Package org.ametys.core.authentication
Class AuthenticateAction
- java.lang.Object
-
- org.apache.avalon.framework.logger.AbstractLogEnabled
-
- org.apache.cocoon.acting.AbstractAction
-
- org.apache.cocoon.acting.ServiceableAction
-
- org.ametys.core.authentication.AuthenticateAction
-
- All Implemented Interfaces:
Initializable
,Component
,LogEnabled
,Serviceable
,ThreadSafe
,Action
- Direct Known Subclasses:
AdminAuthenticateAction
,AuthenticateAction
,AuthenticateAction
,BlockingCredentialProviderAction
,FrontAuthenticateAction
,WebAuthenticateAction
public class AuthenticateAction extends ServiceableAction implements ThreadSafe, Initializable
Cocoon action to perform authentication.
TheCredentialProvider
define the authentication method and retrievesCredentials
.
Finally, the Users instance extract the Principal corresponding to theCredentials
.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected static class
AuthenticateAction.TOKEN_MODE
The token mode of this authentication action
-
Field Summary
Fields Modifier and Type Field Description protected Collection<Pattern>
_acceptedUrlPatterns
url requires for authenticationprotected AuthenticationTokenManager
_authenticateTokenManager
The authentication token managerprotected CurrentUserProvider
_currentUserProvider
The current user providerprotected ObservationManager
_observationManager
The observation managerprotected PopulationContextHelper
_populationContextHelper
The helper for the associations population/contextprotected UserManager
_userManager
The user managerprotected UserPopulationDAO
_userPopulationDAO
The DAO for user populationsstatic String
HEADER_TOKEN
The header parameter that can be set to handle the tokenprotected static String
PARAMETERS_PARAMETER_TOKEN
The sitemap parameter holding the tokenprotected static String
PARAMETERS_PARAMETER_TOKEN_CONTEXT
The sitemap parameter holding the token contextstatic String
REQUEST_ATTRIBUTE_AUTHENTICATED
The request attribute name for indicating that the authentication process has been made.static String
REQUEST_ATTRIBUTE_AVAILABLE_USER_POPULATIONS_LIST
The request attribute name for transmitting the list of user populationsprotected static String
REQUEST_ATTRIBUTE_CONTEXTS
The request attribute name for transmitting the list of contextsprotected static String
REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_INDEX
The request attribute name for transmitting the index in the list of chosen credential providerprotected static String
REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_LIST
The request attribute name for transmitting a boolean that tell if there is a list of credential provider to choosestatic String
REQUEST_ATTRIBUTE_GRANTED
The request attribute meaning that the request was not authenticated but grantedstatic String
REQUEST_ATTRIBUTE_INTERNAL_ALLOWED
The request attribute to allow internal action from an internal request.protected static String
REQUEST_ATTRIBUTE_INVALID_POPULATION
The request attribute name for transmitting the potential list of user populations to the login screen .static String
REQUEST_ATTRIBUTE_LOGIN_URL
The request attribute name for transmitting the login page urlprotected static String
REQUEST_ATTRIBUTE_SHOULD_DISPLAY_USER_POPULATIONS_LIST
The request attribute name to know if user population list should be proposedstatic String
REQUEST_ATTRIBUTE_USER_POPULATION_ID
The request attribute name for transmitting the currently chosen user populationstatic String
REQUEST_PARAMETER_CREDENTIALPROVIDER_INDEX
Name of the credential provider index HTML fieldstatic String
REQUEST_PARAMETER_POPULATION_NAME
Name of the user population HTML fieldstatic String
REQUEST_PARAMETER_TOKEN
The request parameter holding the tokenstatic String
REQUEST_PARAMETER_TOKEN_CONTEXT
The request parameter holding the token contextprotected static String
SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX
The session attribute name for storing the credential provider index of the authentication (during connection process)protected static String
SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX_LASTBLOCKINGKNOWN
The session attribute name for storing the last known credential provider index of the authentication (during connection process)protected static String
SESSION_CONNECTING_CREDENTIALPROVIDER_MODE
The session attribute name for storing the credential provider mode of the authentication: non-blocking=>false, blocking=>true (during connection process)protected static String
SESSION_CONNECTING_USERPOPULATION_ID
The session attribute name for storing the id of the user population (during connection process)protected static String
