Package com.jalios.jcms.authentication

Class AuthenticationManager

  • public final class AuthenticationManager
extends java.lang.Object
    This singleton manages all the authentication process in JCMS.

    It is responsible to store and invoke all the AuthenticationHandler.
    Since:
    jcms-5.7.0
    Version:
    $Revision: 135756 $
    Author:
    Olivier Jaquemet

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String REVISION  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      void addAuthenticationHandler​(AuthenticationHandler authHdlr)
      Add the specified AuthenticationHandler to the handlers collection already managed by the AuthenticationManager.
      java.util.SortedSet<AuthenticationHandler> getAuthenticationHandlerSet()
      Retrieve the internal set of AuthenticationHandler managed by the AuthenticationManager.
      Modify only if you are sure of what you do...
      boolean getDefaultPersistentValue()
      Defined by value of property auth-mgr.persistent.default-value.
      static AuthenticationManager getInstance()  
      java.lang.String getLoginParameter()
      Retrieve the parameter name used for the user's login.
      Defined by value of property auth-mgr.login-param.login.
      java.lang.String getOpLoginParameter()
      Retrieve the parameter name used to indicate a login action is requested (login form submitted).
      Defined by value of property auth-mgr.login-param.op-login.
      java.lang.String getPasswordParameter()
      Retrieve the parameter name used for the user's password.
      Defined by value of property auth-mgr.login-param.password.
      java.lang.String getPersistentParameter()
      Retrieve the parameter name used for the user's persistent login preference.
      Defined by value of property auth-mgr.login-param.persistent.
      void init()
      Initialize the AuthenticationManager.
      This method can be called multiple time during the lifetime of the site, for example on properties change.
      boolean isAuthenticationRequired()
      Returns true if the authentication is required in this site.
      Defined by value of property channel.is-authentication-required.
      boolean isLoginAccentSensitive()
      Returns true if login should be treated as accent sensitive (mylogin != mylogìn).
      boolean isLoginCaseSensitive()
      Returns true if login should be treated as case sensitive (myLogin != mylogin).
      boolean isShowingPersistentOption()
      Defined by value of property auth-mgr.persistent.show-option.
      Member login​(java.lang.String login, java.lang.String password)
      Retrieve a member from a login/password pair.

      Current implementation invoke the authentication handler login chain with current servlet request if available otherwise with a fake request, and a fake response.
      LoginResult login​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String userLang)
      Deprecated.
      use login(HttpServletRequest, HttpServletResponse, Locale)
      LoginResult login​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.util.Locale userLocale)
      Authenticate a member for each request.
      Invoke the authentication handler chain and return the authenticated Member.
      void logout​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String userLang, Member loggedMember)
      Deprecated.
      use logout(HttpServletRequest, HttpServletResponse, Locale, Member)
      void logout​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.util.Locale userLocale, Member loggedMember)
      Logout the current loggedMember from this session.
      void readOrdersFromProperties()
      Read Authentication Handlers order from properties.
      void removeAuthenticationHandler​(AuthenticationHandler authHdlr)
      Remove the specified AuthenticationHandler from the handlers managed by the AuthenticationManager.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • init

        public void init()
        Initialize the AuthenticationManager.
        This method can be called multiple time during the lifetime of the site, for example on properties change.
        Since:
        jcms-5.7.0

      • readOrdersFromProperties

        public void readOrdersFromProperties()
        Read Authentication Handlers order from properties.

      • addAuthenticationHandler

        public void addAuthenticationHandler​(AuthenticationHandler authHdlr)
        Add the specified AuthenticationHandler to the handlers collection already managed by the AuthenticationManager.
        Parameters:
        authHdlr - the AuthenticationHandler to be added
        Since:
        jcms-5.7.0

      • removeAuthenticationHandler

        public void removeAuthenticationHandler​(AuthenticationHandler authHdlr)
        Remove the specified AuthenticationHandler from the handlers managed by the AuthenticationManager.
        Parameters:
        authHdlr - the AuthenticationHandler to be removed
        Since:
        jcms-5.7.0

      • getAuthenticationHandlerSet

        public java.util.SortedSet<AuthenticationHandler> getAuthenticationHandlerSet()
        Retrieve the internal set of AuthenticationHandler managed by the AuthenticationManager.
        Modify only if you are sure of what you do...
        Returns:
        a SortedSet of AuthenticationHandler

      • isAuthenticationRequired

        public boolean isAuthenticationRequired()
        Returns true if the authentication is required in this site.
        Defined by value of property channel.is-authentication-required.
        Returns:
        true if authentication is required for JCMS acces, false otherwise.
        Since:
        jcms-5.7.0

      • isLoginCaseSensitive

        public boolean isLoginCaseSensitive()
        Returns true if login should be treated as case sensitive (myLogin != mylogin). Defined by value of property channel.login-casesensitive.
        Returns:
        true if login is case sensitive
        Since:
        jcms-5.7.0

