Package org.ametys.plugins.core.impl.authentication

Class FormCredentialProvider

java.lang.Object

org.ametys.runtime.plugin.component.AbstractLogEnabled

org.ametys.core.authentication.AbstractCredentialProvider

org.ametys.plugins.core.impl.authentication.FormCredentialProvider

All Implemented Interfaces:

BlockingCredentialProvider, CredentialProvider, LogoutCapable, NonBlockingCredentialProvider, LogEnabled, Component, Configurable, Contextualizable, Serviceable

public class FormCredentialProvider
extends AbstractCredentialProvider
implements NonBlockingCredentialProvider, BlockingCredentialProvider, LogoutCapable, Contextualizable, Configurable, Serviceable

This manager gets the credentials coming from an authentication form.
This manager can create a cookie to save credentials
Parameters are : - The name of the pool
- The html field name for user name
- The html field name for user password
- The html field name for the check box which allow to create a cookie, must return 'true' when checked
- A boolean, to activate or not the user info saving by cookie
- The cookie name, to retrieve info
- The cookie duration (in seconds), by default set to 1 week
- A login url (do not start with a "/")
- A failure login url (do not start with a "/"). The failure Url can receive the login entered by the visitor.
- A list of URL prefixes that are accessible without authentication. The login and failure URLs are always accessible without authentication.

For example :
<username-field>Username</username-field>
<password-field>Password</password-field>
<cookie>
<cookieEnabled>true</cookieEnabled>
<cookieLifeTime>604800</cookieLifeTime>
<cookieName>AmetysAuthentication</cookieName>
</cookie>
<loginUrl internal="true">login.html</loginUrl>
<loginFailedUrl provideLoginParameter="true" internal="true">login_failed.html</loginFailedUrl>
<unauthenticated>
<urlPrefix>subscribe.html</urlPrefix>
<urlPrefix>lostPassword/</urlPrefix>
</unauthenticated>

Field Summary

Fields

Modifier and Type	Field	Description
private static String	__PARAM_CAPTCHA	Name of the parameter holding the captcha options
private static String	__PARAM_COOKIES	Name of the parameter holding the cookies option
private static String	__PARAM_DATASOURCE	Name of the parameter holder the datasource id
private static String	__PARAM_LOGIN_BY_EMAIL	Name of the parameter holding the allow of login by email
protected Collection<Pattern>	_acceptedUrlPatterns	A list of accepted url patterns
protected Set<String>	_acceptedUrlPrefixes	Set of accepted url prefixes (default : empty).
protected boolean	_allowCookies	Security level : allow storage in cookies
protected boolean	_allowLoginByEmail	Allow login by email
protected AuthenticationTokenManager	_authenticationTokenManager	The token manager
protected String	_captchaField	Name of the captcha answer html field
protected String	_captchaKeyField	Name of the captcha key html field
protected Context	_context	Context
protected boolean	_cookieEnabled	Indicates if the user credentials must be saved by a cookie
protected long	_cookieLifetime	Cookie duration in seconds, by default COOKIE_LIFETIME
protected String	_cookieName	The name of the cookie
protected String	_datasourceId	The datasource id
protected boolean	_lazyInitialized	was lazy initialize done
protected String	_passwordField	Name of the user password html field
protected String	_rememberMeField	Name of the "remember me" html field
protected SourceResolver	_sourceResolver	The avalon source resolver
protected boolean	_useCaptchaOnFailure	Security level : use captcha after three connection failed
protected String	_usernameField	Name of the user name html field
protected UserPopulationDAO	_userPopulationDAO	The user population DAO
static String	AUTHENTICATION_BY_COOKIE	Password value in case of info retrieved from cookie
static int	COOKIE_LIFETIME	Default cookie lifetime (15 days in seconds)
static Integer	NB_CONNECTION_ATTEMPTS	Number of connection attempts allowed
protected static Integer	TIME_ALLOWED	Duration in days a connection failure will last

Constructor Summary

Constructors

Constructor	Description
FormCredentialProvider()