SESSION_CREDENTIALPROVIDER
The session attribute name for storing the credential provider of the authenticationprotected static String
SESSION_CREDENTIALPROVIDER_MODE
The session attribute name for storing the credential provider mode of the authentication: non-blocking=>false, blocking=>trueprotected static String
SESSION_USERIDENTITY
The session attribute name for storing the identity of the connected userprotected static String
SITEMAP_PARAMETER_TOKEN_MODE
The sitemap parameter to set the token mode of the action-
Fields inherited from class org.apache.cocoon.acting.ServiceableAction
manager
-
Fields inherited from class org.apache.cocoon.acting.AbstractAction
EMPTY_MAP
-
-
Constructor Summary
Constructors Constructor Description AuthenticateAction()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected boolean
_acceptedUrl(Request request)
Determine if the request is one of the authentication process (except the credential providers)private Map
_displayBlockingList(Redirector redirector, Request request, List<CredentialProvider> credentialProviders)
protected boolean
_doProcess(Request request, boolean runningBlockingkMode, CredentialProvider runningCredentialProvider, Redirector redirector, List<UserPopulation> userPopulations)
Try to authenticate with this credential provider in this modeprotected Set<String>
_getAvailableUserPopulationsIds(Request request, List<String> contexts)
Get the available populations for the given contextsprotected String
_getChosenUserPopulationId(Request request, List<UserPopulation> availableUserPopulations)
Get the population for the given contextprotected List<String>
_getContexts(Request request, Parameters parameters)
Get the authentication contextprotected CredentialProvider
_getCredentialProviderFromSession(Request request)
Get the credential provider used for the current connectionprotected Boolean
_getCredentialProviderModeFromSession(Request request)
Get the credential provider mode used for the current connectionprotected int
_getCurrentCredentialProviderIndex(Request request, List<CredentialProvider> availableCredentialProviders)
Get the current credential provider index or -1 if there no running providerprotected Integer
_getCurrentCredentialProviderIndexFromParameter(Request request)
Get the current credential provider index or -1 if there no running provider FROM REQUEST PARAMETERprivate BlockingCredentialProvider
_getFirstBlockingCredentialProvider(List<CredentialProvider> credentialProviders)
protected String
_getTokenFromRequest(Request request)
Get the token from the requestprivate AuthenticateAction.TOKEN_MODE
_getTokenMode(Parameters parameters)
protected UserIdentity
_getUserIdentity(List<UserPopulation> userPopulations, UserIdentity potentialUserIdentity, Redirector redirector, boolean runningBlockingkMode, CredentialProvider runningCredentialProvider)
Check the authentications of the authentication managerprotected UserIdentity
_getUserIdentityFromSession(Request request)
Get the user identity of the connected user from the sessionprotected boolean
_handleAuthenticationToken(Request request, Parameters parameters)
Authenticate a user using the token in request (if configured so)protected boolean
_handleLogout(Redirector redirector, Map objectModel, String source, Parameters parameters)
Test if user wants to logout and handle itprotected boolean
_hasCredentialProviders(List<UserPopulation> userPopulations)
Determine if there is a list of credential providers to useprotected boolean
_internalRequest(Request request)
Determine if the request is internal and do not need authenticationprotected boolean
_isCurrentCredentialProviderInBlockingMode(Request request)
If there is a running credential provider, was it in non-blocking or blocking mode?protected boolean
_preFlightCheck(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters)
Prepare authenticationprotected boolean
_prepareUserPopulationsAndCredentialProviders(Request request, Parameters parameters, Redirector redirector, List<UserPopulation> chosenUserPopulations, List<CredentialProvider> credentialProviders)
Fill the list of available users populations and credential providersprotected boolean
_process(Request request, boolean runningBlockingkMode, CredentialProvider runningCredentialProvider, int runningCredentialProviderIndex, Redirector redirector, List<UserPopulation> userPopulations)
Try to authenticate with this credential provider in this mode.protected static void
_resetConnectingStateToSession(Request request)
Reset the connecting information in sessionprotected void
