001/*
002 *  Copyright 2016 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.core.authentication;
017
018import java.util.Map;
019
020import org.apache.cocoon.environment.Redirector;
021
022import org.ametys.core.user.UserIdentity;
023
024/**
025 * Defines the authentication mode of users.
026 * Implementations may cover HTTP authentication, SSO, ...
027 * DO NOT implement this interface, implements either {@link BlockingCredentialProvider}, 
028 * either {@link NonBlockingCredentialProvider} or both.
029 */
030public interface CredentialProvider
031{
032    /**
033     * A unique identifier
034     * @return The non-null and non-empty identifier
035     */
036    public String getId();
037    
038    /**
039     * Get the label of the CredentialProvider
040     * @return The label
041     */
042    public String getLabel();
043    
044    /**
045     * Get the id of the {@link CredentialProviderModel} extension point
046     * @return the id of extension point
047     */
048    public String getCredentialProviderModelId();
049    
050    /**
051     * Get the values of parameters (from credential provider model)
052     * @return the parameters' values
053     */
054    public Map<String, Object> getParameterValues();
055    
056    /**
057     * Initialize the credential provider with given parameters' values.
058     * @param id The unique identifier
059     * @param cpModelId The id of credential provider extension point
060     * @param paramValues The parameters' values
061     * @param label The specific label of this instance. Can be null
062     * @throws Exception If an error occurred
063     */
064    public void init(String id, String cpModelId, Map<String, Object> paramValues, String label) throws Exception;
065    
066    /**
067     * Method called by AuthenticateAction before asking for credentials. This
068     * method is used to bypass authentication. If this method returns true, no
069     * authentication will be required. Use it with care, as it may lead to
070     * obvious security issues.
071     * @param blockingkMode true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available 
072     * @return true if the Request does not need to be authenticated
073     */
074    public default boolean grantAnonymousRequest(boolean blockingkMode)
075    {
076        if (!blockingkMode && this instanceof NonBlockingCredentialProvider)
077        {
078            return ((NonBlockingCredentialProvider) this).nonBlockingGrantAnonymousRequest();
079        }
080        else if (blockingkMode && this instanceof BlockingCredentialProvider)
081        {
082            return ((BlockingCredentialProvider) this).blockingGrantAnonymousRequest();
083        }
084        else
085        {
086            return false;
087        }
088    }
089
090    /**
091     * Validates that the user specify is still connected
092     * @param userCurrentlyConnected the user previously correctly identified with this credential provider
093     * @param blockingkMode true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available 
094     * @param redirector The cocoon redirector
095     * @return true if this CredentialProvider was in a valid state, false to restart authentication process
096     * @throws Exception If an error occurred
097     */
098    public default boolean isStillConnected(boolean blockingkMode, UserIdentity userCurrentlyConnected, Redirector redirector) throws Exception
099    {
100        if (!blockingkMode && this instanceof NonBlockingCredentialProvider)
101        {
102            return ((NonBlockingCredentialProvider) this).nonBlockingIsStillConnected(userCurrentlyConnected, redirector);
103        }
104        else if (blockingkMode && this instanceof BlockingCredentialProvider)
105        {
106            return ((BlockingCredentialProvider) this).blockingIsStillConnected(userCurrentlyConnected, redirector);
107        }
108        else
109        {
110            return false;
111        }
112    }
113    
114    /**
115     * Method called by AuthenticateAction each time a request need
116     * authentication.
117     * @param blockingkMode true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available 
118     * @param redirector the cocoon redirector.
119     * @return the <code>UserIdentity</code> corresponding to the user (with or without population specified), or null if user could not get authenticated.
120     * @throws Exception If an error occurred
121     */
122    public default UserIdentity getUserIdentity(boolean blockingkMode, Redirector redirector) throws Exception
123    {
124        if (!blockingkMode && this instanceof NonBlockingCredentialProvider)
125        {
126            return ((NonBlockingCredentialProvider) this).nonBlockingGetUserIdentity(redirector);
127        }
128        else if (blockingkMode && this instanceof BlockingCredentialProvider)
129        {
130            return ((BlockingCredentialProvider) this).blockingGetUserIdentity(redirector);
131        }
132        else
133        {
134            return null;
135        } 
136    }
137
138    /**
139     * Method called by AuthenticateAction each a user could not get
140     * authenticated. This method implementation is responsible of redirecting
141     * response to appropriate url.
142     * @param blockingkMode true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available 
143     * @param redirector the cocoon Redirector that can be used for redirecting response.
144     * @throws Exception if something wrong occurs
145     */
146    public default void userNotAllowed(boolean blockingkMode, Redirector redirector) throws Exception
147    {
148        if (!blockingkMode && this instanceof NonBlockingCredentialProvider)
149        {
150            ((NonBlockingCredentialProvider) this).nonBlockingUserNotAllowed(redirector);
151        }
152        else if (blockingkMode && this instanceof BlockingCredentialProvider)
153        {
154            ((BlockingCredentialProvider) this).blockingUserNotAllowed(redirector);
155        }
156    }
157
158    /**
159     * Method called by AuthenticateAction after authentication process succeeded
160     * @param blockingkMode true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available 
161     * @param userIdentity The user correctly connected
162     * @param redirector the cocoon Redirector that can be used for redirecting response.
163     * @throws Exception if something wrong occurs
164     */
165    public default void userAllowed(boolean blockingkMode, UserIdentity userIdentity, Redirector redirector) throws Exception
166    {
167        if (!blockingkMode && this instanceof NonBlockingCredentialProvider)
168        {
169            ((NonBlockingCredentialProvider) this).nonBlockingUserAllowed(userIdentity, redirector);
170        }
171        else if (blockingkMode && this instanceof BlockingCredentialProvider)
172        {
173            ((BlockingCredentialProvider) this).blockingUserAllowed(userIdentity, redirector);
174        }
175
176    }
177}