com.cenqua.fisheye.user.plugin

Interface FishEyeAuthenticator

All Known Implementing Classes:

AbstractFishEyeAuthenticator, ExampleFishEyeAuthenticator, ExampleFishEyeHttpAuthenticator, NullFishEyeAuthenticator

public interface FishEyeAuthenticator

The authentication/authorisation plugin interface for FishEye. NB: It is recommended to extend AbstractFishEyeAuthenticator instead of implementing this interface directly as it is subject to change in future versions.

Classes implementing this interface must supply a public no-arg constructor.

General lifecycle:

• An instance is created by calling Class.newInstance()
• init(java.util.Properties) is called. If it throws an exception, then no further methods will be called on this instance.
• The auth methods are called any number of times: checkPassword(java.lang.String, java.lang.String), recreateAuth(java.lang.String), hasPermissionToAccess(com.cenqua.fisheye.user.plugin.AuthToken, java.lang.String, java.lang.String), checkPassword(java.lang.String, java.lang.String), checkRequest(javax.servlet.http.HttpServletRequest) and isRequestUserStillValid(java.lang.String, javax.servlet.http.HttpServletRequest). These methods may be called concurrently (they must be multi-thread safe)..
• close() is called (or the JVM exits abruptly).

Method Summary

Methods

Modifier and Type	Method and Description
AuthToken	checkPassword(java.lang.String username, java.lang.String password) Called to check a user's password.
AuthToken	checkRequest(javax.servlet.http.HttpServletRequest request) Called to allow implementations to determine if the request is pre-authenticated, bypassing FishEye's own HTTP authentication.
void	close() Called when this authenticator will no longer be used.
boolean	hasPermissionToAccess(AuthToken tok, java.lang.String repname, java.lang.String constraint) Check if a user has permission to access the given repository.
void	init(java.util.Properties cfg) Called to configure this authenticator.
boolean	isRequestUserStillValid(java.lang.String username, javax.servlet.http.HttpServletRequest req) Checks that the given username is still valid for the request.
AuthToken	recreateAuth(java.lang.String username) Used to re-create a token for a user that was previously authenticated.

Method Detail

init

void init(java.util.Properties cfg)
          throws java.lang.Exception

Called to configure this authenticator.

Parameters:

cfg - the configuration properties, as specified in the <properties> element in the <custom> config. (non-null)

Throws:

java.lang.Exception - an error occurred during configuration.

close

void close()

Called when this authenticator will no longer be used.

checkPassword

AuthToken checkPassword(java.lang.String username,
                      java.lang.String password)

Called to check a user's password.

You should not make any assumptions about the arguments. For example, they could be the empty string, or null.

Parameters:

username - given username (may be null)

password - given password (may be null)

Returns:

an authentication token on successful authentication, or null otherwise.

recreateAuth

AuthToken recreateAuth(java.lang.String username)

Used to re-create a token for a user that was previously authenticated. For example, this method is called when a user returns and they have selected "remember me" when they logged in.

Returns:

a re-created token, or null if the user cannot be re-created without re-authentication

hasPermissionToAccess

boolean hasPermissionToAccess(AuthToken tok,
                            java.lang.String repname,
                            java.lang.String constraint)

Check if a user has permission to access the given repository.

This method is notcalled when users are not logged in (anonymous users).

If a custom constraint has been specified in config.xml, then that value is passed as constraint. This is taken from the <security><custom constraint=""> setting in either <repository> or <repository-defaults>.

A constraint could be used (for example) to specify a group that a user must belong to in order to access a repository.

Note: for managed repositories, this method is overloaded to determine whether a user has permission to both read from and write to a particular repository. You can not use custom authentication to grant a user read access but not write access (or vice-versa).

Parameters:

tok - an authentication token as returned by checkPassword(java.lang.String, java.lang.String) or recreateAuth(java.lang.String) (not null)

repname - the symbolic name of the repository (not null)

constraint - a constraint as specified in config.xml (or null if not specified).

Returns:

true if the specified user can read from (or in the case of managed repositories read and write to) the specified repository, or false otherwise

checkRequest

AuthToken checkRequest(javax.servlet.http.HttpServletRequest request)

Called to allow implementations to determine if the request is pre-authenticated, bypassing FishEye's own HTTP authentication.

Parameters:

request - the servlet request to check

Returns:

an authentication token if the request is authenticated, or null otherwise.

isRequestUserStillValid

boolean isRequestUserStillValid(java.lang.String username,
                              javax.servlet.http.HttpServletRequest req)

Checks that the given username is still valid for the request.

Parameters:

username - the UserName, must not be null

req - the request to check the username against

Returns:

true if the username is still valid, false otherwise.