Package org.ametys.core.authentication

Class AuthenticateAction

java.lang.Object

org.apache.avalon.framework.logger.AbstractLogEnabled

org.apache.cocoon.acting.AbstractAction

org.apache.cocoon.acting.ServiceableAction

org.ametys.core.authentication.AuthenticateAction

All Implemented Interfaces:

Initializable, Component, LogEnabled, Serviceable, ThreadSafe, Action

Direct Known Subclasses:

AdminAuthenticateAction, AuthenticateAction, AuthenticateAction, BlockingCredentialProviderAction, FrontAuthenticateAction, WebAuthenticateAction

public class AuthenticateAction
extends ServiceableAction
implements ThreadSafe, Initializable

Cocoon action to perform authentication.
The CredentialProvider define the authentication method and retrieves Credentials.
Finally, the Users instance extract the Principal corresponding to the Credentials.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
protected static enum	AuthenticateAction.TOKEN_MODE	The token mode of this authentication action

Field Summary

Fields

Modifier and Type	Field	Description
protected Collection<Pattern>	_acceptedUrlPatterns	url requires for authentication
protected AuthenticationTokenManager	_authenticateTokenManager	The authentication token manager
protected CurrentUserProvider	_currentUserProvider	The current user provider
protected ObservationManager	_observationManager	The observation manager
protected PopulationContextHelper	_populationContextHelper	The helper for the associations population/context
protected UserManager	_userManager	The user manager
protected UserPasswordManager	_userPasswordManager	The user account manager
protected UserPopulationDAO	_userPopulationDAO	The DAO for user populations
static final String	HEADER_TOKEN	The header parameter that can be set to handle the token
protected static final String	PARAMETERS_PARAMETER_TOKEN	The sitemap parameter holding the token
protected static final String	PARAMETERS_PARAMETER_TOKEN_CONTEXT	The sitemap parameter holding the token context
static final String	REQUEST_ATTRIBUTE_AUTHENTICATED	The request attribute name for indicating that the authentication process has been made.
static final String	REQUEST_ATTRIBUTE_AVAILABLE_USER_POPULATIONS_LIST	The request attribute name for transmitting the list of user populations
protected static final String	REQUEST_ATTRIBUTE_CONTEXTS	The request attribute name for transmitting the list of contexts
protected static final String	REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_INDEX	The request attribute name for transmitting the index in the list of chosen credential provider
protected static final String	REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_LIST	The request attribute name for transmitting a boolean that tell if there is a list of credential provider to choose
static final String	REQUEST_ATTRIBUTE_GRANTED	The request attribute meaning that the request was not authenticated but granted
static final String	REQUEST_ATTRIBUTE_INTERNAL_ALLOWED	The request attribute to allow internal action from an internal request.
protected static final String	REQUEST_ATTRIBUTE_INVALID_POPULATION	The request attribute name for transmitting the potential list of user populations to the login screen .
static final String	REQUEST_ATTRIBUTE_LOGIN_URL	The request attribute name for transmitting the login page url
protected static final String	REQUEST_ATTRIBUTE_SHOULD_DISPLAY_USER_POPULATIONS_LIST	The request attribute name to know if user population list should be proposed
static final String	REQUEST_ATTRIBUTE_USER_POPULATION_ID	The request attribute name for transmitting the currently chosen user population
static final String	REQUEST_PARAMETER_CREDENTIALPROVIDER_INDEX	Name of the credential provider index HTML field
static final String	REQUEST_PARAMETER_NONBLOCING	Name of a parameter to change non blocking CP behavior
static final String	REQUEST_PARAMETER_POPULATION_NAME	Name of the user population HTML field
static final String	REQUEST_PARAMETER_TOKEN	The request parameter holding the token
static final String	REQUEST_PARAMETER_TOKEN_CONTEXT	The request parameter holding the token context
protected static final String	SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX	The session attribute name for storing the credential provider index of the authentication (during connection process)
protected static final String	SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX_LASTBLOCKINGKNOWN	The session attribute name for storing the last known credential provider index of the authentication (during connection process)
protected static final String	SESSION_CONNECTING_CREDENTIALPROVIDER_MODE	The session attribute name for storing the credential provider mode of the authentication: non-blocking=>false, blocking=>true (during connection process)
protected static final String	SESSION_CONNECTING_USERPOPULATION_ID	The session attribute name for storing the id of the user population (during connection process)
protected static final String	SESSION_CREDENTIALPROVIDER	The session attribute name for storing the credential provider of the authentication
protected static final String	SESSION_CREDENTIALPROVIDER_MODE	The session attribute name for storing the credential provider mode of the authentication: non-blocking=>false, blocking=>true
static final String	SESSION_USERIDENTITY	The session attribute name for storing the identity of the connected user
protected static final String	SITEMAP_PARAMETER_TOKEN_MODE	The sitemap parameter to set the token mode of the action

