate
void authenticate(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String username,
String password)
throws InvalidAuthorizationTokenException,
RemoteException,
InvalidAuthenticationException,
InactiveAccountException,
ApplicationAccessDeniedException,
ExpiredCredentialException
- Authenticate a remote user using SSO.
See getValidationFactors(javax.servlet.http.HttpServletRequest)
for details regarding the validation factors used for authentication
- Parameters:
request
- HttpServletRequest to obtain validation factorsresponse
- HttpServletResponse to write SSO cookieusername
- username of principalpassword
- password of principal
- Throws:
InvalidAuthorizationTokenException
- the application client's token is invalid
RemoteException
- there was an underlying error communicating with the server
InvalidAuthenticationException
- the username/password combination is invalid
InactiveAccountException
- the principal's account has been deactivated
ApplicationAccessDeniedException
- user does not have access to the application
ExpiredCredentialException
- the user's credentials have expired. The user must change their credentials in order to successfully authenticate.- See Also:
getValidationFactors(javax.servlet.http.HttpServletRequest)
authenticateWithoutValidatingPassword
void authenticateWithoutValidatingPassword(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String username)
throws ApplicationAccessDeniedException,
InvalidAuthenticationException,
InvalidAuthorizationTokenException,
InactiveAccountException,
RemoteException
- Authenticate a remote user using SSO, without validating their password.
You should not be using this method unless you have previously that the user has been authenticated
via some other external means (eg. remember-me cookie etc).
If you are unsure whether you should be using this method or not, then you should really be
using
authenticate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, String, String)
instead.
- Parameters:
request
- HttpServletRequest to obtain validation factorsresponse
- HttpServletResponse to write SSO cookieusername
- username of the principal that you have already authenticated via some external means
- Throws:
InvalidAuthorizationTokenException
- the application client's token is invalid
RemoteException
- there was an underlying error communicating with the server
InvalidAuthenticationException
- the username/password combination is invalid
InactiveAccountException
- the principal's account has been deactivated
ApplicationAccessDeniedException
- user does not have access to the application
verifyAuthentication
String verifyAuthentication(String username,
String password,
ValidationFactor[] validationFactors)
throws InvalidAuthorizationTokenException,
InvalidAuthenticationException,
RemoteException,
InactiveAccountException,
ApplicationAccessDeniedException,
ExpiredCredentialException
- Verifies the authentication of a principal's username/password,
given a set of validation factors.
This will authenticate the principal using the username and password
provided, and will use the validation factors to generate an SSO
token. This token can then be used by 3rd party systems to implement
SSO or can be ignored to only provide centralised authentication.
NOTE: This method will not provide SSO functionality directly - use the
authenticate
method instead.
- Parameters:
username
- username of principalpassword
- password of principalvalidationFactors
- validation factors used to generate a token
- Returns:
- Crowd authentication token
- Throws:
InvalidAuthorizationTokenException
- the application client's token is invalid.
RemoteException
- there was an underlying error communicating with the server.
InvalidAuthenticationException
- the username/password combination is invalid.
InactiveAccountException
- the principal's account has been deactivate.
ApplicationAccessDeniedException
- user does not have access to the application.
ExpiredCredentialException
- the user's credentials have expired. The user must change their credentials in order to successfully authenticate/
verifyAuthentication
void verifyAuthentication(String username,
String password)
throws InvalidAuthorizationTokenException,
InvalidAuthenticationException,
RemoteException,
InactiveAccountException,
ApplicationAccessDeniedException,
ExpiredCredentialException
- Authenticate a remote principal without using SSO.
This performs an instant verification of username/password with
the centralised user repository (Crowd Server).
- Parameters:
username
- username of the principal.password
- password of the principal.
- Throws:
InvalidAuthorizationTokenException
- the application client's token is invalid
InvalidAuthenticationException
- the username/password combination is invalid
RemoteException
- there was an underlying error while connecting to the remote server.
InactiveAccountException
- the user's account is invalid.
ApplicationAccessDeniedException
- the user does not have access to the application.
ExpiredCredentialException
- the user's credentials have expired. The user must change their credentials in order to successfully authenticate.- See Also:
SecurityServerClient.authenticatePrincipalSimple(String, String)
getValidationFactors
ValidationFactor[] getValidationFactors(javax.servlet.http.HttpServletRequest request)
- Retrieves validation factors from the request:
- Remote Address: the source IP address of the HTTP request.
- Original Address: the X-Forwarded-For HTTP header (if present and distinct from the Remote Address).
- Parameters:
request
- HttpServletRequest.
- Returns:
- array of validation factors.
logoff
void logoff(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws InvalidAuthorizationTokenException,
RemoteException,
InvalidAuthenticationException
- Log off the SSO authenticated user. This will also effectively
log them off from all SSO applications.
This will sign out an authenticated user by invalidating their
SSO token and removing it from their cookies.
If the request is not authenticated, this method will have
no effect and will not throw an exception.
- Parameters:
request
- HttpServletRequest.response
- HttpServletResponse.
- Throws:
InvalidAuthorizationTokenException
- the application client's token is invalid
RemoteException
- there was an error while connecting to the remote server.
InvalidAuthenticationException
- the username/password combination is invalid.
getPrincipalAuthenticationContext
UserAuthenticationContext getPrincipalAuthenticationContext(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String username,
String password)
- Generate a PrincipalAuthenticationContext object containing the
provided username and password, and validation factors from the
the request.
- Parameters:
request
- HttpServletRequest.response
- unused.username
- username of principal.password
- password of principal.
- Returns:
- populated PrincipalAuthenticationContext.
Overview
Package
Class
Use
Tree
Deprecated
Index
Help
PREV CLASS
NEXT CLASS
FRAMES
NO FRAMES
SUMMARY: NESTED | FIELD | CONSTR | METHOD
DETAIL: FIELD | CONSTR | METHOD
Copyright © 2012 Atlassian. All Rights Reserved.