Method Summary

Modifier and Type	Method	Description
protected void	_deleteAllPastLoginFailedBDD()	Delete all past failed connections
protected void	_deleteCookie()	Delete the cookie
protected void	_deleteLoginFailedBDD(String login, String populationId)	Delete the login from the table of the failed connection
protected String	_getCookieValue()	Return the cookie value corresponding to the searched name
private UserPopulation	_getPopulation(Request request)
private UserIdentity	_getUserIdentityFromRequest(Request request)
protected void	_insertLoginNbConnectBDD(String login, String populationId)	Insert the login with one failed connection in the BDD
protected boolean	_isCookieAlreadySet()	Checks if cookie already exists
protected Integer	_setNbConnectBDD(String login, String populationId)	Get the number of failed connections with this login
protected void	_updateCookie(String value)	Update the cookie for client-side purpose
protected void	_updateLoginNbConnectBDD(String login, String populationId, Integer nbConnect)	Update the number of failed connections of the login in the BDD
UserIdentity	blockingGetUserIdentity(Redirector redirector)	Method called by AuthenticateAction each time a request need authentication.
boolean	blockingGrantAnonymousRequest()	Method called by AuthenticateAction before asking for credentials.
boolean	blockingIsStillConnected(UserIdentity userIdentity, Redirector redirector)	Validates that the user specify is still connected
void	blockingUserAllowed(UserIdentity userConnected)	Method called by AuthenticateAction after authentication process succeeded
void	blockingUserNotAllowed(Redirector redirector)	Method called by AuthenticateAction each a user could not get authenticated.
void	configure(Configuration configuration)
void	contextualize(Context context)
protected Connection	getSQLConnection()	Get the connection to the database
void	init(String id, String cpModelId, Map<String,Object> paramValues, String label)	Initialize the credential provider with given parameters' values.
void	logout()	Logout a particular user.
UserIdentity	nonBlockingGetUserIdentity(Redirector redirector)	Method called by AuthenticateAction each time a request need authentication.
boolean	nonBlockingGrantAnonymousRequest()	Method called by AuthenticateAction before asking for credentials.
boolean	nonBlockingIsStillConnected(UserIdentity userIdentity, Redirector redirector)	Validates that the user specify is still connected
void	nonBlockingUserAllowed(UserIdentity userConnected)	Method called by AuthenticateAction after authentication process succeeded
void	nonBlockingUserNotAllowed(Redirector redirector)	Method called by AuthenticateAction each a user could not get authenticated.
Integer	requestNbConnectBDD(String login, String populationId)	Get the number of failed connections with this login
boolean	requiresNewWindow()	Does this blocking credential provider requires a new window to process.
void	service(ServiceManager manager)

Methods inherited from class org.ametys.core.authentication.AbstractCredentialProvider

equals, getCredentialProviderModelId, getId, getLabel, getParameterValues, hashCode

Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled

getLogger, setLogger

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.ametys.core.authentication.CredentialProvider

getCredentialProviderModelId, getId, getLabel, getParameterValues, getUserIdentity, grantAnonymousRequest, isStillConnected, userAllowed, userNotAllowed

Field Detail

AUTHENTICATION_BY_COOKIE

public static final String AUTHENTICATION_BY_COOKIE

Password value in case of info retrieved from cookie

See Also:

Constant Field Values

NB_CONNECTION_ATTEMPTS

public static final Integer NB_CONNECTION_ATTEMPTS

Number of connection attempts allowed

COOKIE_LIFETIME

public static final int COOKIE_LIFETIME

Default cookie lifetime (15 days in seconds)

See Also:

Constant Field Values

TIME_ALLOWED

protected static final Integer TIME_ALLOWED

Duration in days a connection failure will last

__PARAM_DATASOURCE

private static final String __PARAM_DATASOURCE

Name of the parameter holder the datasource id

See Also:

Constant Field Values

__PARAM_CAPTCHA

private static final String __PARAM_CAPTCHA

Name of the parameter holding the captcha options

See Also:

Constant Field Values

__PARAM_COOKIES

private static final String __PARAM_COOKIES

Name of the parameter holding the cookies option

See Also:

Constant Field Values

__PARAM_LOGIN_BY_EMAIL

private static final String __PARAM_LOGIN_BY_EMAIL

Name of the parameter holding the allow of login by email

See Also:

Constant Field Values

_usernameField

protected String _usernameField

Name of the user name html field

_passwordField

protected String _passwordField

Name of the user password html field

_rememberMeField

protected String _rememberMeField

Name of the "remember me" html field

_captchaField

protected String _captchaField

Name of the captcha answer html field

_captchaKeyField

protected String _captchaKeyField

Name of the captcha key html field

_cookieEnabled

protected boolean _cookieEnabled

Indicates if the user credentials must be saved by a cookie

_cookieName

protected String _cookieName

The name of the cookie

_cookieLifetime

protected long _cookieLifetime

Cookie duration in seconds, by default COOKIE_LIFETIME

_acceptedUrlPrefixes

protected Set<String> _acceptedUrlPrefixes

Set of accepted url prefixes (default : empty).

