Package org.ametys.core.authentication.token

Class AuthenticationTokenManager

java.lang.Object

org.ametys.runtime.plugin.component.AbstractLogEnabled

org.ametys.core.authentication.token.AuthenticationTokenManager

All Implemented Interfaces:

LogEnabled, Initializable, Component, Serviceable

public class AuthenticationTokenManager
extends AbstractLogEnabled
implements Component, Serviceable, Initializable

The component to handle temporary authentication token.
Token can only be used once and are available for a short time only.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	AuthenticationTokenManager.Token	An Ametys authentication token

Field Summary

Fields

Modifier and Type	Field	Description
private CurrentUserProvider	_currentUserProvider
private String	_datasourceId
private JSONUtils	_jsonUtils
private ServiceManager	_manager
private SQLDatabaseTypeExtensionPoint	_sqlDatabaseTypeExtensionPoint
static String	ROLE	The avalon role
static String	TOKEN_SEPARATOR	The separator in token
private static String	TOKEN_SQL_GET_FIELDS	all fields without login and population_id
private static String	TOKEN_SQL_SET_FIELDS	all fields without id and last_update_date
static String	USER_TOKEN_TYPE	The user token type

Constructor Summary

Constructors

Constructor	Description
AuthenticationTokenManager()

Method Summary

Modifier and Type	Method	Description
private String	_contextsToString(Set<String> contexts)
private Set<String>	_convertStringToContexts(String contexts)
private void	_deleteOldTokens(Connection connection)	Generates the sql statement that deletes the entries of the users token database that are old
private void	_deleteUserToken(Connection connection, Integer id)	Deletes the database entry that has this token
private void	_generateToken(UserIdentity user, long duration, boolean autoRenewDuration, Integer nbUsesLeft, Set<String> contexts, String type, String comment, String hashedTokenAndSalt, String salt, Timestamp creationDateTime, Timestamp endTime)
private CurrentUserProvider	_getCurrentUserProvider()
private PreparedStatement	_getSelectUserTokenStatement(Connection connection, String login, String populationId, String type)	Generates the statement that selects the users having the specified login in the Authentication_Token table
private AuthenticationTokenManager.Token	_getTokenFromResultSet(ResultSet resultSet, Connection connection)
private void	_updateUserToken(Connection connection, AuthenticationTokenManager.Token token)	Update the last update date in the database
private UserIdentity	_validateToken(String encodedToken, String context, boolean forceRemove)
void	deleteAuthenticationToken(List<Integer> ids)	Delete one or multiples authentication token
void	deleteTokenById(Integer tokenId)	Destroy the given token
void	deleteTokenByValue(String token, String context)	Destroy the given token
String	generateAuthenticationToken(Map<String,Object> parameters)	Generate a new authentication token
String	generateToken(long duration, String type, String comment)	Generates a new token for the current user
String	generateToken(UserIdentity user, long duration, boolean autoRenewDuration, Integer nbUsesLeft, Set<String> contexts, String type, String comment)	Generates a new token
String	generateToken(UserIdentity user, long duration, Integer nbUsesLeft, String type, String comment)	Generates a new token
String	generateToken(UserIdentity user, long duration, String type, String comment)	Generates a new token
List<AuthenticationTokenManager.Token>	getTokens(String type)	Get the existing tokens for the connected user
List<AuthenticationTokenManager.Token>	getTokens(UserIdentity user, String type)	Get the existing tokens for this user
void	initialize()
void	service(ServiceManager manager)
UserIdentity	validateToken(String token)	Check if a token is valid and return the user
UserIdentity	validateToken(String token, String context)	Check if a token is valid and return the user

Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled

getLogger, setLogger

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ROLE

public static final String ROLE

The avalon role

TOKEN_SEPARATOR

public static final String TOKEN_SEPARATOR

The separator in token

See Also:

Constant Field Values

USER_TOKEN_TYPE

public static final String USER_TOKEN_TYPE

The user token type

See Also:

Constant Field Values

TOKEN_SQL_GET_FIELDS

private static final String TOKEN_SQL_GET_FIELDS

all fields without login and population_id

See Also:

Constant Field Values

TOKEN_SQL_SET_FIELDS

private static final String TOKEN_SQL_SET_FIELDS

all fields without id and last_update_date

See Also:

Constant Field Values

_manager

private ServiceManager _manager

_currentUserProvider

private CurrentUserProvider _currentUserProvider

_datasourceId

private String _datasourceId

_sqlDatabaseTypeExtensionPoint

private SQLDatabaseTypeExtensionPoint _sqlDatabaseTypeExtensionPoint

_jsonUtils

private JSONUtils _jsonUtils

Constructor Detail

AuthenticationTokenManager

public AuthenticationTokenManager()

Method Detail

service

public void service(ServiceManager manager)
             throws ServiceException

Specified by:

service in interface Serviceable

Throws:

ServiceException

initialize

public void initialize()
                throws Exception

Specified by:

initialize in interface Initializable

Throws:

Exception

_getCurrentUserProvider

private CurrentUserProvider _getCurrentUserProvider()
                                             throws RuntimeException

Throws:

RuntimeException

getTokens

public List<AuthenticationTokenManager.Token> getTokens(String type)
                                                 throws RuntimeException

Get the existing tokens for the connected user

Parameters:

type - The type of tokens to return. null to return all.

