Class FormCredentialProvider
- java.lang.Object
-
- org.ametys.runtime.plugin.component.AbstractLogEnabled
-
- org.ametys.core.authentication.AbstractCredentialProvider
-
- org.ametys.plugins.core.impl.authentication.FormCredentialProvider
-
- All Implemented Interfaces:
BlockingCredentialProvider
,CredentialProvider
,LogoutCapable
,NonBlockingCredentialProvider
,LogEnabled
,Component
,Configurable
,Contextualizable
,Serviceable
public class FormCredentialProvider extends AbstractCredentialProvider implements NonBlockingCredentialProvider, BlockingCredentialProvider, LogoutCapable, Contextualizable, Configurable, Serviceable
This manager gets the credentials coming from an authentication form.
This manager can create a cookie to save credentials
Parameters are : - The name of the pool
- The html field name for user name
- The html field name for user password
- The html field name for the check box which allow to create a cookie, must return 'true' when checked
- A boolean, to activate or not the user info saving by cookie
- The cookie name, to retrieve info
- The cookie duration (in seconds), by default set to 1 week
- A login url (do not start with a "/")
- A failure login url (do not start with a "/"). The failure Url can receive the login entered by the visitor.
- A list of URL prefixes that are accessible without authentication. The login and failure URLs are always accessible without authentication.
For example :
<username-field>Username</username-field>
<password-field>Password</password-field>
<cookie>
<cookieEnabled>true</cookieEnabled>
<cookieLifeTime>604800</cookieLifeTime>
<cookieName>AmetysAuthentication</cookieName>
</cookie>
<loginUrl internal="true">login.html</loginUrl>
<loginFailedUrl provideLoginParameter="true" internal="true">login_failed.html</loginFailedUrl>
<unauthenticated>
<urlPrefix>subscribe.html</urlPrefix>
<urlPrefix>lostPassword/</urlPrefix>
</unauthenticated>
-
-
Field Summary
Fields Modifier and Type Field Description private static String
__PARAM_CAPTCHA
Name of the parameter holding the captcha optionsprivate static String
__PARAM_COOKIES
Name of the parameter holding the cookies optionprivate static String
__PARAM_DATASOURCE
Name of the parameter holder the datasource idprivate static String
__PARAM_LOGIN_BY_EMAIL
Name of the parameter holding the allow of login by emailprotected Collection<Pattern>
_acceptedUrlPatterns
A list of accepted url patternsprotected Set<String>
_acceptedUrlPrefixes
Set of accepted url prefixes (default : empty).protected boolean
_allowCookies
Security level : allow storage in cookiesprotected boolean
_allowLoginByEmail
Allow login by emailprotected AuthenticationTokenManager
_authenticationTokenManager
The token managerprotected String
_captchaField
Name of the captcha answer html fieldprotected String
_captchaKeyField
Name of the captcha key html fieldprotected Context
_context
Contextprotected boolean
_cookieEnabled
Indicates if the user credentials must be saved by a cookieprotected long
_cookieLifetime
Cookie duration in seconds, by default COOKIE_LIFETIMEprotected String
_cookieName
The name of the cookieprotected String
_datasourceId
The datasource idprotected boolean
_lazyInitialized
was lazy initialize doneprotected String
_passwordField
Name of the user password html fieldprotected String
_rememberMeField
Name of the "remember me" html fieldprotected SourceResolver
_sourceResolver
The avalon source resolverprotected boolean
_useCaptchaOnFailure
Security level : use captcha after three connection failedprotected String
_usernameField
Name of the user name html fieldprotected UserPopulationDAO
_userPopulationDAO
The user population DAOstatic String
AUTHENTICATION_BY_COOKIE
Password value in case of info retrieved from cookiestatic int
COOKIE_LIFETIME
Default cookie lifetime (15 days in seconds)static Integer
NB_CONNECTION_ATTEMPTS
Number of connection attempts allowedprotected static Integer
TIME_ALLOWED
Duration in days a connection failure will last
-
Constructor Summary
Constructors Constructor Description FormCredentialProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
_deleteAllPastLoginFailedBDD()
Delete all past failed connectionsprotected void
_deleteCookie()
Delete the cookieprotected void
_deleteLoginFailedBDD(String login, String populationId)
Delete the login from the table of the failed connectionprotected String
_getCookieValue()
Return the cookie value corresponding to the searched nameprivate UserPopulation
_getPopulation(Request request)
private UserIdentity
_getUserIdentityFromRequest(Request request)
protected void
_insertLoginNbConnectBDD(String login, String populationId)
Insert the login with one failed connection in the BDDprotected boolean
_isCookieAlreadySet()
