Package com.jalios.jcms.authentication.handlers

Class AuthKeyAuthenticationHandler

  • All Implemented Interfaces:
    PluginComponent, java.lang.Comparable<AuthenticationHandler>
    public class AuthKeyAuthenticationHandler
extends AuthenticationHandler
    Authenticates users using an "authentication key" parameter valid only for the request for which it is processed.

    The Authentication key parameter name can be configured by changing property "auth-mgr.authkey-name", see getAuthKeyName().
    Default duration of AuthenticationKey can be configured by changing property "auth-mgr.authkey-duration", see getDefaultAuthKeyDuration().

    Since:
    jcms-5.7.4
    Author:
    Olivier Jaquemet

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      static Member checkAuthenticationFromAuthKey​(javax.servlet.http.HttpServletRequest request)
      Returns the member corresponding to the credentials given in the authkey parameter, if any.
      static java.lang.String getAuthKeyName()
      Retrieves the authentication key parameter name.
      Default is "authKey" and can be changed using property "auth-mgr.authkey-name".
      static java.lang.String getAuthKeyServerSeed()
      Retrieves the server seed used in auth key digest.
      Default is "" and can be changed using property "auth-mgr.authkey-server-seed".
      static java.lang.String getAuthKeyValue​(java.lang.String url, Member member)
      Retrieves a valid authentication key parameter value for the specified URL.
      static java.lang.String getAuthKeyValue​(java.lang.String url, Member member, long duration)
      Retrieves a valid authentication key parameter value for the specified URL.
      static java.lang.String getAuthKeyValue​(java.lang.String url, Member member, AccessTokenOptions options)
      Retrieves a new authentication key value for the specified options.
      static java.lang.String getAuthKeyValue​(java.lang.String url, Member member, AuthKeyHints hints)
      Deprecated.
      use getAuthKeyValue(String, Member, AccessTokenOptions)
      static long getDefaultAuthKeyDuration()
      Retrieves the default authentication key duration (expiration time) to be used when no expiration duration as been specified.
      Default is one year and can be changed using property "auth-mgr.authkey-duration".
      Warning : this default duration is only used when developper did not specified an explicit duration when generating the authkey value or url.
      static AuthKeyAuthenticationHandler getInstance()  
      static java.lang.String getUrlWithAddedAuthKeyParam​(java.lang.String url, Member member)
      Append a valid authentication key parameter name/value to the specified URL.
      static java.lang.String getUrlWithAddedAuthKeyParam​(java.lang.String url, Member member, long duration)
      Append a valid authentication key parameter name/value to the specified URL.
      static java.lang.String getUrlWithAddedAuthKeyParam​(java.lang.String url, Member member, long duration, boolean escapeAmpersand)
      Append a valid authentication key parameter name/value to the specified URL.
      static java.lang.String getUrlWithAddedAuthKeyParam​(java.lang.String url, Member member, AccessTokenOptions options, boolean escapeAmpersand)
      Append a valid authentication key parameter name/value to the specified URL.
      static java.lang.String getUrlWithAddedAuthKeyParam​(java.lang.String url, Member member, AuthKeyHints hints, boolean escapeAmpersand)
      Deprecated.
      use getUrlWithAddedAuthKeyParam(String, Member, AccessTokenOptions, boolean)
      static java.lang.String getUrlWithAddedAuthKeyParam​(java.lang.String url, java.lang.String authKeyValue, boolean escapeAmpersand)
      Append the specified authentication key value as paramater.
      static java.lang.String getUrlWithAddedAuthKeyParam​(javax.servlet.http.HttpServletRequest request, Member member)
      Retrieve the absolute url of the specified request with a valid authentication key parameter name/value appended.
      static java.lang.String getUrlWithAddedAuthKeyParam​(javax.servlet.http.HttpServletRequest request, Member member, long duration)
      Retrieve the absolute url of the specified request with a valid authentication key parameter name/value appended.
      static boolean isAuthenticatedWithAuthKey​(javax.servlet.http.HttpServletRequest request)
      Check if the specified request was authenticated using an AuthKey
      static Member isValidAuthKey​(java.lang.String url, java.lang.String authKey, javax.servlet.http.HttpServletRequest request)
      Checks if the given auth key is valid and if it is, returns the member to login.
      static Member isValidAuthKey​(java.lang.String url, java.lang.String authKey, javax.servlet.http.HttpServletRequest request, AuthenticationContext ctxt)
      Checks if the given auth key is valid and if it is, returns the member to login.
      void loadProperties()
      This method will be called by the AuthenticationManager each time the Channel properties are loaded/reloaded.
      You can use it to reload properties that might have been changed.
      This method is called during initialization of the AuthenticationManager
      void login​(AuthenticationContext ctxt)
      Authenticate a member.