Fields inherited from class org.apache.cocoon.acting.ServiceableAction

manager

Fields inherited from class org.apache.cocoon.acting.AbstractAction

EMPTY_MAP

Fields inherited from interface org.apache.cocoon.acting.Action

ROLE

Constructor Summary

Constructors

Constructor	Description
AuthenticateAction()

Method Summary

Modifier and Type	Method	Description
protected boolean	_acceptedUrl(Request request)	Determine if the request is one of the authentication process (except the credential providers)
protected boolean	_doProcess(Request request, boolean runningBlockingkMode, CredentialProvider runningCredentialProvider, Redirector redirector, List<UserPopulation> userPopulations)	Try to authenticate with this credential provider in this mode
protected Set<String>	_getAvailableUserPopulationsIds(Request request, List<String> contexts)	Get the available populations for the given contexts
protected String	_getChosenUserPopulationId(Request request, List<UserPopulation> availableUserPopulations)	Get the population for the given context
protected List<String>	_getContexts(Request request, Parameters parameters)	Get the authentication context
protected CredentialProvider	_getCredentialProviderFromSession(Request request)	Get the credential provider used for the current connection
protected Boolean	_getCredentialProviderModeFromSession(Request request)	Get the credential provider mode used for the current connection
protected int	_getCurrentCredentialProviderIndex(Request request, List<CredentialProvider> availableCredentialProviders)	Get the current credential provider index or -1 if there no running provider
protected Integer	_getCurrentCredentialProviderIndexFromParameter(Request request)	Get the current credential provider index or -1 if there no running provider FROM REQUEST PARAMETER
protected String	_getTokenFromRequest(Request request)	Get the token from the request
protected UserIdentity	_getUserIdentity(List<UserPopulation> userPopulations, UserIdentity potentialUserIdentity, Redirector redirector, boolean runningBlockingkMode, CredentialProvider runningCredentialProvider)	Check the authentications of the authentication manager
protected UserIdentity	_getUserIdentityFromSession(Request request)	Get the user identity of the connected user from the session
protected Optional<String>	_getWeakPasswordURI(Request request, UserIdentity userIdentity)	Get the URI where the user should be redirected after a weak password is detected
protected boolean	_handleAuthenticationToken(Request request, Parameters parameters)	Authenticate a user using the token in request (if configured so)
protected boolean	_handleLogout(Redirector redirector, Map objectModel, String source, Parameters parameters)	Test if user wants to logout and handle it
protected void	_handleWeakPassword(Request request, CredentialProvider runningCredentialProvider, Redirector redirector, UserIdentity userIdentity)	Handle weak password exception
protected boolean	_hasCredentialProviders(List<UserPopulation> userPopulations)	Determine if there is a list of credential providers to use
protected boolean	_internalRequest(Request request)	Determine if the request is internal and do not need authentication
protected boolean	_isCurrentCredentialProviderInBlockingMode(Request request)	If there is a running credential provider, was it in non-blocking or blocking mode?
protected void	_logLoginEvent(CredentialProvider credentialProvider, UserIdentity userIdentity)	Log login event
protected void	_logLogoutEvent(UserIdentity userIdentity)	Log logout event
protected boolean	_preFlightCheck(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters)	Prepare authentication
protected boolean	_prepareUserPopulationsAndCredentialProviders(Request request, Parameters parameters, Redirector redirector, List<UserPopulation> chosenUserPopulations, List<CredentialProvider> credentialProviders)	Fill the list of available users populations and credential providers
protected boolean	_process(Request request, boolean runningBlockingkMode, CredentialProvider runningCredentialProvider, int runningCredentialProviderIndex, Redirector redirector, List<UserPopulation> userPopulations)	Try to authenticate with this credential provider in this mode.
protected static void	_resetConnectingStateToSession(Request request)	Reset the connecting information in session
protected void	_saveConnectingStateToSession(Request request, int runningCredentialProviderIndex, boolean runningBlockingkMode)	When the process end successfully, save the state
protected void	_setUserIdentityInSession(Request request, UserIdentity userIdentity, CredentialProvider credentialProvider, boolean blockingMode)	Save user identity in request
protected boolean	_validateCurrentlyConnectedUser(Request request, Redirector redirector, Parameters parameters)	This method ensure that there is a currently connected user and that it is still valid
protected void	_validateCurrentlyConnectedUserIsInAuthorizedPopulation(UserIdentity userCurrentlyConnected, Request request, Parameters parameters)	This method is the second part of the process that ensure that there is a currently connected user and that it is still valid
protected UserIdentity	_validateToken(String token, String context)	Validate the given token
Map	act(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters)
static CredentialProvider	getCredentialProviderFromSession(Request request)	Get the credential provider used for the current connection
static Boolean	getCredentialProviderModeFromSession(Request request)	Get the credential provider mode used for the current connection
protected String	getLoginURL(Request request)	Get the url for the redirector to display the login screen
protected String	getLoginURLParameters(Request request, String baseURL)	Get the url for the redirector to display the login screen
protected String	getLogoutURL(Request request)	Get the url for the redirector to display the logout screen
static UserIdentity	getUserIdentityFromSession(Request request)	Get the user identity of the connected user from the session
void	initialize()
static Session	renewSession(Request request)	Change the session id (for security purposes)
static void	setUserIdentityInSession(Request request, UserIdentity userIdentity, CredentialProvider credentialProvider, boolean blockingMode)	Save user identity in request
static void	skipCurrentCredentialProvider(Request request)	Call this to skip the currently used credential provider and proceed to the next one.

