public class AuthenticateAction extends ServiceableAction implements ThreadSafe, Initializable
CredentialProvider
define the authentication method and retrieves Credentials
.Credentials
.Modifier and Type | Class and Description |
---|---|
protected static class |
AuthenticateAction.TOKEN_MODE
The token mode of this authentication action
|
Modifier and Type | Field and Description |
---|---|
protected Collection<Pattern> |
_acceptedUrlPatterns
url requires for authentication
|
protected AuthenticationTokenManager |
_authenticateTokenManager
The authentication token manager
|
protected CurrentUserProvider |
_currentUserProvider
The current user provider
|
protected ObservationManager |
_observationManager
The observation manager
|
protected PopulationContextHelper |
_populationContextHelper
The helper for the associations population/context
|
protected UserManager |
_userManager
The user manager
|
protected UserPopulationDAO |
_userPopulationDAO
The DAO for user populations
|
protected static String |
PARAMETERS_PARAMETER_TOKEN
The sitemap parameter holding the token
|
static String |
REQUEST_ATTRIBUTE_AUTHENTICATED
The request attribute name for indicating that the authentication process has been made.
|
static String |
REQUEST_ATTRIBUTE_AVAILABLE_USER_POPULATIONS_LIST
The request attribute name for transmitting the list of user populations
|
protected static String |
REQUEST_ATTRIBUTE_CONTEXTS
The request attribute name for transmitting the list of contexts
|
protected static String |
REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_INDEX
The request attribute name for transmitting the index in the list of chosen credential provider
|
protected static String |
REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_LIST
The request attribute name for transmitting a boolean that tell if there is a list of credential provider to choose
|
static String |
REQUEST_ATTRIBUTE_GRANTED
The request attribute meaning that the request was not authenticated but granted
|
static String |
REQUEST_ATTRIBUTE_INTERNAL_ALLOWED
The request attribute to allow internal action from an internal request.
|
protected static String |
REQUEST_ATTRIBUTE_INVALID_POPULATION
The request attribute name for transmitting the potential list of user populations to the login screen .
|
static String |
REQUEST_ATTRIBUTE_LOGIN_URL
The request attribute name for transmitting the login page url
|
protected static String |
REQUEST_ATTRIBUTE_SHOULD_DISPLAY_USER_POPULATIONS_LIST
The request attribute name to know if user population list should be proposed
|
static String |
REQUEST_ATTRIBUTE_USER_POPULATION_ID
The request attribute name for transmitting the currently chosen user population
|
static String |
REQUEST_PARAMETER_CREDENTIALPROVIDER_INDEX
Name of the credential provider index HTML field
|
static String |
REQUEST_PARAMETER_POPULATION_NAME
Name of the user population HTML field
|
static String |
REQUEST_PARAMETER_TOKEN
The request parameter holding the token
|
protected static String |
SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX
The session attribute name for storing the credential provider index of the authentication (during connection process)
|
protected static String |
SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX_LASTBLOCKINGKNOWN
The session attribute name for storing the last known credential provider index of the authentication (during connection process)
|
protected static String |
SESSION_CONNECTING_CREDENTIALPROVIDER_MODE
The session attribute name for storing the credential provider mode of the authentication: non-blocking=>false, blocking=>true (during connection process)
|
protected static String |
SESSION_CONNECTING_USERPOPULATION_ID
The session attribute name for storing the id of the user population (during connection process)
|
protected static String |
SESSION_CREDENTIALPROVIDER
The session attribute name for storing the credential provider of the authentication
|
protected static String |
SESSION_CREDENTIALPROVIDER_MODE
The session attribute name for storing the credential provider mode of the authentication: non-blocking=>false, blocking=>true
|
protected static String |
SESSION_USERIDENTITY
The session attribute name for storing the identity of the connected user
|
protected static String |
SITEMAP_PARAMETER_TOKEN_MODE
The sitemap parameter to set the token mode of the action
|
manager
EMPTY_MAP
Constructor and Description |
---|
AuthenticateAction() |
Modifier and Type | Method and Description |
---|---|
protected boolean |
_acceptedUrl(Request request)
Determine if the request is one of the authentication process (except the credential providers)
|
private Map |
_displayBlockingList(Redirector redirector,
Request request,
List<CredentialProvider> credentialProviders) |
protected boolean |
_doProcess(Request request,
boolean runningBlockingkMode,
CredentialProvider runningCredentialProvider,
Redirector redirector,
List<UserPopulation> userPopulations)
Try to authenticate with this credential provider in this mode
|
protected Set<String> |
_getAvailableUserPopulationsIds(Request request,
List<String> contexts)
Get the available populations for the given contexts
|
protected String |
_getChosenUserPopulationId(Request request,
List<UserPopulation> availableUserPopulations)
Get the population for the given context
|
protected List<String> |
_getContexts(Request request,
Parameters parameters)
Get the authentication context