      • Methods inherited from class java.lang.Object

        clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • AUTHKEY_HTTP_HEADER_NAME

        public static final java.lang.String AUTHKEY_HTTP_HEADER_NAME
        Name of the HTTP header providing authentication through authkey (without query parameter).
        Since:
        JCMS-3953 (value modified since JCMS-10153)
        See Also:
        Constant Field Values

      • AUTHKEY_HTTP_HEADER_NAME_LEGACY

        @Deprecated(since="10.0.8",
            forRemoval=true)
public static final java.lang.String AUTHKEY_HTTP_HEADER_NAME_LEGACY
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 10.0.8 (JCMS-10153), will be removed in 11 (JCMS-10155), use
        Name of the legacy HTTP header "JaliosJCMS-AuthKey" providing authentication through authkey (without query parameter).
        Since:
        JCMS-10153
        See Also:
        Constant Field Values

      • ORDER_AUTHKEY_HANDLER

        public static final int ORDER_AUTHKEY_HANDLER
        Order used by the AuthKeyAuthenticationHandler
        See Also:
        Constant Field Values

    • Method Detail

      • loadProperties

        public void loadProperties()
        Description copied from class: AuthenticationHandler
        This method will be called by the AuthenticationManager each time the Channel properties are loaded/reloaded.
        You can use it to reload properties that might have been changed.
        This method is called during initialization of the AuthenticationManager
        Overrides:
        loadProperties in class AuthenticationHandler

      • login

        public void login​(AuthenticationContext ctxt)
           throws java.io.IOException
        Description copied from class: AuthenticationHandler
        Authenticate a member.
        This method is invoked by the authentication chain on each request.
        A typical implementation of this method would follow the following pattern :
        1. Examine informations required to perform the authentication through the AuthenticationContext object (request, response, login.. etc)
        2. Perform your authentication before chain invokation and set the logged Member AuthenticationContext.setLoggedMember(com.jalios.jcms.Member)
        3. a) Either invoke the next entity in the chain using AuthenticationContext.doChain(),
        4. b) or else skip the chain invokation and block other authentication handler of the chain (do this with caution...)
        5. Perform redirection, set information/warning/error message or any other process, after chain invokation, using AuthenticationContext.

        Default implementation is to invoke the next handler in the chain.
        Overrides:
        login in class AuthenticationHandler
        Parameters:
        ctxt - the AuthenticationContext used for this login
        Throws:
        java.io.IOException

      • isAuthenticatedWithAuthKey

        public static boolean isAuthenticatedWithAuthKey​(javax.servlet.http.HttpServletRequest request)
        Check if the specified request was authenticated using an AuthKey
        Parameters:
        request - the current HttpServletRequest, may be null
        Returns:
        true if request was authenticated with autkey, false otherwise
        Since:
        jcms-7.1

      • checkAuthenticationFromAuthKey

        public static final Member checkAuthenticationFromAuthKey​(javax.servlet.http.HttpServletRequest request)
        Returns the member corresponding to the credentials given in the authkey parameter, if any.
        Parameters:
        request - the request where to look for authkey param
        Returns:
        the authenticated member or null if not found
        Since:
        jcms-5.7.4

      • getUrlWithAddedAuthKeyParam

        public static final java.lang.String getUrlWithAddedAuthKeyParam​(javax.servlet.http.HttpServletRequest request,
                                                                 Member member)
        Retrieve the absolute url of the specified request with a valid authentication key parameter name/value appended. The default duration is used.

