Class FormCredentialProvider
java.lang.Object
org.ametys.runtime.plugin.component.AbstractLogEnabled
org.ametys.core.authentication.AbstractCredentialProvider
org.ametys.plugins.core.impl.authentication.FormCredentialProvider
- All Implemented Interfaces:
BlockingCredentialProvider
,CredentialProvider
,LogoutCapable
,NonBlockingCredentialProvider
,LogEnabled
,Component
,Configurable
,Contextualizable
,Serviceable
public class FormCredentialProvider
extends AbstractCredentialProvider
implements NonBlockingCredentialProvider, BlockingCredentialProvider, LogoutCapable, Contextualizable, Configurable, Serviceable
This manager gets the credentials coming from an authentication form.
This manager can create a cookie to save credentials
Parameters are : - The name of the pool
- The html field name for user name
- The html field name for user password
- The html field name for the check box which allow to create a cookie, must return 'true' when checked
- A boolean, to activate or not the user info saving by cookie
- The cookie name, to retrieve info
- The cookie duration (in seconds), by default set to 1 week
- A login url (do not start with a "/")
- A failure login url (do not start with a "/"). The failure Url can receive the login entered by the visitor.
- A list of URL prefixes that are accessible without authentication. The login and failure URLs are always accessible without authentication.
For example :
<username-field>Username</username-field>
<password-field>Password</password-field>
<cookie>
<cookieEnabled>true</cookieEnabled>
<cookieLifeTime>604800</cookieLifeTime>
<cookieName>AmetysAuthentication</cookieName>
</cookie>
<loginUrl internal="true">login.html</loginUrl>
<loginFailedUrl provideLoginParameter="true" internal="true">login_failed.html</loginFailedUrl>
<unauthenticated>
<urlPrefix>subscribe.html</urlPrefix>
<urlPrefix>lostPassword/</urlPrefix>
</unauthenticated>
This manager can create a cookie to save credentials
Parameters are : - The name of the pool
- The html field name for user name
- The html field name for user password
- The html field name for the check box which allow to create a cookie, must return 'true' when checked
- A boolean, to activate or not the user info saving by cookie
- The cookie name, to retrieve info
- The cookie duration (in seconds), by default set to 1 week
- A login url (do not start with a "/")
- A failure login url (do not start with a "/"). The failure Url can receive the login entered by the visitor.
- A list of URL prefixes that are accessible without authentication. The login and failure URLs are always accessible without authentication.
For example :
<username-field>Username</username-field>
<password-field>Password</password-field>
<cookie>
<cookieEnabled>true</cookieEnabled>
<cookieLifeTime>604800</cookieLifeTime>
<cookieName>AmetysAuthentication</cookieName>
</cookie>
<loginUrl internal="true">login.html</loginUrl>
<loginFailedUrl provideLoginParameter="true" internal="true">login_failed.html</loginFailedUrl>
<unauthenticated>
<urlPrefix>subscribe.html</urlPrefix>
<urlPrefix>lostPassword/</urlPrefix>
</unauthenticated>
-
Field Summary
Modifier and TypeFieldDescriptionprotected Collection<Pattern>
A list of accepted url patternsSet of accepted url prefixes (default : empty).protected boolean
Security level : allow storage in cookiesprotected boolean
Allow login by emailprotected AuthenticationTokenManager
The token managerprotected String
Name of the captcha answer html fieldprotected String
Name of the captcha key html fieldprotected Context
Contextprotected boolean
Indicates if the user credentials must be saved by a cookieprotected long
Cookie duration in seconds, by default COOKIE_LIFETIMEprotected String
The name of the cookieprotected String
The datasource idprotected boolean
was lazy initialize doneprotected String
Name of the user password html fieldprotected String
Name of the "remember me" html fieldprotected SourceResolver
The avalon source resolverprotected boolean
Security level : store password in sessionprotected boolean
Security level : use captcha after three connection failedprotected String
Name of the user name html fieldprotected UserPopulationDAO
The user population DAOstatic final String
Password value in case of info retrieved from cookiestatic final int
Default cookie lifetime (15 days in seconds)static final Integer
Number of connection attempts allowedstatic final String
The session attribute containing the password, if the corresponding option has been checkedprotected static final Integer
Duration in days a connection failure will last -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected void
Delete all past failed connectionsprotected void
Delete the cookieprotected void
_deleteLoginFailedBDD
(String login, String populationId) Delete the login from the table of the failed connectionprotected String
Return the cookie value corresponding to the searched nameprotected void
_insertLoginNbConnectBDD
(String login, String populationId) Insert the login with one failed connection in the BDDprotected boolean
Checks if cookie already existsprotected Integer
_setNbConnectBDD
(String login, String populationId) Get the number of failed connections with this loginprotected void