_acceptedUrlPatterns

protected Collection<Pattern> _acceptedUrlPatterns

A list of accepted url patterns

_useCaptchaOnFailure

protected boolean _useCaptchaOnFailure

Security level : use captcha after three connection failed

_allowCookies

protected boolean _allowCookies

Security level : allow storage in cookies

_allowLoginByEmail

protected boolean _allowLoginByEmail

Allow login by email

_context

protected Context _context

Context

_userPopulationDAO

protected UserPopulationDAO _userPopulationDAO

The user population DAO

_datasourceId

protected String _datasourceId

The datasource id

_sourceResolver

protected SourceResolver _sourceResolver

The avalon source resolver

_authenticationTokenManager

protected AuthenticationTokenManager _authenticationTokenManager

The token manager

_lazyInitialized

protected boolean _lazyInitialized

was lazy initialize done

Constructor Detail

FormCredentialProvider

public FormCredentialProvider()

Method Detail

contextualize

public void contextualize(Context context)
                   throws ContextException

Specified by:

contextualize in interface Contextualizable

Throws:

ContextException

service

public void service(ServiceManager manager)
             throws ServiceException

Specified by:

service in interface Serviceable

Throws:

ServiceException

init

public void init(String id,
                 String cpModelId,
                 Map<String,Object> paramValues,
                 String label)

Description copied from interface: CredentialProvider

Initialize the credential provider with given parameters' values.

Specified by:

init in interface CredentialProvider

Overrides:

init in class AbstractCredentialProvider

Parameters:

id - The unique identifier

cpModelId - The id of credential provider extension point

paramValues - The parameters' values

label - The specific label of this instance. Can be null

configure

public void configure(Configuration configuration)
               throws ConfigurationException

Specified by:

configure in interface Configurable

Throws:

ConfigurationException

getSQLConnection

protected Connection getSQLConnection()

Get the connection to the database

Returns:

the SQL connection

logout

public void logout()

Description copied from interface: LogoutCapable

Logout a particular user.

Specified by:

logout in interface LogoutCapable

nonBlockingIsStillConnected

public boolean nonBlockingIsStillConnected(UserIdentity userIdentity,
                                           Redirector redirector)

Description copied from interface: NonBlockingCredentialProvider

Validates that the user specify is still connected

Specified by:

nonBlockingIsStillConnected in interface NonBlockingCredentialProvider

Parameters:

userIdentity - the user previously correctly identified with this credential provider

redirector - The cocoon redirector

Returns:

true if this CredentialProvider was in a valid state, false to restart authentication process

blockingIsStillConnected

public boolean blockingIsStillConnected(UserIdentity userIdentity,
                                        Redirector redirector)

Description copied from interface: BlockingCredentialProvider

Validates that the user specify is still connected

Specified by:

blockingIsStillConnected in interface BlockingCredentialProvider

Parameters:

userIdentity - the user previously correctly identified with this credential provider

redirector - The cocoon redirector

Returns:

true if this CredentialProvider was in a valid state, false to restart authentication process

blockingGrantAnonymousRequest

public boolean blockingGrantAnonymousRequest()

Description copied from interface: BlockingCredentialProvider

Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be required. Use it with care, as it may lead to obvious security issues.

Specified by:

blockingGrantAnonymousRequest in interface BlockingCredentialProvider

Returns:

true if the Request is not authenticated

nonBlockingGrantAnonymousRequest

public boolean nonBlockingGrantAnonymousRequest()

Description copied from interface: NonBlockingCredentialProvider

Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be require. Use it with care, as it may lead to obvious security issues.

Specified by:

nonBlockingGrantAnonymousRequest in interface NonBlockingCredentialProvider

Returns:

true if the Request is not authenticated

blockingGetUserIdentity

public UserIdentity blockingGetUserIdentity(Redirector redirector)
                                     throws Exception

Description copied from interface: BlockingCredentialProvider

Method called by AuthenticateAction each time a request need authentication.

Specified by:

blockingGetUserIdentity in interface BlockingCredentialProvider

Parameters:

redirector - the cocoon redirector.