_saveConnectingStateToSession(Request request, int runningCredentialProviderIndex, boolean runningBlockingkMode)
When the process end successfully, save the stateprivate void
_saveLastKnownBlockingCredentialProvider(Request request, int runningCredentialProviderIndex)
protected void
_setUserIdentityInSession(Request request, UserIdentity userIdentity, CredentialProvider credentialProvider, boolean blockingMode)
Save user identity in requestprivate boolean
_shouldRunFirstBlockingCredentialProvider(int runningCredentialProviderIndex, List<CredentialProvider> credentialProviders, Request request, List<UserPopulation> chosenUserPopulations)
protected boolean
_validateCurrentlyConnectedUser(Request request, Redirector redirector, Parameters parameters)
This method ensure that there is a currently connected user and that it is still validprotected void
_validateCurrentlyConnectedUserIsInAuthorizedPopulation(UserIdentity userCurrentlyConnected, Request request, Parameters parameters)
This method is the second part of the process that ensure that there is a currently connected user and that it is still validprotected UserIdentity
_validateToken(String token, String context)
Validate the given tokenMap
act(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters)
static CredentialProvider
getCredentialProviderFromSession(Request request)
Get the credential provider used for the current connectionstatic Boolean
getCredentialProviderModeFromSession(Request request)
Get the credential provider mode used for the current connectionprotected String
getLoginURL(Request request)
Get the url for the redirector to display the login screenprotected String
getLoginURLParameters(Request request, String baseURL)
Get the url for the redirector to display the login screenprotected String
getLogoutURL(Request request)
Get the url for the redirector to display the logout screenstatic UserIdentity
getUserIdentityFromSession(Request request)
Get the user identity of the connected user from the sessionvoid
initialize()
static void
setUserIdentityInSession(Request request, UserIdentity userIdentity, CredentialProvider credentialProvider, boolean blockingMode)
Save user identity in requeststatic void
skipCurrentCredentialProvider(Request request)
Call this to skip the currently used credential provider and proceed to the next one.-
Methods inherited from class org.apache.cocoon.acting.ServiceableAction
service
-
Methods inherited from class org.apache.avalon.framework.logger.AbstractLogEnabled
enableLogging, getLogger, setupLogger, setupLogger, setupLogger
-
-
-
-
Field Detail
-
REQUEST_ATTRIBUTE_INTERNAL_ALLOWED
public static final String REQUEST_ATTRIBUTE_INTERNAL_ALLOWED
The request attribute to allow internal action from an internal request.- See Also:
- Constant Field Values
-
REQUEST_ATTRIBUTE_GRANTED
public static final String REQUEST_ATTRIBUTE_GRANTED
The request attribute meaning that the request was not authenticated but granted- See Also:
- Constant Field Values
-
REQUEST_ATTRIBUTE_AVAILABLE_USER_POPULATIONS_LIST
public static final String REQUEST_ATTRIBUTE_AVAILABLE_USER_POPULATIONS_LIST
The request attribute name for transmitting the list of user populations- See Also:
- Constant Field Values
-
REQUEST_ATTRIBUTE_USER_POPULATION_ID
public static final String REQUEST_ATTRIBUTE_USER_POPULATION_ID
The request attribute name for transmitting the currently chosen user population- See Also:
- Constant Field Values
-
REQUEST_ATTRIBUTE_LOGIN_URL
public static final String REQUEST_ATTRIBUTE_LOGIN_URL
The request attribute name for transmitting the login page url- See Also:
- Constant Field Values
-
REQUEST_PARAMETER_POPULATION_NAME
public static final String REQUEST_PARAMETER_POPULATION_NAME
Name of the user population HTML field- See Also:
- Constant Field Values
-
REQUEST_PARAMETER_CREDENTIALPROVIDER_INDEX
public static final String REQUEST_PARAMETER_CREDENTIALPROVIDER_INDEX
Name of the credential provider index HTML field- See Also:
- Constant Field Values
-
REQUEST_ATTRIBUTE_AUTHENTICATED
public static final String REQUEST_ATTRIBUTE_AUTHENTICATED
The request attribute name for indicating that the authentication process has been made.- See Also:
- Constant Field Values
-
REQUEST_PARAMETER_TOKEN
public static final String REQUEST_PARAMETER_TOKEN
The request parameter holding the token- See Also:
- Constant Field Values
-
REQUEST_PARAMETER_TOKEN_CONTEXT
public static final String REQUEST_PARAMETER_TOKEN_CONTEXT
The request parameter holding the token context- See Also:
- Constant Field Values
-
HEADER_TOKEN
public static final String HEADER_TOKEN