_updateCookie
(String value) Update the cookie for client-side purposeprotected void
_updateLoginNbConnectBDD
(String login, String populationId, Integer nbConnect) Update the number of failed connections of the login in the BDDblockingGetUserIdentity
(Redirector redirector) Method called by AuthenticateAction each time a request need authentication.boolean
Method called by AuthenticateAction before asking for credentials.boolean
blockingIsStillConnected
(UserIdentity userIdentity, Redirector redirector) Validates that the user specify is still connectedvoid
blockingUserAllowed
(UserIdentity userConnected, Redirector redirector) Method called by AuthenticateAction after authentication process succeededvoid
blockingUserNotAllowed
(Redirector redirector) Method called by AuthenticateAction each a user could not get authenticated.void
configure
(Configuration configuration) void
contextualize
(Context context) protected Connection
Get the connection to the databasevoid
Initialize the credential provider with given parameters' values.void
logout()
Logout a particular user.nonBlockingGetUserIdentity
(Redirector redirector) Method called by AuthenticateAction each time a request need authentication.boolean
Method called by AuthenticateAction before asking for credentials.boolean
nonBlockingIsStillConnected
(UserIdentity userIdentity, Redirector redirector) Validates that the user specify is still connectedvoid
nonBlockingUserAllowed
(UserIdentity userConnected, Redirector redirector) Method called by AuthenticateAction after authentication process succeededvoid
nonBlockingUserNotAllowed
(Redirector redirector) Method called by AuthenticateAction each a user could not get authenticated.requestNbConnectBDD
(String login, String populationId) Get the number of failed connections with this loginboolean
Does this blocking credential provider requires a new window to process.void
service
(ServiceManager manager) Methods inherited from class org.ametys.core.authentication.AbstractCredentialProvider
equals, getCredentialProviderModelId, getId, getLabel, getParameterValues, hashCode
Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLogger
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.ametys.core.authentication.CredentialProvider
getCredentialProviderModelId, getId, getLabel, getParameterValues, getUserIdentity, grantAnonymousRequest, isStillConnected, userAllowed, userNotAllowed
-
Field Details
-
AUTHENTICATION_BY_COOKIE
Password value in case of info retrieved from cookie- See Also:
-
NB_CONNECTION_ATTEMPTS
Number of connection attempts allowed -
COOKIE_LIFETIME
Default cookie lifetime (15 days in seconds)- See Also:
-
PASSWORD_SESSION_ATTRIBUTE
The session attribute containing the password, if the corresponding option has been checked- See Also:
-
TIME_ALLOWED
Duration in days a connection failure will last -
_usernameField
Name of the user name html field -
_passwordField
Name of the user password html field -
_rememberMeField
Name of the "remember me" html field -
_captchaField
Name of the captcha answer html field -
_captchaKeyField
Name of the captcha key html field -
_cookieEnabled
Indicates if the user credentials must be saved by a cookie -
_cookieName
The name of the cookie -
_cookieLifetime
Cookie duration in seconds, by default COOKIE_LIFETIME -
_acceptedUrlPrefixes
Set of accepted url prefixes (default : empty). -
_acceptedUrlPatterns
A list of accepted url patterns -
_useCaptchaOnFailure
Security level : use captcha after three connection failed -
_allowCookies
Security level : allow storage in cookies -
_storePasswordInSession
Security level : store password in session -
_allowLoginByEmail
Allow login by email -
_context
Context -
_userPopulationDAO
The user population DAO -
_datasourceId
The datasource id -
_sourceResolver
The avalon source resolver -
_authenticationTokenManager
The token manager -
_lazyInitialized
was lazy initialize done
-
-
Constructor Details
-
FormCredentialProvider
public FormCredentialProvider()
-
-
Method Details
-
contextualize
- Specified by:
contextualize
in interfaceContextualizable
- Throws:
ContextException
-
service
- Specified by:
service
in interfaceServiceable
- Throws:
ServiceException
-
init
public void init(String id, String cpModelId, Map<String, Object> paramValues, String label) throws ExceptionDescription copied from interface:CredentialProvider
Initialize the credential provider with given parameters' values.- Specified by:
init
in interfaceCredentialProvider
- Overrides:
init
in classAbstractCredentialProvider
- Parameters:
id
- The unique identifiercpModelId
- The id of credential provider extension pointparamValues
- The parameters' valueslabel
- The specific label of this instance. Can be null- Throws:
Exception
- If an error occurred
-
configure
- Specified by:
configure
in interfaceConfigurable
- Throws:
ConfigurationException
-
getSQLConnection
Get the connection to the database- Returns:
- the SQL connection
-
logout
Description copied from interface:LogoutCapable
Logout a particular user.- Specified by:
logout
in interfaceLogoutCapable
-
nonBlockingIsStillConnected
Description copied from interface:NonBlockingCredentialProvider
