FishEyeAuthenticator

All Known Implementing Classes:

AbstractFishEyeAuthenticator, ExampleFishEyeAuthenticator, ExampleFishEyeHttpAuthenticator, NullFishEyeAuthenticator
```
public interface FishEyeAuthenticator
```
The authentication/authorisation plugin interface for FishEye. NB: It is recommended to extend AbstractFishEyeAuthenticator instead of implementing this interface directly as it is subject to change in future versions.
Classes implementing this interface must supply a public no-arg constructor.

General lifecycle:
- An instance is created by calling Class.newInstance()
- init(java.util.Properties) is called. If it throws an exception, then no further methods will be called on this instance.
- The auth methods are called any number of times: checkPassword(java.lang.String, java.lang.String), recreateAuth(java.lang.String), hasPermissionToAccess(com.cenqua.fisheye.user.plugin.AuthToken, java.lang.String, java.lang.String), checkPassword(java.lang.String, java.lang.String), checkRequest(javax.servlet.http.HttpServletRequest) and isRequestUserStillValid(java.lang.String, javax.servlet.http.HttpServletRequest). These methods may be called concurrently (they must be multi-thread safe)..
- close() is called (or the JVM exits abruptly).

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`AuthToken`	`checkPassword(java.lang.String username, java.lang.String password)` Called to check a user's password.
`AuthToken`	`checkRequest(javax.servlet.http.HttpServletRequest request)` Called to allow implementations to determine if the request is pre-authenticated, bypassing FishEye's own HTTP authentication.
`void`	`close()` Called when this authenticator will no longer be used.
`boolean`	`hasPermissionToAccess(AuthToken tok, java.lang.String repname, java.lang.String constraint)` Check if a user has permission to access the given repository.
`void`	`init(java.util.Properties cfg)` Called to configure this authenticator.
`boolean`	`isRequestUserStillValid(java.lang.String username, javax.servlet.http.HttpServletRequest req)` Checks that the given username is still valid for the request.
`AuthToken`	`recreateAuth(java.lang.String username)` Used to re-create a token for a user that was previously authenticated.

- Method Detail
  - init
```
void init(java.util.Properties cfg)
   throws java.lang.Exception
```
    Called to configure this authenticator.
    
    Parameters:
    
    cfg - the configuration properties, as specified in the <properties> element in the <custom> config. (non-null)
    
    Throws:
    
    java.lang.Exception - an error occurred during configuration.
  - close
```
void close()
```
    Called when this authenticator will no longer be used.
  - checkPassword
```
AuthToken checkPassword(java.lang.String username,
                        java.lang.String password)
```
    Called to check a user's password.
    You should not make any assumptions about the arguments. For example, they could be the empty string, or null.
    
    Parameters:
    
    username - given username (may be null)
    
    password - given password (may be null)
    
    Returns:
    
    an authentication token on successful authentication, or null otherwise.
  - recreateAuth
```
AuthToken recreateAuth(java.lang.String username)
```
    Used to re-create a token for a user that was previously authenticated. For example, this method is called when a user returns and they have selected "remember me" when they logged in.
    
    Returns:
    
    a re-created token, or null if the user cannot be re-created without re-authentication
  - hasPermissionToAccess
```
boolean hasPermissionToAccess(AuthToken tok,
                              java.lang.String repname,
                              java.lang.String constraint)
```
    Check if a user has permission to access the given repository.
    This method is notcalled when users are not logged in (anonymous users).
    
    If a custom constraint has been specified in config.xml, then that value is passed as constraint. This is taken from the <security><custom constraint=""> setting in either <repository> or <repository-defaults>.
    
    A constraint could be used (for example) to specify a group that a user must belong to in order to access a repository.
    
    Parameters:
    
    tok - an authentication token as returned by checkPassword(java.lang.String, java.lang.String) or recreateAuth(java.lang.String) (not null)
    
    repname - the symbolic name of the repository (not null)
    
    constraint - a constraint as specified in config.xml (or null if not specified).
    
    Returns:
    
    true if the specified user can read from the specified repository, or false otherwise
  - checkRequest
```
AuthToken checkRequest(javax.servlet.http.HttpServletRequest request)
```
    Called to allow implementations to determine if the request is pre-authenticated, bypassing FishEye's own HTTP authentication.
    
    Parameters:
    
    request - the servlet request to check
    
    Returns:
    
    an authentication token if the request is authenticated, or null otherwise.
  - isRequestUserStillValid
```
boolean isRequestUserStillValid(java.lang.String username,
                                javax.servlet.http.HttpServletRequest req)
```
    Checks that the given username is still valid for the request.
    
    Parameters:
    
    username - the UserName, must not be null
    
    req - the request to check the username against
    
    Returns:
    
    true if the username is still valid, false otherwise.

Interface FishEyeAuthenticator

Method Summary

Method Detail

init

close

checkPassword

recreateAuth

hasPermissionToAccess

checkRequest

isRequestUserStillValid