The header parameter that can be set to handle the token- See Also:
- Constant Field Values
-
PARAMETERS_PARAMETER_TOKEN
protected static final String PARAMETERS_PARAMETER_TOKEN
The sitemap parameter holding the token- See Also:
- Constant Field Values
-
PARAMETERS_PARAMETER_TOKEN_CONTEXT
protected static final String PARAMETERS_PARAMETER_TOKEN_CONTEXT
The sitemap parameter holding the token context- See Also:
- Constant Field Values
-
REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_LIST
protected static final String REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_LIST
The request attribute name for transmitting a boolean that tell if there is a list of credential provider to choose- See Also:
- Constant Field Values
-
REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_INDEX
protected static final String REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_INDEX
The request attribute name for transmitting the index in the list of chosen credential provider- See Also:
- Constant Field Values
-
REQUEST_ATTRIBUTE_SHOULD_DISPLAY_USER_POPULATIONS_LIST
protected static final String REQUEST_ATTRIBUTE_SHOULD_DISPLAY_USER_POPULATIONS_LIST
The request attribute name to know if user population list should be proposed- See Also:
- Constant Field Values
-
REQUEST_ATTRIBUTE_INVALID_POPULATION
protected static final String REQUEST_ATTRIBUTE_INVALID_POPULATION
The request attribute name for transmitting the potential list of user populations to the login screen .- See Also:
- Constant Field Values
-
REQUEST_ATTRIBUTE_CONTEXTS
protected static final String REQUEST_ATTRIBUTE_CONTEXTS
The request attribute name for transmitting the list of contexts- See Also:
- Constant Field Values
-
SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX
protected static final String SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX
The session attribute name for storing the credential provider index of the authentication (during connection process)- See Also:
- Constant Field Values
-
SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX_LASTBLOCKINGKNOWN
protected static final String SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX_LASTBLOCKINGKNOWN
The session attribute name for storing the last known credential provider index of the authentication (during connection process)- See Also:
- Constant Field Values
-
SESSION_CONNECTING_CREDENTIALPROVIDER_MODE
protected static final String SESSION_CONNECTING_CREDENTIALPROVIDER_MODE
The session attribute name for storing the credential provider mode of the authentication: non-blocking=>false, blocking=>true (during connection process)- See Also:
- Constant Field Values
-
SESSION_CONNECTING_USERPOPULATION_ID
protected static final String SESSION_CONNECTING_USERPOPULATION_ID
The session attribute name for storing the id of the user population (during connection process)- See Also:
- Constant Field Values
-
SESSION_CREDENTIALPROVIDER
protected static final String SESSION_CREDENTIALPROVIDER
The session attribute name for storing the credential provider of the authentication- See Also:
- Constant Field Values
-
SESSION_CREDENTIALPROVIDER_MODE
protected static final String SESSION_CREDENTIALPROVIDER_MODE
The session attribute name for storing the credential provider mode of the authentication: non-blocking=>false, blocking=>true- See Also:
- Constant Field Values
-
SESSION_USERIDENTITY
protected static final String SESSION_USERIDENTITY
The session attribute name for storing the identity of the connected user- See Also:
- Constant Field Values
-
SITEMAP_PARAMETER_TOKEN_MODE
protected static final String SITEMAP_PARAMETER_TOKEN_MODE
The sitemap parameter to set the token mode of the action- See Also:
- Constant Field Values
-
_userPopulationDAO
protected UserPopulationDAO _userPopulationDAO
The DAO for user populations
-
_userManager
protected UserManager _userManager
The user manager
-
_populationContextHelper
protected PopulationContextHelper _populationContextHelper
The helper for the associations population/context
-
_currentUserProvider
protected CurrentUserProvider _currentUserProvider
The current user provider
-
_acceptedUrlPatterns
protected Collection<Pattern> _acceptedUrlPatterns
url requires for authentication
-
_authenticateTokenManager
protected AuthenticationTokenManager _authenticateTokenManager
The authentication token manager
-
_observationManager
protected ObservationManager _observationManager
The observation manager
-
-
Constructor Detail
-
AuthenticateAction
public AuthenticateAction()
-
-
Method Detail
-
initialize
public void initialize() throws Exception