Returns:

the UserIdentity corresponding to the user (with or without population specified), or null if user could not get authenticated.

Throws:

Exception - if something wrong occurs

nonBlockingGetUserIdentity

public UserIdentity nonBlockingGetUserIdentity(Redirector redirector)
                                        throws Exception

Description copied from interface: NonBlockingCredentialProvider

Method called by AuthenticateAction each time a request need authentication.

Specified by:

nonBlockingGetUserIdentity in interface NonBlockingCredentialProvider

Parameters:

redirector - the cocoon redirector.

Returns:

the UserIdentity corresponding to the user (with or without population specified), or null if user could not get authenticated.

Throws:

Exception - if something wrong occurs

_getUserIdentityFromRequest

private UserIdentity _getUserIdentityFromRequest(Request request)
                                          throws AccessDeniedException,
                                                 NotUniqueUserException

Throws:

AccessDeniedException

NotUniqueUserException

_getPopulation

private UserPopulation _getPopulation(Request request)

blockingUserNotAllowed

public void blockingUserNotAllowed(Redirector redirector)
                            throws Exception

Description copied from interface: BlockingCredentialProvider

Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.

Specified by:

blockingUserNotAllowed in interface BlockingCredentialProvider

Parameters:

redirector - the cocoon Redirector that can be used for redirecting response.

Throws:

Exception - if something wrong occurs

nonBlockingUserNotAllowed

public void nonBlockingUserNotAllowed(Redirector redirector)
                               throws Exception

Description copied from interface: NonBlockingCredentialProvider

Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.

Specified by:

nonBlockingUserNotAllowed in interface NonBlockingCredentialProvider

Parameters:

redirector - the cocoon Redirector that can be used for redirecting response.

Throws:

Exception - if something wrong occurs

blockingUserAllowed

public void blockingUserAllowed(UserIdentity userConnected)

Description copied from interface: BlockingCredentialProvider

Method called by AuthenticateAction after authentication process succeeded

Specified by:

blockingUserAllowed in interface BlockingCredentialProvider

Parameters:

userConnected - The user correctly connected

nonBlockingUserAllowed

public void nonBlockingUserAllowed(UserIdentity userConnected)

Description copied from interface: NonBlockingCredentialProvider

Method called by AuthenticateAction after authentication process succeeded

Specified by:

nonBlockingUserAllowed in interface NonBlockingCredentialProvider

Parameters:

userConnected - The user correctly connected

requiresNewWindow

public boolean requiresNewWindow()

Description copied from interface: BlockingCredentialProvider

Does this blocking credential provider requires a new window to process.

Specified by:

requiresNewWindow in interface BlockingCredentialProvider

Returns:

true to ask the client to process this credential provider throught a new window

_deleteAllPastLoginFailedBDD

protected void _deleteAllPastLoginFailedBDD()

Delete all past failed connections

requestNbConnectBDD

public Integer requestNbConnectBDD(String login,
                                   String populationId)

Get the number of failed connections with this login

Parameters:

login - The login to request

populationId - The user's population

Returns:

the number of connection failed

_setNbConnectBDD

protected Integer _setNbConnectBDD(String login,
                                   String populationId)

Get the number of failed connections with this login

Parameters:

login - The login to set

populationId - The population id of the user

Returns:

the number of failed connection

_insertLoginNbConnectBDD

protected void _insertLoginNbConnectBDD(String login,
                                        String populationId)

Insert the login with one failed connection in the BDD

Parameters:

login - The login to insert

populationId - The population id

_deleteLoginFailedBDD

protected void _deleteLoginFailedBDD(String login,
                                     String populationId)

Delete the login from the table of the failed connection

Parameters:

login - The login to remove

populationId - The populationId of the user

_updateLoginNbConnectBDD

protected void _updateLoginNbConnectBDD(String login,
                                        String populationId,
                                        Integer nbConnect)

Update the number of failed connections of the login in the BDD

Parameters:

login - The login to update

populationId - The user's population

nbConnect - The nb of connection to set

_getCookieValue

protected String _getCookieValue()

Return the cookie value corresponding to the searched name

Returns:

the value of the cookie or null if not

_isCookieAlreadySet

protected boolean _isCookieAlreadySet()

Checks if cookie already exists

Returns:

boolean

_updateCookie

protected void _updateCookie(String value)

Update the cookie for client-side purpose

Parameters:

value - the cookie value

_deleteCookie

protected void _deleteCookie()

Delete the cookie