|
protected CredentialProvider |
_getCredentialProviderFromSession(Request request)
Get the credential provider used for the current connection
|
protected Boolean |
_getCredentialProviderModeFromSession(Request request)
Get the credential provider mode used for the current connection
|
protected int |
_getCurrentCredentialProviderIndex(Request request,
List<CredentialProvider> availableCredentialProviders)
Get the current credential provider index or -1 if there no running provider
|
protected Integer |
_getCurrentCredentialProviderIndexFromParameter(Request request)
Get the current credential provider index or -1 if there no running provider FROM REQUEST PARAMETER
|
private BlockingCredentialProvider |
_getFirstBlockingCredentialProvider(List<CredentialProvider> credentialProviders) |
protected String |
_getTokenFromRequest(Request request)
Get the token from the request
|
private AuthenticateAction.TOKEN_MODE |
_getTokenMode(Parameters parameters) |
protected UserIdentity |
_getUserIdentity(List<UserPopulation> userPopulations,
UserIdentity potentialUserIdentity,
Redirector redirector,
boolean runningBlockingkMode,
CredentialProvider runningCredentialProvider)
Check the authentications of the authentication manager
|
protected UserIdentity |
_getUserIdentityFromSession(Request request)
Get the user identity of the connected user from the session
|
protected boolean |
_handleAuthenticationToken(Request request,
Parameters parameters)
Authenticate a user using the token in request (if configured so)
|
protected boolean |
_handleLogout(Redirector redirector,
Map objectModel,
String source,
Parameters parameters)
Test if user wants to logout and handle it
|
protected boolean |
_hasCredentialProviders(List<UserPopulation> userPopulations)
Determine if there is a list of credential providers to use
|
protected boolean |
_internalRequest(Request request)
Determine if the request is internal and do not need authentication
|
protected boolean |
_isCurrentCredentialProviderInBlockingMode(Request request)
If there is a running credential provider, was it in non-blocking or blocking mode?
|
protected boolean |
_preFlightCheck(Redirector redirector,
SourceResolver resolver,
Map objectModel,
String source,
Parameters parameters)
Prepare authentication
|
protected boolean |
_prepareUserPopulationsAndCredentialProviders(Request request,
Parameters parameters,
Redirector redirector,
List<UserPopulation> chosenUserPopulations,
List<CredentialProvider> credentialProviders)
Fill the list of available users populations and credential providers
|
protected boolean |
_process(Request request,
boolean runningBlockingkMode,
CredentialProvider runningCredentialProvider,
int runningCredentialProviderIndex,
Redirector redirector,
List<UserPopulation> userPopulations)
Try to authenticate with this credential provider in this mode.
|
protected static void |
_resetConnectingStateToSession(Request request)
Reset the connecting information in session
|
protected void |
_saveConnectingStateToSession(Request request,
int runningCredentialProviderIndex,
boolean runningBlockingkMode)
When the process end successfully, save the state
|
private void |
_saveLastKnownBlockingCredentialProvider(Request request,
int runningCredentialProviderIndex) |
protected void |
_setUserIdentityInSession(Request request,
UserIdentity userIdentity,
CredentialProvider credentialProvider,
boolean blockingMode)
Save user identity in request
|
private boolean |
_shouldRunFirstBlockingCredentialProvider(int runningCredentialProviderIndex,
List<CredentialProvider> credentialProviders,
Request request,
List<UserPopulation> chosenUserPopulations) |
protected boolean |
_validateCurrentlyConnectedUser(Request request,
Redirector redirector,
Parameters parameters)
This method ensure that there is a currently connected user and that it is still valid
|
protected void |
_validateCurrentlyConnectedUserIsInAuthorizedPopulation(UserIdentity userCurrentlyConnected,
Request request,
Parameters parameters)
This method is the second part of the process that ensure that there is a currently connected user and that it is still valid
|
protected UserIdentity |
_validateToken(String token)
Validate the given token
|
Map |
act(Redirector redirector,
SourceResolver resolver,
Map objectModel,
String source,
Parameters parameters) |
static CredentialProvider |
getCredentialProviderFromSession(Request request)
Get the credential provider used for the current connection
|
static Boolean |
getCredentialProviderModeFromSession(Request request)
Get the credential provider mode used for the current connection
|
protected String |
getLoginURL(Request request)
Get the url for the redirector to display the login screen
|
protected String |
getLoginURLParameters(Request request,
String baseURL)
Get the url for the redirector to display the login screen
|
protected String |
getLogoutURL(Request request)
Get the url for the redirector to display the logout screen
|
static UserIdentity |
getUserIdentityFromSession(Request request)
Get the user identity of the connected user from the session
|
void |
initialize() |
static void |
setUserIdentityInSession(Request request,
UserIdentity userIdentity,
CredentialProvider credentialProvider,
boolean blockingMode)
Save user identity in request
|
static void |
skipCurrentCredentialProvider(Request request)
Call this to skip the currently used credential provider and proceed to the next one.
