public class KerberosCredentialProvider extends AbstractCredentialProvider implements NonBlockingCredentialProvider, Contextualizable
Modifier and Type | Field and Description |
---|---|
protected static String |
__LOGIN_CONF_FILE
Name of the login config file
|
protected static String |
__PARAM_IPRESTRICTION
Name of the parameter holding the regexp to match ip adresses
|
protected static String |
__PARAM_KDC
Name of the parameter holding the authentication server kdc adress
|
protected static String |
__PARAM_LOGIN
Name of the parameter holding the ametys login
|
protected static String |
__PARAM_PASSWORD
Name of the parameter holding the ametys password
|
protected static String |
__PARAM_REALM
Name of the parameter holding the authentication server realm
|
protected static String |
__SESSION_ATTRIBUTE_GSSCONTEXT
Kerberos context
|
protected static String |
__SKIP_KERBEROS_URL
The url to redirect to skip kerberos current authentication
|
private Context |
_context |
private GSSCredential |
_gssCredential |
private Pattern |
_ipRestriction |
Constructor and Description |
---|
KerberosCredentialProvider() |
Modifier and Type | Method and Description |
---|---|
private boolean |
_isIPAuthorized(Request request) |
void |
contextualize(Context context) |
static LoginContext |
createLoginContext(String kdc,
String realm,
String login,
String password,
Context context)
Create a logged in LoginContext for Kerberos
|
void |
init(String id,
String cpModelId,
Map<String,Object> paramValues,
String label)
Initialize the credential provider with given parameters' values.
|
UserIdentity |
nonBlockingGetUserIdentity(Redirector redirector)
Method called by AuthenticateAction each time a request need
authentication.
|
boolean |
nonBlockingGrantAnonymousRequest()
Method called by AuthenticateAction before asking for credentials.
|
boolean |
nonBlockingIsStillConnected(UserIdentity userIdentity,
Redirector redirector)
Validates that the user specify is still connected
|
void |
nonBlockingUserAllowed(UserIdentity userIdentity)
Method called by AuthenticateAction after authentication process succeeded
|
void |
nonBlockingUserNotAllowed(Redirector redirector)
Method called by AuthenticateAction each a user could not get
authenticated.
|
equals, getCredentialProviderModelId, getId, getLabel, getParameterValues, hashCode
getLogger, setLogger
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait
getCredentialProviderModelId, getId, getLabel, getParameterValues, getUserIdentity, grantAnonymousRequest, isStillConnected, userAllowed, userNotAllowed
protected static final String __PARAM_KDC
protected static final String __PARAM_REALM
protected static final String __PARAM_LOGIN
protected static final String __PARAM_PASSWORD
protected static final String __PARAM_IPRESTRICTION
protected static final String __LOGIN_CONF_FILE
protected static final String __SKIP_KERBEROS_URL
protected static final String __SESSION_ATTRIBUTE_GSSCONTEXT
private GSSCredential _gssCredential
private Pattern _ipRestriction
public KerberosCredentialProvider()
public void contextualize(Context context) throws ContextException
contextualize
in interface Contextualizable
ContextException
public static LoginContext createLoginContext(String kdc, String realm, String login, String password, Context context) throws IOException, LoginException, ContextException
kdc
- The key distribution centerrealm
- The realmlogin
- The identifier of a user to the kdcpassword
- The associated passwordcontext
- The avalong contextIOException
- If an error occurred while creating a temporary configuration file on the diskLoginException
- If the login process failedContextException
- If an error occurred while getting cocoon environment from contextpublic void init(String id, String cpModelId, Map<String,Object> paramValues, String label)
CredentialProvider
init
in interface CredentialProvider
init
in class AbstractCredentialProvider
id
- The unique identifiercpModelId
- The id of credential provider extension pointparamValues
- The parameters' valueslabel
- The specific label of this instance. Can be nullpublic boolean nonBlockingIsStillConnected(UserIdentity userIdentity, Redirector redirector) throws Exception
NonBlockingCredentialProvider
nonBlockingIsStillConnected
in interface NonBlockingCredentialProvider
userIdentity
- the user previously correctly identified with this credential providerredirector
- The cocoon redirectorException
- If an error occurredpublic boolean nonBlockingGrantAnonymousRequest()
NonBlockingCredentialProvider
nonBlockingGrantAnonymousRequest
in interface NonBlockingCredentialProvider
public UserIdentity nonBlockingGetUserIdentity(Redirector redirector) throws Exception
NonBlockingCredentialProvider
nonBlockingGetUserIdentity
in interface NonBlockingCredentialProvider
redirector
- the cocoon redirector.UserIdentity
corresponding to the user (with or without population specified), or null if user could not get authenticated.Exception
- if something wrong occursprivate boolean _isIPAuthorized(Request request)
public void nonBlockingUserNotAllowed(Redirector redirector) throws Exception
NonBlockingCredentialProvider
nonBlockingUserNotAllowed
in interface NonBlockingCredentialProvider
redirector
- the cocoon Redirector that can be used for redirecting response.Exception
- if something wrong occurspublic void nonBlockingUserAllowed(UserIdentity userIdentity)
NonBlockingCredentialProvider
nonBlockingUserAllowed
in interface NonBlockingCredentialProvider
userIdentity
- The user correctly connected