      • isLoginAccentSensitive

        public boolean isLoginAccentSensitive()
        Returns true if login should be treated as accent sensitive (mylogin != mylogìn). Defined by value of property channel.login-accentsensitive.
        Returns:
        true if login is accent sensitive
        Since:
        jcms-8.0.2

      • isShowingPersistentOption

        public boolean isShowingPersistentOption()
        Defined by value of property auth-mgr.persistent.show-option.
        Returns:
        true if we show the persistent option in the login form, false if we hide it.
        Since:
        jcms-5.7.0

      • getDefaultPersistentValue

        public boolean getDefaultPersistentValue()
        Defined by value of property auth-mgr.persistent.default-value.
        Returns:
        the default persistent value, true is persistent, false is not.
        Since:
        jcms-5.7.0

      • getLoginParameter

        public java.lang.String getLoginParameter()
        Retrieve the parameter name used for the user's login.
        Defined by value of property auth-mgr.login-param.login.
        Returns:
        the request parameter name used to send/retrieve the login of the user to authenticate.
        Since:
        jcms-5.7.0

      • getPasswordParameter

        public java.lang.String getPasswordParameter()
        Retrieve the parameter name used for the user's password.
        Defined by value of property auth-mgr.login-param.password.
        Returns:
        the request parameter name used to send/retrieve the password of the user to authenticate.
        Since:
        jcms-5.7.0

      • getPersistentParameter

        public java.lang.String getPersistentParameter()
        Retrieve the parameter name used for the user's persistent login preference.
        Defined by value of property auth-mgr.login-param.persistent.
        Returns:
        the request parameter name used to send/retrieve whether user to authenticate has requested to have a persistent authentication or not.
        Since:
        jcms-5.7.0

      • getOpLoginParameter

        public java.lang.String getOpLoginParameter()
        Retrieve the parameter name used to indicate a login action is requested (login form submitted).
        Defined by value of property auth-mgr.login-param.op-login.
        Returns:
        the request parameter name used to send/retrieve whether a login action has been requested (usually when a form is submitted).
        Since:
        jcms-5.7.0

      • login

        public Member login​(java.lang.String login,
                    java.lang.String password)
             throws java.io.IOException
        Retrieve a member from a login/password pair.

        Current implementation invoke the authentication handler login chain with current servlet request if available otherwise with a fake request, and a fake response.
        Parameters:
        login - the user login
        password - the user's clear text password
        Returns:
        the authenticated Member, (or null on error)
        Throws:
        java.io.IOException - if the login operation could not be performed due to IO problem (HTTP headers in response, cookie error, ...)
        Since:
        jcms-5.7.0

      • login

        public LoginResult login​(javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response,
                         java.lang.String userLang)
                  throws java.io.IOException
        Deprecated.
        use login(HttpServletRequest, HttpServletResponse, Locale)
        Authenticate a member for each request.
        Invoke the authentication handler chain and return the authenticated Member.
        Parameters:
        request - the current HttpServletRequest being processed
        response - the HttpServletResponse bound to current request
        userLang - the current language guessed from browser preference or session
        Returns:
        the LoginResult containing the logged Member
        Throws:
        java.io.IOException - if the login operation could not be performed due to IO problem (HTTP headers in response, cookie error, ...)
        Since:
        jcms-5.7.0

      • login

        public LoginResult login​(javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response,
                         java.util.Locale userLocale)
                  throws java.io.IOException
        Authenticate a member for each request.
        Invoke the authentication handler chain and return the authenticated Member.
        Parameters:
        request - the current HttpServletRequest being processed
        response - the HttpServletResponse bound to current request
        userLocale - the current Locale guessed from browser preference or session
        Returns:
        the LoginResult containing the logged Member
        Throws:
        java.io.IOException - if the login operation could not be performed due to IO problem (HTTP headers in response, cookie error, ...)
        Since:
        jcms-7.1.0

      • logout

        public void logout​(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response,
                   java.lang.String userLang,
                   Member loggedMember)
            throws java.io.IOException
        Deprecated.
        use logout(HttpServletRequest, HttpServletResponse, Locale, Member)
        Logout the current loggedMember from this session. It may not be called if user simply close its browser. Don't rely on this for critical operation
        Parameters:
        request - the current HttpServletRequest being processed
        response - the HttpServletResponse bound to current request
        userLang - the current language guessed from browser preference or session
        loggedMember - the member currently logged in
        Throws:
        java.io.IOException - if the logout operation could not be performed due to IO problem (HTTP headers in response, cookie error, ...)
        Since:
        jcms-5.7.0

      • logout

        public void logout​(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response,
                   java.util.Locale userLocale,
                   Member loggedMember)
            throws java.io.IOException
        Logout the current loggedMember from this session. It may not be called if user simply close its browser. Don't rely on this for critical operation
        Parameters:
        request - the current HttpServletRequest being processed
        response - the HttpServletResponse bound to current request
        userLocale - the current Locale guessed from browser preference or session
        loggedMember - the member currently logged in
        Throws:
        java.io.IOException - if the logout operation could not be performed due to IO problem (HTTP headers in response, cookie error, ...)
        Since:
        jcms-7.1.0