        If the specified member is null, the url of the request is returned.

        If there are existing parameter(s) to the specified request, the html entity &amp; will be used for the ampersand required to append the parameter.

        Parameters:
        request - the request for which an authentication key will be computed
        member - the member that will be allowed to access the resource of the specified url
        Returns:
        an absolute URL with the added authentication key value that can be used to access the exact same URL without being logged,
        Throws:
        java.lang.IllegalArgumentException - if request is null
        Since:
        jcms-5.7.4

      • getUrlWithAddedAuthKeyParam

        public static final java.lang.String getUrlWithAddedAuthKeyParam​(javax.servlet.http.HttpServletRequest request,
                                                                 Member member,
                                                                 long duration)
        Retrieve the absolute url of the specified request with a valid authentication key parameter name/value appended. The default duration is used.

        If the specified member is null, the url of the request is returned.

        If there are existing parameter(s) to the specified request, the html entity &amp; will be used for the ampersand required to append the parameter.

        Parameters:
        request - the request for which an authentication key will be computed
        member - the member that will be allowed to access the resource of the specified url
        duration - a duration (in millisecond) after which the returned authkey will be expired (no longer valid). If set to 0, no expiration is used, if set to -1 (or any negative number) default expiration time is used.
        Returns:
        an absolute URL with the added authentication key value that can be used to access the exact same URL without being logged,
        Throws:
        java.lang.IllegalArgumentException - if request is null
        Since:
        jcms-5.7.4

      • getUrlWithAddedAuthKeyParam

        public static final java.lang.String getUrlWithAddedAuthKeyParam​(java.lang.String url,
                                                                 Member member)
        Append a valid authentication key parameter name/value to the specified URL.

        If the specified member is null, the url is returned untouched.

        If there are existing parameter(s) to the specified url, the html entity &amp; will be used for the ampersand required to append the parameter.

        Parameters:
        url - the absolute URL for which an authentication key will be computed
        member - the member that will be allowed to access the resource of the specified url
        Returns:
        an absolute URL with the added authentication key value that can be used to access the exact same URL without being logged,
        Throws:
        java.lang.IllegalArgumentException - if url is null
        Since:
        jcms-5.7.4

      • getUrlWithAddedAuthKeyParam

        public static final java.lang.String getUrlWithAddedAuthKeyParam​(java.lang.String url,
                                                                 Member member,
                                                                 long duration)
        Append a valid authentication key parameter name/value to the specified URL.

        If the specified member is null, the url is returned untouched.

        If there are existing parameter(s) to the specified url, the html entity &amp; will be used for the ampersand required to append the parameter.

        Parameters:
        url - the absolute URL for which an authentication key will be computed
        member - the member that will be allowed to access the resource of the specified url
        duration - a duration (in millisecond) after which the returned authkey will be expired (no longer valid). If set to 0, no expiration is used, if set to -1 (or any negative number) default expiration time is used.
        Returns:
        an absolute URL with the added authentication key value that can be used to access the exact same URL without being logged
        Throws:
        java.lang.IllegalArgumentException - if url is null
        Since:
        jcms-5.7.4

      • getUrlWithAddedAuthKeyParam

        public static final java.lang.String getUrlWithAddedAuthKeyParam​(java.lang.String url,
                                                                 Member member,
                                                                 long duration,
                                                                 boolean escapeAmpersand)
        Append a valid authentication key parameter name/value to the specified URL.

        If the specified member is null, the url is returned untouched.