|
service
enableLogging, getLogger, setupLogger, setupLogger, setupLogger
public static final String REQUEST_ATTRIBUTE_INTERNAL_ALLOWED
public static final String REQUEST_ATTRIBUTE_GRANTED
public static final String REQUEST_ATTRIBUTE_AVAILABLE_USER_POPULATIONS_LIST
public static final String REQUEST_ATTRIBUTE_USER_POPULATION_ID
public static final String REQUEST_ATTRIBUTE_LOGIN_URL
public static final String REQUEST_PARAMETER_POPULATION_NAME
public static final String REQUEST_PARAMETER_CREDENTIALPROVIDER_INDEX
public static final String REQUEST_ATTRIBUTE_AUTHENTICATED
public static final String REQUEST_PARAMETER_TOKEN
protected static final String REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_LIST
protected static final String REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_INDEX
protected static final String REQUEST_ATTRIBUTE_SHOULD_DISPLAY_USER_POPULATIONS_LIST
protected static final String REQUEST_ATTRIBUTE_INVALID_POPULATION
protected static final String REQUEST_ATTRIBUTE_CONTEXTS
protected static final String SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX
protected static final String SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX_LASTBLOCKINGKNOWN
protected static final String SESSION_CONNECTING_CREDENTIALPROVIDER_MODE
protected static final String SESSION_CONNECTING_USERPOPULATION_ID
protected static final String SESSION_CREDENTIALPROVIDER
protected static final String SESSION_CREDENTIALPROVIDER_MODE
protected static final String SESSION_USERIDENTITY
protected static final String SITEMAP_PARAMETER_TOKEN_MODE
protected static final String PARAMETERS_PARAMETER_TOKEN
protected UserPopulationDAO _userPopulationDAO
protected UserManager _userManager
protected PopulationContextHelper _populationContextHelper
protected CurrentUserProvider _currentUserProvider
protected Collection<Pattern> _acceptedUrlPatterns
protected AuthenticationTokenManager _authenticateTokenManager
protected ObservationManager _observationManager
public AuthenticateAction()
public void initialize() throws Exception
initialize
in interface Initializable
Exception
public Map act(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters) throws Exception
protected boolean _preFlightCheck(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters) throws Exception
redirector
- The redirectorresolver
- The source resolverobjectModel
- The object modelsource
- The sourceparameters
- The action parameterstrue
if a user was authenticated, false
otherwiseException
- if failed to prepare the authenticationprotected boolean _handleAuthenticationToken(Request request, Parameters parameters)
request
- The requestparameters
- The action parametersprotected String _getTokenFromRequest(Request request)
request
- The requestprotected UserIdentity _validateToken(String token)
token
- The non empty token to validateprivate AuthenticateAction.TOKEN_MODE _getTokenMode(Parameters parameters)
private void _saveLastKnownBlockingCredentialProvider(Request request, int runningCredentialProviderIndex)
private Map _displayBlockingList(Redirector redirector, Request request, List<CredentialProvider> credentialProviders) throws IOException, ProcessingException, AuthorizationRequiredException
private boolean _shouldRunFirstBlockingCredentialProvider(int runningCredentialProviderIndex, List<CredentialProvider> credentialProviders, Request request, List<UserPopulation> chosenUserPopulations)
private BlockingCredentialProvider _getFirstBlockingCredentialProvider(List<CredentialProvider> credentialProviders)
protected boolean _prepareUserPopulationsAndCredentialProviders(Request request, Parameters parameters, Redirector redirector, List<UserPopulation> chosenUserPopulations, List<CredentialProvider> credentialProviders) throws ProcessingException, IOException
request
- The requestparameters
- The action parametersredirector
- The cocoon redirectorchosenUserPopulations
- An empty non-null list to fill with with chosen populationscredentialProviders
- An empty non-null list to fill with chosen credential providersIOException
- If an error occurredProcessingException
- If an error occurredprotected String getLoginURL(Request request)
request
- The requestprotected String getLoginURLParameters(Request request, String baseURL)
request
- The requestbaseURL
- The url to complete with parametersprotected String getLogoutURL(Request request)
request
- The requestprotected boolean _hasCredentialProviders(List<UserPopulation> userPopulations)
userPopulations
- The list of applicable user populationsprotected Set<String> _getAvailableUserPopulationsIds(Request request, List<String> contexts)
request
- The requestcontexts
- The contextsprotected String _getChosenUserPopulationId(Request request, List<UserPopulation> availableUserPopulations)
request
- The requestavailableUserPopulations
