com.jalios.jcms.authentication

Class AuthenticationHandler

java.lang.Object

com.jalios.jcms.authentication.AuthenticationHandler

All Implemented Interfaces:

PluginComponent, java.lang.Comparable<AuthenticationHandler>

Direct Known Subclasses:

AuthKeyAuthenticationHandler, ClientCertificateAuthenticationHandler, CookieAuthenticationHandler, DelegationAuthenticationHandler, HttpBasicAuthenticationHandler, HttpDigestAuthenticationHandler, JWTAuthenticationHandler, LoggingAuthenticationHandler, SessionAuthenticationHandler, SilentParamsAuthenticationHandler, SimpleAuthenticationHandler

public abstract class AuthenticationHandler
extends java.lang.Object
implements java.lang.Comparable<AuthenticationHandler>, PluginComponent

An AuthenticationHandler is an object that perform user authentification.

JCMS manages a list of AuthenticationHandler sorted using the natural order provided by this abstract class using the order parameter of the constructor.
Use this order parameter to modify the position of your handler in the authentication chain.

Override one or both of the following methods to provide your own authentication mecanism :

• login(AuthenticationContext)
• logout(AuthenticationContext)

When implementing any of those method, make sure you either call the super method or either invoke the chain yourself, NOT BOTH!

The loadProperties() method can be overridden to load/reload properties as needed.

Since:

jcms-5.7.0

Version:

$Revision: 126116 $

Author:

Olivier Jaquemet

Field Summary

Fields

Modifier and Type	Field and Description
protected static Channel	channel
static java.lang.String	GENERIC_BAD_AUTHENTICATION_MSG Use this constant with AuthenticationContext.setWarningMsg(String) to provide a generic authentication failure message.
static java.lang.String	REVISION

Constructor Summary

Constructors

Constructor and Description
AuthenticationHandler() Creates a new AuthenticationHandler. The default order of this new handler is 0.
AuthenticationHandler(int order) Constructs a AuthenticationHandler with the specified order.

Method Summary

Modifier and Type	Method and Description
boolean	canLogout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.util.Locale userLocale, Member loggedMember, boolean isAuthorized) This methods is invoked on all AuthenticationHandler, BEFORE a logout action, to check security context authorize the logout chain to be invoked.
int	compareTo(AuthenticationHandler authHdlr) Compare this object with the specified AuthenticationHandler for order.
boolean	equals(java.lang.Object obj) Indicates wheter some other object is "equal to" this one.
int	getOrder() Retrieve the order used by this AuthenticationHandler.
boolean	init(Plugin plugin) Initialize the component with the given plugin configuration
void	loadProperties() This method will be called by the AuthenticationManager each time the Channel properties are loaded/reloaded. You can use it to reload properties that might have been changed. This method is called during initialization of the AuthenticationManager
void	login(AuthenticationContext ctxt) Authenticate a member.
void	logout(AuthenticationContext ctxt) This methods is called when users logout from JCMS.
void	setOrder(int order) Modify the order used by this AuthenticationHandler.

Methods inherited from class java.lang.Object

clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

REVISION

public static final java.lang.String REVISION

See Also:

Constant Field Values

GENERIC_BAD_AUTHENTICATION_MSG

public static final java.lang.String GENERIC_BAD_AUTHENTICATION_MSG

Use this constant with AuthenticationContext.setWarningMsg(String) to provide a generic authentication failure message.

See Also:

Constant Field Values

channel

protected static final Channel channel

Constructor Detail

AuthenticationHandler

public AuthenticationHandler()

Creates a new AuthenticationHandler.
The default order of this new handler is 0.

Since:

jcms-5.7.0

AuthenticationHandler

public AuthenticationHandler(int order)

Constructs a AuthenticationHandler with the specified order.

Parameters:

order - an integer used by the natural comparator of this AuthenticationHandler to sort all AuthenticationHandler managed by the AuthenticationManager.