        Parameters:
        url - the absolute URL for which an authentication key will be computed
        member - the member that will be allowed to access the resource of the specified url
        duration - a duration (in millisecond) after which the returned authkey will be expired (no longer valid). If set to 0, no expiration is used, if set to -1 (or any negative number) default expiration time is used.
        escapeAmpersand - will use "&amp;" if true, "&" if false
        Returns:
        an absolute URL with the added authentication key value that can be used to access the exact same URL without being logged
        Throws:
        java.lang.IllegalArgumentException - if url is null
        Since:
        jcms-5.7.4

      • getUrlWithAddedAuthKeyParam

        public static final java.lang.String getUrlWithAddedAuthKeyParam​(java.lang.String url,
                                                                 Member member,
                                                                 AuthKeyHints hints,
                                                                 boolean escapeAmpersand)
        Deprecated.
        use getUrlWithAddedAuthKeyParam(String, Member, AccessTokenOptions, boolean)
        Append a valid authentication key parameter name/value to the specified URL.

        If the specified member is null, the url is returned untouched.

        Parameters:
        url - the absolute URL for which an authentication key will be computed
        member - the member that will be allowed to access the resource of the specified url
        hints - the specific parameters
        escapeAmpersand - will use "&amp;" if true, "&" if false
        Returns:
        an absolute URL with the added authentication key value that can be used to access the exact same URL without being logged
        Throws:
        java.lang.IllegalArgumentException - if url is null
        Since:
        jcms-6.0

      • getUrlWithAddedAuthKeyParam

        public static final java.lang.String getUrlWithAddedAuthKeyParam​(java.lang.String url,
                                                                 Member member,
                                                                 AccessTokenOptions options,
                                                                 boolean escapeAmpersand)
        Append a valid authentication key parameter name/value to the specified URL.

        If the specified member is null, the url is returned untouched.

        Parameters:
        url - the absolute URL for which an authentication key will be computed, MUST NOT be null
        member - the member that will be allowed to access the resource of the specified url, MUST NOT be null
        options - the autkey options, MUST NOT be null
        escapeAmpersand - will use "&amp;" if true, "&" if false
        Returns:
        an absolute URL with the added authentication key value that can be used to access the exact same URL without being logged
        Throws:
        java.lang.IllegalArgumentException - if url is null
        Since:
        10.0.8 / JCMS-4770

      • getUrlWithAddedAuthKeyParam

        public static final java.lang.String getUrlWithAddedAuthKeyParam​(java.lang.String url,
                                                                 java.lang.String authKeyValue,
                                                                 boolean escapeAmpersand)
        Append the specified authentication key value as paramater.
        Parameters:
        url - the absolute URL for which an authentication key will be computed
        authKeyValue - an existing authkey or a new authkey value generated with getAuthKeyValue(String, Member, AccessTokenOptions)
        escapeAmpersand - will use "&amp;" if true, "&" if false
        Returns:
        an absolute URL with the added authentication key value that can be used to access the exact same URL without being logged
        Throws:
        java.lang.IllegalArgumentException - if url is null
        Since:
        jcms-6.0

      • getDefaultAuthKeyDuration

        public static final long getDefaultAuthKeyDuration()
        Retrieves the default authentication key duration (expiration time) to be used when no expiration duration as been specified.
        Default is one year and can be changed using property "auth-mgr.authkey-duration".
        Warning : this default duration is only used when developper did not specified an explicit duration when generating the authkey value or url.
        Returns:
        a duration in milliseconds
        Since:
        jcms-5.7.4

      • getAuthKeyName

        public static final java.lang.String getAuthKeyName()
        Retrieves the authentication key parameter name.
        Default is "authKey" and can be changed using property "auth-mgr.authkey-name".
        Returns:
        the authentication key parameter name
        Since:
        jcms-5.7.4

