Package com.jalios.jcms.authentication

Class AuthenticationHandler

    • Constructor Summary

      Constructors 
      Constructor Description
      AuthenticationHandler()
      Creates a new AuthenticationHandler.
      The default order of this new handler is 0.
      AuthenticationHandler​(int order)
      Constructs a AuthenticationHandler with the specified order.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean canLogout​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.util.Locale userLocale, Member loggedMember, boolean isAuthorized)
      This methods is invoked on all AuthenticationHandler, BEFORE a logout action, to check security context authorize the logout chain to be invoked.
      int compareTo​(AuthenticationHandler authHdlr)
      Compare this object with the specified AuthenticationHandler for order.
      boolean equals​(java.lang.Object obj)
      Indicates wheter some other object is "equal to" this one.
      int getOrder()
      Retrieve the order used by this AuthenticationHandler.
      boolean init​(Plugin plugin)
      Initialize the component with the given plugin configuration
      void loadProperties()
      This method will be called by the AuthenticationManager each time the Channel properties are loaded/reloaded.
      You can use it to reload properties that might have been changed.
      This method is called during initialization of the AuthenticationManager
      void login​(AuthenticationContext ctxt)
      Authenticate a member.
      void logout​(AuthenticationContext ctxt)
      This methods is called when users logout from JCMS.
      void setOrder​(int order)
      Modify the order used by this AuthenticationHandler.

      • Methods inherited from class java.lang.Object

        clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • AuthenticationHandler

        public AuthenticationHandler()
        Creates a new AuthenticationHandler.
        The default order of this new handler is 0.
        Since:
        jcms-5.7.0

      • AuthenticationHandler

        public AuthenticationHandler​(int order)
        Constructs a AuthenticationHandler with the specified order.
        Parameters:
        order - an integer used by the natural comparator of this AuthenticationHandler to sort all AuthenticationHandler managed by the AuthenticationManager.
        Since:
        jcms-5.7.0

    • Method Detail

      • loadProperties

        public void loadProperties()
        This method will be called by the AuthenticationManager each time the Channel properties are loaded/reloaded.
        You can use it to reload properties that might have been changed.
        This method is called during initialization of the AuthenticationManager

      • init

        public boolean init​(Plugin plugin)
        Description copied from interface: PluginComponent
        Initialize the component with the given plugin configuration
        Specified by:
        init in interface PluginComponent
        Parameters:
        plugin - the calling plugin
        Returns:
        true if the component has been correctly initialized.

      • login

        public void login​(AuthenticationContext ctxt)
           throws java.io.IOException
        Authenticate a member.
        This method is invoked by the authentication chain on each request.
        A typical implementation of this method would follow the following pattern :
        1. Examine informations required to perform the authentication through the AuthenticationContext object (request, response, login.. etc)
        2. Perform your authentication before chain invokation and set the logged Member AuthenticationContext.setLoggedMember(com.jalios.jcms.Member)
        3. a) Either invoke the next entity in the chain using AuthenticationContext.doChain(),
        4. b) or else skip the chain invokation and block other authentication handler of the chain (do this with caution...)
        5. Perform redirection, set information/warning/error message or any other process, after chain invokation, using AuthenticationContext.

        Default implementation is to invoke the next handler in the chain.
        Parameters:
        ctxt - the AuthenticationContext used for this login
        Throws:
        java.io.IOException
        Since:
        jcms-5.7.0

      • canLogout

        public boolean canLogout​(javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response,
                         java.util.Locale userLocale,
                         Member loggedMember,
                         boolean isAuthorized)
        This methods is invoked on all AuthenticationHandler, BEFORE a logout action, to check security context authorize the logout chain to be invoked.

        Core implementation is to authorize logout only when a valid CSRF token was received (since JCMS-8092).
        Each AuthenticationHandler SSO may authorize logout under additionnal circumstances by implementing this method.

        Default implementation is to return the samed isAuthorized value received in parameter.

        Parameters:
        request - the current HttpServletRequest being processed
        response - the HttpServletResponse bound to current request
        userLocale - the current Locale guessed from browser preference or session
        loggedMember - the member currently logged in
        isAuthorized - true if logout has been authorized by default JCMS behavior or by any other AuthenticationHandler, false otherwise
        Returns:
        the authorization state decided by your handler (default implementation is to return the isAuthorized parameter value)
        Since:
        jcms-10.0.5 / JCMS-8093

      • logout

        public void logout​(AuthenticationContext ctxt)
            throws java.io.IOException
        This methods is called when users logout from JCMS.
        It may not be called if user simply close its browser. Don't rely on this for critical operation

        Default implementation is to invoke the next handler in the chain.
        Parameters:
        ctxt - the AuthenticationContext used for this login
        Throws:
        java.io.IOException
        Since:
        jcms-5.7.0

      • compareTo

        public final int compareTo​(AuthenticationHandler authHdlr)
        Compare this object with the specified AuthenticationHandler for order.
        Specified by:
        compareTo in interface java.lang.Comparable<AuthenticationHandler>
        Parameters:
        authHdlr - the AuthenticationHandler to be compared.
        Since:
        jcms-5.7.0
        See Also:
        Comparable.compareTo(java.lang.Object)

      • equals

        public final boolean equals​(java.lang.Object obj)
        Indicates wheter some other object is "equal to" this one. The comparison is performed with compareTo() method.
        Overrides:
        equals in class java.lang.Object
        Parameters:
        obj - the Object to be compared.

      • getOrder

        public int getOrder()
        Retrieve the order used by this AuthenticationHandler. This value is used by the natural comparator of AuthenticationHandler to provides the ordering in any AuthenticationHandler collection, specially the collection of handler managed by AuthenticationManager.
        Returns:
        an int indicating the order relative to other handlers.

      • setOrder

        public void setOrder​(int order)
        Modify the order used by this AuthenticationHandler. This value is used by the natural comparator of AuthenticationHandler to provides the ordering in any AuthenticationHandler collection, specially the collection of handler managed by AuthenticationManager.
        Parameters:
        order - the new order to use for this AuthenticationHandler