- The available users populationsprotected boolean _process(Request request, boolean runningBlockingkMode, CredentialProvider runningCredentialProvider, int runningCredentialProviderIndex, Redirector redirector, List<UserPopulation> userPopulations) throws Exception
request
- The requestrunningBlockingkMode
- false for non-blocking mode, true for blocking moderunningCredentialProvider
- the Credential provider to testrunningCredentialProviderIndex
- The index of the currently tested credential providerredirector
- The cocoon redirectoruserPopulations
- The list of possible user populationsException
- If an error occurredprotected boolean _doProcess(Request request, boolean runningBlockingkMode, CredentialProvider runningCredentialProvider, Redirector redirector, List<UserPopulation> userPopulations) throws Exception
request
- The requestrunningBlockingkMode
- false for non-blocking mode, true for blocking moderunningCredentialProvider
- the Credential provider to testredirector
- The cocoon redirectoruserPopulations
- The list of possible user populationsException
- If an error occurredprotected static void _resetConnectingStateToSession(Request request)
request
- The requestprotected void _saveConnectingStateToSession(Request request, int runningCredentialProviderIndex, boolean runningBlockingkMode)
request
- The requestrunningBlockingkMode
- false for non-blocking mode, true for blocking moderunningCredentialProviderIndex
- the currently tested credential providerprotected void _setUserIdentityInSession(Request request, UserIdentity userIdentity, CredentialProvider credentialProvider, boolean blockingMode)
request
- The requestuserIdentity
- The useridentity to savecredentialProvider
- The credential provider used to connectblockingMode
- The mode used for the credential providerpublic static void setUserIdentityInSession(Request request, UserIdentity userIdentity, CredentialProvider credentialProvider, boolean blockingMode)
request
- The requestuserIdentity
- The useridentity to savecredentialProvider
- The credential provider used to connectblockingMode
- The mode used for the credential providerprotected UserIdentity _getUserIdentityFromSession(Request request)
request
- The requestpublic static UserIdentity getUserIdentityFromSession(Request request)
request
- The requestprotected CredentialProvider _getCredentialProviderFromSession(Request request)
request
- The requestpublic static CredentialProvider getCredentialProviderFromSession(Request request)
request
- The requestprotected Boolean _getCredentialProviderModeFromSession(Request request)
request
- The requestpublic static Boolean getCredentialProviderModeFromSession(Request request)
request
- The requestprotected boolean _isCurrentCredentialProviderInBlockingMode(Request request)
request
- The requestpublic static void skipCurrentCredentialProvider(Request request)
request
- The requestprotected Integer _getCurrentCredentialProviderIndexFromParameter(Request request)
request
- The requestprotected int _getCurrentCredentialProviderIndex(Request request, List<CredentialProvider> availableCredentialProviders)
request
- The requestavailableCredentialProviders
- The list of available credential providerprotected List<String> _getContexts(Request request, Parameters parameters)
request
- The requestparameters
- The action parametersIllegalArgumentException
- If there is no context setprotected boolean _internalRequest(Request request)
request
- The requestprotected boolean _acceptedUrl(Request request)
request
- The requestprotected boolean _validateCurrentlyConnectedUser(Request request, Redirector redirector, Parameters parameters) throws Exception
request
- The requestredirector
- The cocoon redirectorparameters
- The action parametersException
- if an error occurredprotected void _validateCurrentlyConnectedUserIsInAuthorizedPopulation(UserIdentity userCurrentlyConnected, Request request, Parameters parameters)
userCurrentlyConnected
- The user to testrequest
- The requestparameters
- The action parametersprotected boolean _handleLogout(Redirector redirector, Map objectModel, String source, Parameters parameters) throws Exception
redirector
- The cocoon redirectorobjectModel
- The cocoon object modelsource
- The sitemap sourceparameters
- The sitemap parametersException
- if an error occurredprotected UserIdentity _getUserIdentity(List<UserPopulation> userPopulations, UserIdentity potentialUserIdentity, Redirector redirector, boolean runningBlockingkMode, CredentialProvider runningCredentialProvider) throws Exception
userPopulations
- The list of available matching populationsredirector
- The cocoon redirectorrunningBlockingkMode
- false for non-blocking mode, true for blocking moderunningCredentialProvider
- The Credential provider to testpotentialUserIdentity
- A possible user identity. Population can be null. User may not exist either.Exception
- If an error occurredAccessDeniedException
- If the user is rejected