      • getAuthKeyServerSeed

        public static final java.lang.String getAuthKeyServerSeed()
        Retrieves the server seed used in auth key digest.
        Default is "" and can be changed using property "auth-mgr.authkey-server-seed".
        Returns:
        the authentication key parameter name
        Since:
        jcms-8.0.0

      • getAuthKeyValue

        public static final java.lang.String getAuthKeyValue​(java.lang.String url,
                                                     Member member)
        Retrieves a valid authentication key parameter value for the specified URL. The default duration is used.
        Parameters:
        url - the absolute URL for which an authentication key will be computed
        member - the member that will be allowed to access the resource of the specified url, MUST NOT be null
        Returns:
        an authentication key value that can be used to access the exact same URL without being logged
        Throws:
        java.lang.IllegalArgumentException - if url or member is null
        Since:
        jcms-5.7.4

      • getAuthKeyValue

        public static final java.lang.String getAuthKeyValue​(java.lang.String url,
                                                     Member member,
                                                     long duration)
        Retrieves a valid authentication key parameter value for the specified URL.
        Parameters:
        url - the absolute URL for which an authentication key will be computed, MUST NOT be null
        member - the member that will be allowed to access the resource of the specified url, MUST NOT be null
        duration - a duration (in millisecond) after which the returned authkey will be expired (no longer valid). If set to 0, no expiration is used, if set to -1 (or any negative number) default expiration time is used.
        Returns:
        an authentication key value that can be used to access the exact same URL without being logged
        Throws:
        java.lang.IllegalArgumentException - if url or member is null
        Since:
        jcms-5.7.4

      • getAuthKeyValue

        public static final java.lang.String getAuthKeyValue​(java.lang.String url,
                                                     Member member,
                                                     AuthKeyHints hints)
        Deprecated.
        use getAuthKeyValue(String, Member, AccessTokenOptions)
        Retrieves a valid authentication key parameter value for the specified URL.
        Parameters:
        url - the absolute URL for which an authentication key will be computed, MUST NOT be null
        member - the member that will be allowed to access the resource of the specified url, MUST NOT be null
        hints - additional parameter set in this javabean
        Returns:
        an authentication key value that can be used to access the exact same URL without being logged
        Throws:
        java.lang.IllegalArgumentException - if url, member or options is null
        Since:
        jcms-5.7.4

      • getAuthKeyValue

        public static final java.lang.String getAuthKeyValue​(java.lang.String url,
                                                     Member member,
                                                     AccessTokenOptions options)
        Retrieves a new authentication key value for the specified options.
        Parameters:
        url - the absolute URL for which an authentication key will be computed, MUST NOT be null
        member - the member that will be allowed to access the resource of the specified url, MUST NOT be null
        options - options of the authkey, MUST NOT be null
        Returns:
        an authentication key value that can be used to access the URL without being logged
        Throws:
        java.lang.NullPointerException - if url or member is null
        Since:
        10.0.8 / JCMS-4770

      • isValidAuthKey

        public static final Member isValidAuthKey​(java.lang.String url,
                                          java.lang.String authKey,
                                          javax.servlet.http.HttpServletRequest request)
        Checks if the given auth key is valid and if it is, returns the member to login.
        Parameters:
        url - the absolute url against which the auth key will be checked
        authKey - the authentication key to checks
        request - the current request
        Returns:
        the Member authorized to login, or null otherwise
        Since:
        jcms-5.7.4

      • isValidAuthKey

        public static final Member isValidAuthKey​(java.lang.String url,
                                          java.lang.String authKey,
                                          javax.servlet.http.HttpServletRequest request,
                                          AuthenticationContext ctxt)
        Checks if the given auth key is valid and if it is, returns the member to login.
        Parameters:
        url - the absolute url against which the auth key will be checked
        authKey - the authentication key to checks
        request - the current request
        ctxt - the the current authentication context to inform of current state, may be null
        Returns:
        the Member authorized to login, or null otherwise
        Since:
        jcms-10.0.5 / JCMS-7956