Checks if cookie already existsprotected Integer
_setNbConnectBDD(String login, String populationId)
Get the number of failed connections with this loginprotected void
_updateCookie(String value)
Update the cookie for client-side purposeprotected void
_updateLoginNbConnectBDD(String login, String populationId, Integer nbConnect)
Update the number of failed connections of the login in the BDDUserIdentity
blockingGetUserIdentity(Redirector redirector)
Method called by AuthenticateAction each time a request need authentication.boolean
blockingGrantAnonymousRequest()
Method called by AuthenticateAction before asking for credentials.boolean
blockingIsStillConnected(UserIdentity userIdentity, Redirector redirector)
Validates that the user specify is still connectedvoid
blockingUserAllowed(UserIdentity userConnected)
Method called by AuthenticateAction after authentication process succeededvoid
blockingUserNotAllowed(Redirector redirector)
Method called by AuthenticateAction each a user could not get authenticated.void
configure(Configuration configuration)
void
contextualize(Context context)
protected Connection
getSQLConnection()
Get the connection to the databasevoid
init(String id, String cpModelId, Map<String,Object> paramValues, String label)
Initialize the credential provider with given parameters' values.void
logout()
Logout a particular user.UserIdentity
nonBlockingGetUserIdentity(Redirector redirector)
Method called by AuthenticateAction each time a request need authentication.boolean
nonBlockingGrantAnonymousRequest()
Method called by AuthenticateAction before asking for credentials.boolean
nonBlockingIsStillConnected(UserIdentity userIdentity, Redirector redirector)
Validates that the user specify is still connectedvoid
nonBlockingUserAllowed(UserIdentity userConnected)
Method called by AuthenticateAction after authentication process succeededvoid
nonBlockingUserNotAllowed(Redirector redirector)
Method called by AuthenticateAction each a user could not get authenticated.Integer
requestNbConnectBDD(String login, String populationId)
Get the number of failed connections with this loginboolean
requiresNewWindow()
Does this blocking credential provider requires a new window to process.void
service(ServiceManager manager)
-
Methods inherited from class org.ametys.core.authentication.AbstractCredentialProvider
equals, getCredentialProviderModelId, getId, getLabel, getParameterValues, hashCode
-
Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLogger
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.ametys.core.authentication.CredentialProvider
getCredentialProviderModelId, getId, getLabel, getParameterValues, getUserIdentity, grantAnonymousRequest, isStillConnected, userAllowed, userNotAllowed
-
-
-
-
Field Detail
-
AUTHENTICATION_BY_COOKIE
public static final String AUTHENTICATION_BY_COOKIE
Password value in case of info retrieved from cookie- See Also:
- Constant Field Values
-
NB_CONNECTION_ATTEMPTS
public static final Integer NB_CONNECTION_ATTEMPTS
Number of connection attempts allowed
-
COOKIE_LIFETIME
public static final int COOKIE_LIFETIME
Default cookie lifetime (15 days in seconds)- See Also:
- Constant Field Values
-
TIME_ALLOWED
protected static final Integer TIME_ALLOWED
Duration in days a connection failure will last
-
__PARAM_DATASOURCE
private static final String __PARAM_DATASOURCE
Name of the parameter holder the datasource id- See Also:
- Constant Field Values
-
__PARAM_CAPTCHA
private static final String __PARAM_CAPTCHA
Name of the parameter holding the captcha options- See Also:
- Constant Field Values
-
__PARAM_COOKIES
private static final String __PARAM_COOKIES
Name of the parameter holding the cookies option- See Also:
- Constant Field Values
-
__PARAM_LOGIN_BY_EMAIL
private static final String __PARAM_LOGIN_BY_EMAIL
Name of the parameter holding the allow of login by email- See Also:
- Constant Field Values
-
_usernameField
protected String _usernameField
Name of the user name html field
-
_passwordField
protected String _passwordField
Name of the user password html field
-
_rememberMeField
protected String _rememberMeField
Name of the "remember me" html field
-
_captchaField
protected String _captchaField
Name of the captcha answer html field
-
_captchaKeyField
protected String _captchaKeyField
Name of the captcha key html field
-
_cookieEnabled
protected boolean _cookieEnabled
Indicates if the user credentials must be saved by a cookie
-
_cookieName
protected String _cookieName
The name of the cookie
-
_cookieLifetime
protected long _cookieLifetime
Cookie duration in seconds, by default COOKIE_LIFETIME
-
_acceptedUrlPrefixes
protected Set<String> _acceptedUrlPrefixes
Set of accepted url prefixes (default : empty).