- Specified by:
initialize
in interfaceInitializable
- Throws:
Exception
-
act
public Map act(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters) throws Exception
-
_preFlightCheck
protected boolean _preFlightCheck(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters) throws Exception
Prepare authentication- Parameters:
redirector
- The redirectorresolver
- The source resolverobjectModel
- The object modelsource
- The sourceparameters
- The action parameters- Returns:
true
if a user was authenticated,false
otherwise- Throws:
Exception
- if failed to prepare the authentication
-
_handleAuthenticationToken
protected boolean _handleAuthenticationToken(Request request, Parameters parameters)
Authenticate a user using the token in request (if configured so)- Parameters:
request
- The requestparameters
- The action parameters- Returns:
- true if the user was authenticated
-
_getTokenFromRequest
protected String _getTokenFromRequest(Request request)
Get the token from the request- Parameters:
request
- The request- Returns:
- The token from the request or null
-
_validateToken
protected UserIdentity _validateToken(String token, String context)
Validate the given token- Parameters:
token
- The non empty token to validatecontext
- the context on which the token should be validated- Returns:
- The corresponding user identity or null
-
_getTokenMode
private AuthenticateAction.TOKEN_MODE _getTokenMode(Parameters parameters)
-
_saveLastKnownBlockingCredentialProvider
private void _saveLastKnownBlockingCredentialProvider(Request request, int runningCredentialProviderIndex)
-
_displayBlockingList
private Map _displayBlockingList(Redirector redirector, Request request, List<CredentialProvider> credentialProviders) throws IOException, ProcessingException, AuthorizationRequiredException
-
_shouldRunFirstBlockingCredentialProvider
private boolean _shouldRunFirstBlockingCredentialProvider(int runningCredentialProviderIndex, List<CredentialProvider> credentialProviders, Request request, List<UserPopulation> chosenUserPopulations)
-
_getFirstBlockingCredentialProvider
private BlockingCredentialProvider _getFirstBlockingCredentialProvider(List<CredentialProvider> credentialProviders)
-
_prepareUserPopulationsAndCredentialProviders
protected boolean _prepareUserPopulationsAndCredentialProviders(Request request, Parameters parameters, Redirector redirector, List<UserPopulation> chosenUserPopulations, List<CredentialProvider> credentialProviders) throws ProcessingException, IOException
Fill the list of available users populations and credential providers- Parameters:
request
- The requestparameters
- The action parametersredirector
- The cocoon redirectorchosenUserPopulations
- An empty non-null list to fill with with chosen populationscredentialProviders
- An empty non-null list to fill with chosen credential providers- Returns:
- true, if the population was determined, false if a redirection was required to choose
- Throws:
IOException
- If an error occurredProcessingException
- If an error occurred
-
getLoginURL
protected String getLoginURL(Request request)
Get the url for the redirector to display the login screen- Parameters:
request
- The request- Returns:
- The url. Cannot be null or empty
-
getLoginURLParameters
protected String getLoginURLParameters(Request request, String baseURL)
Get the url for the redirector to display the login screen- Parameters:
request
- The requestbaseURL
- The url to complete with parameters- Returns:
- The url. Cannot be null or empty
-
getLogoutURL
protected String getLogoutURL(Request request)
Get the url for the redirector to display the logout screen- Parameters:
request
- The request- Returns:
- The url. Cannot be null or empty
-
_hasCredentialProviders
protected boolean _hasCredentialProviders(List<UserPopulation> userPopulations)
Determine if there is a list of credential providers to use- Parameters:
userPopulations
- The list of applicable user populations- Returns:
- true if credentialproviders can be used
-
_getAvailableUserPopulationsIds
protected Set<String> _getAvailableUserPopulationsIds(Request request, List<String> contexts)
Get the available populations for the given contexts- Parameters:
request
- The requestcontexts
- The contexts- Returns:
- The non-null list of populations
-
_getChosenUserPopulationId
protected String _getChosenUserPopulationId(Request request, List<UserPopulation> availableUserPopulations)
Get the population for the given context- Parameters:
request
- The requestavailableUserPopulations
- The available users populations- Returns:
- The chosen population id. Can be null.