Since:

jcms-5.7.0

Method Detail

loadProperties

public void loadProperties()

This method will be called by the AuthenticationManager each time the Channel properties are loaded/reloaded.
You can use it to reload properties that might have been changed.
This method is called during initialization of the AuthenticationManager

init

public boolean init(Plugin plugin)

Description copied from interface: PluginComponent

Initialize the component with the given plugin configuration

Specified by:

init in interface PluginComponent

Parameters:

plugin - the calling plugin

Returns:

true if the component has been correctly initialized.

login

public void login(AuthenticationContext ctxt)
           throws java.io.IOException

Authenticate a member.
This method is invoked by the authentication chain on each request.
A typical implementation of this method would follow the following pattern :

1. Examine informations required to perform the authentication through the AuthenticationContext object (request, response, login.. etc)
2. Perform your authentication before chain invokation and set the logged Member AuthenticationContext.setLoggedMember(com.jalios.jcms.Member)
3. a) Either invoke the next entity in the chain using AuthenticationContext.doChain(),
4. b) or else skip the chain invokation and block other authentication handler of the chain (do this with caution...)
5. Perform redirection, set information/warning/error message or any other process, after chain invokation, using AuthenticationContext.

Default implementation is to invoke the next handler in the chain.

Parameters:

ctxt - the AuthenticationContext used for this login

Throws:

java.io.IOException

Since:

jcms-5.7.0

canLogout

public boolean canLogout(javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response,
                         java.util.Locale userLocale,
                         Member loggedMember,
                         boolean isAuthorized)

This methods is invoked on all AuthenticationHandler, BEFORE a logout action, to check security context authorize the logout chain to be invoked.

Core implementation is to authorize logout only when a valid CSRF token was received (since JCMS-8092).
Each AuthenticationHandler SSO may authorize logout under additionnal circumstances by implementing this method.

Default implementation is to return the samed isAuthorized value received in parameter.

Parameters:

request - the current HttpServletRequest being processed

response - the HttpServletResponse bound to current request

userLocale - the current Locale guessed from browser preference or session

loggedMember - the member currently logged in

isAuthorized - true if logout has been authorized by default JCMS behavior or by any other AuthenticationHandler, false otherwise

Returns:

the authorization state decided by your handler (default implementation is to return the isAuthorized parameter value)

Since:

jcms-10.0.5 / JCMS-8093

logout

public void logout(AuthenticationContext ctxt)
            throws java.io.IOException

This methods is called when users logout from JCMS.
It may not be called if user simply close its browser. Don't rely on this for critical operation

Default implementation is to invoke the next handler in the chain.

Parameters:

ctxt - the AuthenticationContext used for this login

Throws:

java.io.IOException

Since:

jcms-5.7.0

compareTo

public final int compareTo(AuthenticationHandler authHdlr)

Compare this object with the specified AuthenticationHandler for order.

Specified by:

compareTo in interface java.lang.Comparable<AuthenticationHandler>

Parameters:

authHdlr - the AuthenticationHandler to be compared.

Since:

jcms-5.7.0

See Also:

Comparable.compareTo(java.lang.Object)

equals

public final boolean equals(java.lang.Object obj)

Indicates wheter some other object is "equal to" this one. The comparison is performed with compareTo() method.

Overrides:

equals in class java.lang.Object

Parameters:

obj - the Object to be compared.

getOrder

public int getOrder()

Retrieve the order used by this AuthenticationHandler. This value is used by the natural comparator of AuthenticationHandler to provides the ordering in any AuthenticationHandler collection, specially the collection of handler managed by AuthenticationManager.

Returns:

an int indicating the order relative to other handlers.

setOrder

public void setOrder(int order)

Modify the order used by this AuthenticationHandler. This value is used by the natural comparator of AuthenticationHandler to provides the ordering in any AuthenticationHandler collection, specially the collection of handler managed by AuthenticationManager.

Parameters:

order - the new order to use for this AuthenticationHandler