-
_acceptedUrlPatterns
protected Collection<Pattern> _acceptedUrlPatterns
A list of accepted url patterns
-
_useCaptchaOnFailure
protected boolean _useCaptchaOnFailure
Security level : use captcha after three connection failed
-
_allowCookies
protected boolean _allowCookies
Security level : allow storage in cookies
-
_allowLoginByEmail
protected boolean _allowLoginByEmail
Allow login by email
-
_userPopulationDAO
protected UserPopulationDAO _userPopulationDAO
The user population DAO
-
_datasourceId
protected String _datasourceId
The datasource id
-
_sourceResolver
protected SourceResolver _sourceResolver
The avalon source resolver
-
_authenticationTokenManager
protected AuthenticationTokenManager _authenticationTokenManager
The token manager
-
_lazyInitialized
protected boolean _lazyInitialized
was lazy initialize done
-
-
Constructor Detail
-
FormCredentialProvider
public FormCredentialProvider()
-
-
Method Detail
-
contextualize
public void contextualize(Context context) throws ContextException
- Specified by:
contextualize
in interfaceContextualizable
- Throws:
ContextException
-
service
public void service(ServiceManager manager) throws ServiceException
- Specified by:
service
in interfaceServiceable
- Throws:
ServiceException
-
init
public void init(String id, String cpModelId, Map<String,Object> paramValues, String label)
Description copied from interface:CredentialProvider
Initialize the credential provider with given parameters' values.- Specified by:
init
in interfaceCredentialProvider
- Overrides:
init
in classAbstractCredentialProvider
- Parameters:
id
- The unique identifiercpModelId
- The id of credential provider extension pointparamValues
- The parameters' valueslabel
- The specific label of this instance. Can be null
-
configure
public void configure(Configuration configuration) throws ConfigurationException
- Specified by:
configure
in interfaceConfigurable
- Throws:
ConfigurationException
-
getSQLConnection
protected Connection getSQLConnection()
Get the connection to the database- Returns:
- the SQL connection
-
logout
public void logout()
Description copied from interface:LogoutCapable
Logout a particular user.- Specified by:
logout
in interfaceLogoutCapable
-
nonBlockingIsStillConnected
public boolean nonBlockingIsStillConnected(UserIdentity userIdentity, Redirector redirector)
Description copied from interface:NonBlockingCredentialProvider
Validates that the user specify is still connected- Specified by:
nonBlockingIsStillConnected
in interfaceNonBlockingCredentialProvider
- Parameters:
userIdentity
- the user previously correctly identified with this credential providerredirector
- The cocoon redirector- Returns:
- true if this CredentialProvider was in a valid state, false to restart authentication process
-
blockingIsStillConnected
public boolean blockingIsStillConnected(UserIdentity userIdentity, Redirector redirector)
Description copied from interface:BlockingCredentialProvider
Validates that the user specify is still connected- Specified by:
blockingIsStillConnected
in interfaceBlockingCredentialProvider
- Parameters:
userIdentity
- the user previously correctly identified with this credential providerredirector
- The cocoon redirector- Returns:
- true if this CredentialProvider was in a valid state, false to restart authentication process
-
blockingGrantAnonymousRequest
public boolean blockingGrantAnonymousRequest()
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be required. Use it with care, as it may lead to obvious security issues.- Specified by:
blockingGrantAnonymousRequest
in interfaceBlockingCredentialProvider
- Returns:
- true if the Request is not authenticated
-
nonBlockingGrantAnonymousRequest
public boolean nonBlockingGrantAnonymousRequest()
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be require. Use it with care, as it may lead to obvious security issues.- Specified by:
nonBlockingGrantAnonymousRequest
in interfaceNonBlockingCredentialProvider
- Returns:
- true if the Request is not authenticated
-
blockingGetUserIdentity
public UserIdentity blockingGetUserIdentity(Redirector redirector) throws Exception
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction each time a request need authentication.- Specified by:
blockingGetUserIdentity
in interfaceBlockingCredentialProvider
- Parameters:
redirector
- the cocoon redirector.- Returns:
- the
UserIdentity
corresponding to the user (with or without population specified), or null if user could not get authenticated. - Throws:
Exception
- if something wrong occurs
-
nonBlockingGetUserIdentity
public UserIdentity nonBlockingGetUserIdentity(Redirector redirector) throws Exception
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction each time a request need authentication.- Specified by:
nonBlockingGetUserIdentity
in interfaceNonBlockingCredentialProvider
- Parameters:
redirector
- the cocoon redirector.- Returns:
- the
UserIdentity
corresponding to the user (with or without population specified), or null if user could not get authenticated. - Throws:
Exception
- if something wrong occurs
-
_getUserIdentityFromRequest
private UserIdentity _getUserIdentityFromRequest(Request request) throws AccessDeniedException, NotUniqueUserException
-
_getPopulation
private UserPopulation _getPopulation(Request request)
-
blockingUserNotAllowed
public void blockingUserNotAllowed(Redirector redirector) throws Exception
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.- Specified by:
blockingUserNotAllowed
in interfaceBlockingCredentialProvider
- Parameters:
redirector
- the cocoon Redirector that can be used for redirecting response.- Throws:
Exception
- if something wrong occurs
-
nonBlockingUserNotAllowed
public void nonBlockingUserNotAllowed(Redirector redirector) throws Exception
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.- Specified by:
nonBlockingUserNotAllowed
in interfaceNonBlockingCredentialProvider
- Parameters:
redirector
- the cocoon Redirector that can be used for redirecting response.- Throws:
Exception
- if something wrong occurs
-
blockingUserAllowed
public void blockingUserAllowed(UserIdentity userConnected)
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction after authentication process succeeded- Specified by:
blockingUserAllowed
in interfaceBlockingCredentialProvider
- Parameters:
userConnected
- The user correctly connected
-
nonBlockingUserAllowed
public void nonBlockingUserAllowed(UserIdentity userConnected)
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction after authentication process succeeded- Specified by:
nonBlockingUserAllowed
in interfaceNonBlockingCredentialProvider
- Parameters:
userConnected
- The user correctly connected
-
requiresNewWindow
public boolean requiresNewWindow()
Description copied from interface:BlockingCredentialProvider
Does this blocking credential provider requires a new window to process.- Specified by:
requiresNewWindow
in interfaceBlockingCredentialProvider
- Returns:
- true to ask the client to process this credential provider throught a new window
-
_deleteAllPastLoginFailedBDD
protected void _deleteAllPastLoginFailedBDD()
Delete all past failed connections
-
requestNbConnectBDD
public Integer requestNbConnectBDD(String login, String populationId)
Get the number of failed connections with this login- Parameters:
login
- The login to requestpopulationId
- The user's population- Returns:
- the number of connection failed
-
_setNbConnectBDD
protected Integer _setNbConnectBDD(String login, String populationId)
Get the number of failed connections with this login- Parameters:
login
- The login to setpopulationId
- The population id of the user- Returns:
- the number of failed connection
-
_insertLoginNbConnectBDD
protected void _insertLoginNbConnectBDD(String login, String populationId)
Insert the login with one failed connection in the BDD- Parameters:
login
- The login to insertpopulationId
- The population id
-
_deleteLoginFailedBDD
protected void _deleteLoginFailedBDD(String login, String populationId)
Delete the login from the table of the failed connection- Parameters:
login
- The login to removepopulationId
- The populationId of the user
-
_updateLoginNbConnectBDD
protected void _updateLoginNbConnectBDD(String login, String populationId, Integer nbConnect)
Update the number of failed connections of the login in the BDD- Parameters:
login
- The login to updatepopulationId
- The user's populationnbConnect
- The nb of connection to set
-
_getCookieValue
protected String _getCookieValue()
Return the cookie value corresponding to the searched name- Returns:
- the value of the cookie or null if not
-
_isCookieAlreadySet
protected boolean _isCookieAlreadySet()
Checks if cookie already exists- Returns:
- boolean
-
_updateCookie
protected void _updateCookie(String value)
Update the cookie for client-side purpose- Parameters:
value
- the cookie value
-
_deleteCookie
protected void _deleteCookie()
Delete the cookie
-
-