-
_process
protected boolean _process(Request request, boolean runningBlockingkMode, CredentialProvider runningCredentialProvider, int runningCredentialProviderIndex, Redirector redirector, List<UserPopulation> userPopulations) throws Exception
Try to authenticate with this credential provider in this mode. Delegates to _doProcess- Parameters:
request
- The requestrunningBlockingkMode
- false for non-blocking mode, true for blocking moderunningCredentialProvider
- the Credential provider to testrunningCredentialProviderIndex
- The index of the currently tested credential providerredirector
- The cocoon redirectoruserPopulations
- The list of possible user populations- Returns:
- false if we should try with another Credential provider, true otherwise
- Throws:
Exception
- If an error occurred
-
_doProcess
protected boolean _doProcess(Request request, boolean runningBlockingkMode, CredentialProvider runningCredentialProvider, Redirector redirector, List<UserPopulation> userPopulations) throws Exception
Try to authenticate with this credential provider in this mode- Parameters:
request
- The requestrunningBlockingkMode
- false for non-blocking mode, true for blocking moderunningCredentialProvider
- the Credential provider to testredirector
- The cocoon redirectoruserPopulations
- The list of possible user populations- Returns:
- false if we should try with another Credential provider, true otherwise
- Throws:
Exception
- If an error occurred
-
_resetConnectingStateToSession
protected static void _resetConnectingStateToSession(Request request)
Reset the connecting information in session- Parameters:
request
- The request
-
_saveConnectingStateToSession
protected void _saveConnectingStateToSession(Request request, int runningCredentialProviderIndex, boolean runningBlockingkMode)
When the process end successfully, save the state- Parameters:
request
- The requestrunningBlockingkMode
- false for non-blocking mode, true for blocking moderunningCredentialProviderIndex
- the currently tested credential provider
-
_setUserIdentityInSession
protected void _setUserIdentityInSession(Request request, UserIdentity userIdentity, CredentialProvider credentialProvider, boolean blockingMode)
Save user identity in request- Parameters:
request
- The requestuserIdentity
- The useridentity to savecredentialProvider
- The credential provider used to connectblockingMode
- The mode used for the credential provider
-
setUserIdentityInSession
public static void setUserIdentityInSession(Request request, UserIdentity userIdentity, CredentialProvider credentialProvider, boolean blockingMode)
Save user identity in request- Parameters:
request
- The requestuserIdentity
- The useridentity to savecredentialProvider
- The credential provider used to connectblockingMode
- The mode used for the credential provider
-
_getUserIdentityFromSession
protected UserIdentity _getUserIdentityFromSession(Request request)
Get the user identity of the connected user from the session- Parameters:
request
- The request- Returns:
- The connected useridentity or null
-
getUserIdentityFromSession
public static UserIdentity getUserIdentityFromSession(Request request)
Get the user identity of the connected user from the session- Parameters:
request
- The request- Returns:
- The connected useridentity or null
-
_getCredentialProviderFromSession
protected CredentialProvider _getCredentialProviderFromSession(Request request)
Get the credential provider used for the current connection- Parameters:
request
- The request- Returns:
- The credential provider used or null
-
getCredentialProviderFromSession
public static CredentialProvider getCredentialProviderFromSession(Request request)
Get the credential provider used for the current connection- Parameters:
request
- The request- Returns:
- The credential provider used or null
-
_getCredentialProviderModeFromSession
protected Boolean _getCredentialProviderModeFromSession(Request request)
Get the credential provider mode used for the current connection- Parameters:
request
- The request- Returns:
- The credential provider mode used or null
-
getCredentialProviderModeFromSession
public static Boolean getCredentialProviderModeFromSession(Request request)
Get the credential provider mode used for the current connection- Parameters:
request
- The request- Returns:
- The credential provider mode used or null
-
_isCurrentCredentialProviderInBlockingMode
protected boolean _isCurrentCredentialProviderInBlockingMode(Request request)
If there is a running credential provider, was it in non-blocking or blocking mode?- Parameters:
request
- The request- Returns:
- false if non-blocking, true if blocking
-
skipCurrentCredentialProvider
public static void skipCurrentCredentialProvider(Request request)
Call this to skip the currently used credential provider and proceed to the next one. Useful for non blocking- Parameters:
request
- The request
-
_getCurrentCredentialProviderIndexFromParameter
protected Integer _getCurrentCredentialProviderIndexFromParameter(Request request)
Get the current credential provider index or -1 if there no running provider FROM REQUEST PARAMETER- Parameters:
request
- The request- Returns:
- The credential provider index to use in the availablesCredentialProviders list or -1 or null
-
_getCurrentCredentialProviderIndex
protected int _getCurrentCredentialProviderIndex(Request request, List<CredentialProvider> availableCredentialProviders)
Get the current credential provider index or -1 if there no running provider- Parameters:
request
- The requestavailableCredentialProviders
- The list of available credential provider- Returns:
- The credential provider index to use in the availablesCredentialProviders list or -1
-
_getContexts
protected List<String> _getContexts(Request request, Parameters parameters)
Get the authentication context- Parameters:
request
- The requestparameters
- The action parameters- Returns:
- The context
- Throws:
IllegalArgumentException
- If there is no context set
-
_internalRequest
protected boolean _internalRequest(Request request)
Determine if the request is internal and do not need authentication- Parameters:
request
- The request- Returns:
- true to bypass this authentication
-
_acceptedUrl
protected boolean _acceptedUrl(Request request)
Determine if the request is one of the authentication process (except the credential providers)- Parameters:
request
- The request- Returns:
- true to bypass this authentication
-
_validateCurrentlyConnectedUser
protected boolean _validateCurrentlyConnectedUser(Request request, Redirector redirector, Parameters parameters) throws Exception
This method ensure that there is a currently connected user and that it is still valid- Parameters:
request
- The requestredirector
- The cocoon redirectorparameters
- The action parameters- Returns:
- true if the user is connected and valid
- Throws:
Exception
- if an error occurred
-
_validateCurrentlyConnectedUserIsInAuthorizedPopulation
protected void _validateCurrentlyConnectedUserIsInAuthorizedPopulation(UserIdentity userCurrentlyConnected, Request request, Parameters parameters)
This method is the second part of the process that ensure that there is a currently connected user and that it is still valid- Parameters:
userCurrentlyConnected
- The user to testrequest
- The requestparameters
- The action parameters
-
_handleLogout
protected boolean _handleLogout(Redirector redirector, Map objectModel, String source, Parameters parameters) throws Exception
Test if user wants to logout and handle it- Parameters:
redirector
- The cocoon redirectorobjectModel
- The cocoon object modelsource
- The sitemap sourceparameters
- The sitemap parameters- Returns:
- true if the user was logged out
- Throws:
Exception
- if an error occurred
-
_getUserIdentity
protected UserIdentity _getUserIdentity(List<UserPopulation> userPopulations, UserIdentity potentialUserIdentity, Redirector redirector, boolean runningBlockingkMode, CredentialProvider runningCredentialProvider) throws Exception
Check the authentications of the authentication manager- Parameters:
userPopulations
- The list of available matching populationsredirector
- The cocoon redirectorrunningBlockingkMode
- false for non-blocking mode, true for blocking moderunningCredentialProvider
- The Credential provider to testpotentialUserIdentity
- A possible user identity. Population can be null. User may not exist either.- Returns:
- The user population matching credentials or null
- Throws:
Exception
- If an error occurredAccessDeniedException
- If the user is rejected
-
-