Returns:

The tokens

Throws:

RuntimeException - If there is no user connected or if there is a database error

getTokens

public List<AuthenticationTokenManager.Token> getTokens(UserIdentity user,
                                                        String type)
                                                 throws RuntimeException

Get the existing tokens for this user

Parameters:

type - The type of tokens to return. null to return all.

user - The user. Cannot be null

Returns:

The tokens identifier and associated comment

Throws:

RuntimeException - If the user is null or if there is a database error

generateToken

public String generateToken(long duration,
                            String type,
                            String comment)
                     throws RuntimeException

Generates a new token for the current user

Parameters:

duration - The time the token is valid in seconds. 0 means for ever and moreover the ticket will be reusable.

type - The type of token. Mandatory but can be anything you want between 1 to 32 characters. Such as "Cookie".

comment - An optional token comment to remember the reason of its creation

Returns:

The token

Throws:

RuntimeException - If the user is not authenticated, or if there is a database error

generateToken

public String generateToken(UserIdentity user,
                            long duration,
                            String type,
                            String comment)
                     throws RuntimeException

Generates a new token

Parameters:

user - The user that will be authenticated with the token

duration - The time the token is valid in seconds. 0 means for ever and moreover the ticket will be reusable

type - The type of token. Mandatory but can be anything you want between 1 to 32 characters. Such as "Cookie".

comment - An optional token comment to remember the reason of its creation

Returns:

The token

Throws:

RuntimeException - If the user is null or if there is a database error or if duration is negative

generateToken

public String generateToken(UserIdentity user,
                            long duration,
                            Integer nbUsesLeft,
                            String type,
                            String comment)
                     throws RuntimeException

Generates a new token

Parameters:

user - The user that will be authenticated with the token

duration - The time the token is valid in seconds. 0 means for ever and moreover the ticket will be reusable

nbUsesLeft - number of available uses (null for no limit)

type - The type of token. Mandatory but can be anything you want between 1 to 32 characters. Such as "Cookie".

comment - An optional token comment to remember the reason of its creation

Returns:

The token

Throws:

RuntimeException - If the user is null or if there is a database error or if duration is negative

generateToken

public String generateToken(UserIdentity user,
                            long duration,
                            boolean autoRenewDuration,
                            Integer nbUsesLeft,
                            Set<String> contexts,
                            String type,
                            String comment)
                     throws RuntimeException

Generates a new token

Parameters:

user - The user that will be authenticated with the token

duration - The time the token is valid in seconds. 0 means for ever and moreover the ticket will be reusable

autoRenewDuration - true to automatically renew token if used before it's expiration

nbUsesLeft - number of available uses (null for no limit)

contexts - contexts where the token can be used

type - The type of token. Mandatory but can be anything you want between 1 to 32 characters. Such as "Cookie".

comment - An optional token comment to remember the reason of its creation

Returns:

The token

Throws:

RuntimeException - If the user is null or if there is a database error or if duration is negative

_generateToken

private void _generateToken(UserIdentity user,
                            long duration,
                            boolean autoRenewDuration,
                            Integer nbUsesLeft,
                            Set<String> contexts,
                            String type,
                            String comment,
                            String hashedTokenAndSalt,
                            String salt,
                            Timestamp creationDateTime,
                            Timestamp endTime)
                     throws RuntimeException

Throws:

RuntimeException

_contextsToString

private String _contextsToString(Set<String> contexts)

_convertStringToContexts

private Set<String> _convertStringToContexts(String contexts)

_validateToken

private UserIdentity _validateToken(String encodedToken,
                                    String context,
                                    boolean forceRemove)

validateToken

public UserIdentity validateToken(String token)

Check if a token is valid and return the user

Parameters:

token - The token to validate

Returns:

The user associated to the valid token, null otherwise

validateToken

public UserIdentity validateToken(String token,
                                  String context)

Check if a token is valid and return the user

Parameters:

token - The token to validate

context - context to validate the token with

Returns:

The user associated to the valid token, null otherwise

deleteTokenByValue

public void deleteTokenByValue(String token,
                               String context)

Destroy the given token

Parameters:

token - The token to remove

context - context of the token (null for no context)

deleteTokenById

public void deleteTokenById(Integer tokenId)

Destroy the given token

Parameters:

tokenId - The token identifier to remove

_deleteOldTokens

private void _deleteOldTokens(Connection connection)
                       throws SQLException

Generates the sql statement that deletes the entries of the users token database that are old

Parameters:

connection - the database's session

Throws:

SQLException - if a sql exception occurs

_getSelectUserTokenStatement

private PreparedStatement _getSelectUserTokenStatement(Connection connection,
                                                       String login,
                                                       String populationId,
                                                       String type)
                                                throws SQLException

Generates the statement that selects the users having the specified login in the Authentication_Token table

Parameters:

connection - the database's session

login - The login of the user

populationId - The populationId of the user

type - The type to filter or null to get all

Returns:

the retrieve statement

Throws:

SQLException - if a sql exception occurs

_getTokenFromResultSet

private AuthenticationTokenManager.Token _getTokenFromResultSet(ResultSet resultSet,
                                                                Connection connection)
                                                         throws SQLException,
                                                                IOException

Throws:

SQLException

IOException

_deleteUserToken

private void _deleteUserToken(Connection connection,
                              Integer id)
                       throws SQLException

Deletes the database entry that has this token

Parameters:

connection - the database's session

id - the token id

Throws:

SQLException - if an error occurred

_updateUserToken

private void _updateUserToken(Connection connection,
                              AuthenticationTokenManager.Token token)
                       throws SQLException

Update the last update date in the database

Parameters:

connection - the database's session

token - the token

Throws:

SQLException - if an error occurred

generateAuthenticationToken

public String generateAuthenticationToken(Map<String,Object> parameters)

Generate a new authentication token

Parameters:

parameters - a map of the following parameters for the authentication token : description

Returns:

The generated token

deleteAuthenticationToken

public void deleteAuthenticationToken(List<Integer> ids)

Delete one or multiples authentication token

Parameters:

ids - a list of authentication token ids