Validates that the user specify is still connected- Specified by:
nonBlockingIsStillConnected
in interfaceNonBlockingCredentialProvider
- Parameters:
userIdentity
- the user previously correctly identified with this credential providerredirector
- The cocoon redirector- Returns:
- true if this CredentialProvider was in a valid state, false to restart authentication process
-
blockingIsStillConnected
Description copied from interface:BlockingCredentialProvider
Validates that the user specify is still connected- Specified by:
blockingIsStillConnected
in interfaceBlockingCredentialProvider
- Parameters:
userIdentity
- the user previously correctly identified with this credential providerredirector
- The cocoon redirector- Returns:
- true if this CredentialProvider was in a valid state, false to restart authentication process
-
blockingGrantAnonymousRequest
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be required. Use it with care, as it may lead to obvious security issues.- Specified by:
blockingGrantAnonymousRequest
in interfaceBlockingCredentialProvider
- Returns:
- true if the Request is not authenticated
-
nonBlockingGrantAnonymousRequest
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be require. Use it with care, as it may lead to obvious security issues.- Specified by:
nonBlockingGrantAnonymousRequest
in interfaceNonBlockingCredentialProvider
- Returns:
- true if the Request is not authenticated
-
blockingGetUserIdentity
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction each time a request need authentication.- Specified by:
blockingGetUserIdentity
in interfaceBlockingCredentialProvider
- Parameters:
redirector
- the cocoon redirector.- Returns:
- the
UserIdentity
corresponding to the user (with or without population specified), or null if user could not get authenticated. - Throws:
Exception
- if something wrong occurs
-
nonBlockingGetUserIdentity
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction each time a request need authentication.- Specified by:
nonBlockingGetUserIdentity
in interfaceNonBlockingCredentialProvider
- Parameters:
redirector
- the cocoon redirector.- Returns:
- the
UserIdentity
corresponding to the user (with or without population specified), or null if user could not get authenticated. - Throws:
Exception
- if something wrong occurs
-
blockingUserNotAllowed
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.- Specified by:
blockingUserNotAllowed
in interfaceBlockingCredentialProvider
- Parameters:
redirector
- the cocoon Redirector that can be used for redirecting response.- Throws:
Exception
- if something wrong occurs
-
nonBlockingUserNotAllowed
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.- Specified by:
nonBlockingUserNotAllowed
in interfaceNonBlockingCredentialProvider
- Parameters:
redirector
- the cocoon Redirector that can be used for redirecting response.
-
blockingUserAllowed
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction after authentication process succeeded- Specified by:
blockingUserAllowed
in interfaceBlockingCredentialProvider
- Parameters:
userConnected
- The user correctly connectedredirector
- the cocoon Redirector that can be used for redirecting response.
-
nonBlockingUserAllowed
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction after authentication process succeeded- Specified by:
nonBlockingUserAllowed
in interfaceNonBlockingCredentialProvider
- Parameters:
userConnected
- The user correctly connectedredirector
- the cocoon Redirector that can be used for redirecting response.
-
requiresNewWindow
Description copied from interface:BlockingCredentialProvider
Does this blocking credential provider requires a new window to process.- Specified by:
requiresNewWindow
in interfaceBlockingCredentialProvider
- Returns:
- true to ask the client to process this credential provider throught a new window
-
_deleteAllPastLoginFailedBDD
Delete all past failed connections -
requestNbConnectBDD
Get the number of failed connections with this login- Parameters:
login
- The login to requestpopulationId
- The user's population- Returns:
- the number of connection failed
-
_setNbConnectBDD
Get the number of failed connections with this login- Parameters:
login
- The login to setpopulationId
- The population id of the user- Returns:
- the number of failed connection
-
_insertLoginNbConnectBDD
Insert the login with one failed connection in the BDD- Parameters:
login
- The login to insertpopulationId
- The population id
-
_deleteLoginFailedBDD
Delete the login from the table of the failed connection- Parameters:
login
- The login to removepopulationId
- The populationId of the user
-
_updateLoginNbConnectBDD
Update the number of failed connections of the login in the BDD- Parameters:
login
- The login to updatepopulationId
- The user's populationnbConnect
- The nb of connection to set
-
_getCookieValue
Return the cookie value corresponding to the searched name- Returns:
- the value of the cookie or null if not
-
_isCookieAlreadySet
Checks if cookie already exists- Returns:
- boolean
-
_updateCookie
Update the cookie for client-side purpose- Parameters:
value
- the cookie value
-
_deleteCookie
Delete the cookie
-