Methods inherited from class org.apache.cocoon.acting.ServiceableAction

service

Methods inherited from class org.apache.avalon.framework.logger.AbstractLogEnabled

enableLogging, getLogger, setupLogger, setupLogger, setupLogger

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

REQUEST_ATTRIBUTE_INTERNAL_ALLOWED

public static final String REQUEST_ATTRIBUTE_INTERNAL_ALLOWED

The request attribute to allow internal action from an internal request.

See Also:

• Constant Field Values

REQUEST_ATTRIBUTE_GRANTED

public static final String REQUEST_ATTRIBUTE_GRANTED

The request attribute meaning that the request was not authenticated but granted

See Also:

• Constant Field Values

REQUEST_ATTRIBUTE_AVAILABLE_USER_POPULATIONS_LIST

public static final String REQUEST_ATTRIBUTE_AVAILABLE_USER_POPULATIONS_LIST

The request attribute name for transmitting the list of user populations

See Also:

• Constant Field Values

REQUEST_ATTRIBUTE_USER_POPULATION_ID

public static final String REQUEST_ATTRIBUTE_USER_POPULATION_ID

The request attribute name for transmitting the currently chosen user population

See Also:

• Constant Field Values

REQUEST_ATTRIBUTE_LOGIN_URL

public static final String REQUEST_ATTRIBUTE_LOGIN_URL

The request attribute name for transmitting the login page url

See Also:

• Constant Field Values

SESSION_USERIDENTITY

public static final String SESSION_USERIDENTITY

The session attribute name for storing the identity of the connected user

See Also:

• Constant Field Values

REQUEST_PARAMETER_POPULATION_NAME

public static final String REQUEST_PARAMETER_POPULATION_NAME

Name of the user population HTML field

See Also:

• Constant Field Values

REQUEST_PARAMETER_CREDENTIALPROVIDER_INDEX

public static final String REQUEST_PARAMETER_CREDENTIALPROVIDER_INDEX

Name of the credential provider index HTML field

See Also:

• Constant Field Values

REQUEST_PARAMETER_NONBLOCING

public static final String REQUEST_PARAMETER_NONBLOCING

Name of a parameter to change non blocking CP behavior

See Also:

• Constant Field Values

REQUEST_ATTRIBUTE_AUTHENTICATED

public static final String REQUEST_ATTRIBUTE_AUTHENTICATED

The request attribute name for indicating that the authentication process has been made.

See Also:

• Constant Field Values

REQUEST_PARAMETER_TOKEN

public static final String REQUEST_PARAMETER_TOKEN

The request parameter holding the token

See Also:

• Constant Field Values

REQUEST_PARAMETER_TOKEN_CONTEXT

public static final String REQUEST_PARAMETER_TOKEN_CONTEXT

The request parameter holding the token context

See Also:

• Constant Field Values

HEADER_TOKEN

public static final String HEADER_TOKEN

The header parameter that can be set to handle the token

See Also:

• Constant Field Values

PARAMETERS_PARAMETER_TOKEN

protected static final String PARAMETERS_PARAMETER_TOKEN

The sitemap parameter holding the token

See Also:

• Constant Field Values

PARAMETERS_PARAMETER_TOKEN_CONTEXT

protected static final String PARAMETERS_PARAMETER_TOKEN_CONTEXT

The sitemap parameter holding the token context

See Also:

• Constant Field Values

REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_LIST

protected static final String REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_LIST

The request attribute name for transmitting a boolean that tell if there is a list of credential provider to choose

See Also:

• Constant Field Values

REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_INDEX

protected static final String REQUEST_ATTRIBUTE_CREDENTIAL_PROVIDER_INDEX

The request attribute name for transmitting the index in the list of chosen credential provider

See Also:

• Constant Field Values

REQUEST_ATTRIBUTE_SHOULD_DISPLAY_USER_POPULATIONS_LIST

protected static final String REQUEST_ATTRIBUTE_SHOULD_DISPLAY_USER_POPULATIONS_LIST

The request attribute name to know if user population list should be proposed

See Also:

• Constant Field Values

REQUEST_ATTRIBUTE_INVALID_POPULATION

protected static final String REQUEST_ATTRIBUTE_INVALID_POPULATION

The request attribute name for transmitting the potential list of user populations to the login screen .

See Also:

• Constant Field Values

REQUEST_ATTRIBUTE_CONTEXTS

protected static final String REQUEST_ATTRIBUTE_CONTEXTS

The request attribute name for transmitting the list of contexts

See Also:

• Constant Field Values

SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX

protected static final String SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX

The session attribute name for storing the credential provider index of the authentication (during connection process)

See Also:

• Constant Field Values

SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX_LASTBLOCKINGKNOWN

protected static final String SESSION_CONNECTING_CREDENTIALPROVIDER_INDEX_LASTBLOCKINGKNOWN

The session attribute name for storing the last known credential provider index of the authentication (during connection process)

See Also:

• Constant Field Values

SESSION_CONNECTING_CREDENTIALPROVIDER_MODE

protected static final String SESSION_CONNECTING_CREDENTIALPROVIDER_MODE

The session attribute name for storing the credential provider mode of the authentication: non-blocking=>false, blocking=>true (during connection process)

See Also:

• Constant Field Values

SESSION_CONNECTING_USERPOPULATION_ID

protected static final String SESSION_CONNECTING_USERPOPULATION_ID

The session attribute name for storing the id of the user population (during connection process)

See Also:

• Constant Field Values

SESSION_CREDENTIALPROVIDER

protected static final String SESSION_CREDENTIALPROVIDER

The session attribute name for storing the credential provider of the authentication

See Also:

• Constant Field Values

SESSION_CREDENTIALPROVIDER_MODE

protected static final String SESSION_CREDENTIALPROVIDER_MODE

The session attribute name for storing the credential provider mode of the authentication: non-blocking=>false, blocking=>true

See Also:

• Constant Field Values

SITEMAP_PARAMETER_TOKEN_MODE

protected static final String SITEMAP_PARAMETER_TOKEN_MODE

The sitemap parameter to set the token mode of the action

See Also:

• Constant Field Values

_userPopulationDAO

protected UserPopulationDAO _userPopulationDAO

The DAO for user populations

_userManager

protected UserManager _userManager

The user manager

_populationContextHelper

protected PopulationContextHelper _populationContextHelper

The helper for the associations population/context

_currentUserProvider

protected CurrentUserProvider _currentUserProvider

The current user provider

_acceptedUrlPatterns

protected Collection<Pattern> _acceptedUrlPatterns

url requires for authentication

_authenticateTokenManager

protected AuthenticationTokenManager _authenticateTokenManager

The authentication token manager

_observationManager

protected ObservationManager _observationManager

The observation manager

_userPasswordManager

protected UserPasswordManager _userPasswordManager

The user account manager

Constructor Details

AuthenticateAction

public AuthenticateAction()

Method Details

initialize

public void initialize()
                throws Exception

Specified by:

initialize in interface Initializable

Throws:

Exception

act

public Map act(Redirector redirector,
 SourceResolver resolver,
 Map objectModel,
 String source,
 Parameters parameters)
        throws Exception

Specified by:

act in interface Action

Throws:

Exception

_preFlightCheck

protected boolean _preFlightCheck(Redirector redirector,
 SourceResolver resolver,
 Map objectModel,
 String source,
 Parameters parameters)
                           throws Exception

Prepare authentication

Parameters:

redirector - The redirector

resolver - The source resolver

objectModel - The object model

source - The source

parameters - The action parameters

Returns:

true if a user was authenticated, false otherwise

Throws:

Exception - if failed to prepare the authentication

_handleAuthenticationToken

protected boolean _handleAuthenticationToken(Request request,
 Parameters parameters)

Authenticate a user using the token in request (if configured so)

Parameters:

request - The request

parameters - The action parameters

Returns:

true if the user was authenticated

_getTokenFromRequest

protected String _getTokenFromRequest(Request request)

Get the token from the request

Parameters:

request - The request

Returns:

The token from the request or null

_validateToken

protected UserIdentity _validateToken(String token,
 String context)

Validate the given token

Parameters:

token - The non empty token to validate

context - the context on which the token should be validated

Returns:

The corresponding user identity or null

_prepareUserPopulationsAndCredentialProviders

protected boolean _prepareUserPopulationsAndCredentialProviders(Request request,
 Parameters parameters,
 Redirector redirector,
 List<UserPopulation> chosenUserPopulations,
 List<CredentialProvider> credentialProviders)
                                                         throws ProcessingException,
IOException

Fill the list of available users populations and credential providers

Parameters:

request - The request

parameters - The action parameters

redirector - The cocoon redirector

chosenUserPopulations - An empty non-null list to fill with with chosen populations

credentialProviders - An empty non-null list to fill with chosen credential providers

Returns:

true, if the population was determined, false if a redirection was required to choose

Throws:

IOException - If an error occurred

ProcessingException - If an error occurred

getLoginURL

protected String getLoginURL(Request request)

Get the url for the redirector to display the login screen

Parameters:

request - The request

Returns:

The url. Cannot be null or empty

getLoginURLParameters

protected String getLoginURLParameters(Request request,
 String baseURL)

Get the url for the redirector to display the login screen

Parameters:

request - The request

baseURL - The url to complete with parameters

Returns:

The url. Cannot be null or empty

getLogoutURL

protected String getLogoutURL(Request request)

Get the url for the redirector to display the logout screen

Parameters:

request - The request

Returns:

The url. Cannot be null or empty

_hasCredentialProviders

protected boolean _hasCredentialProviders(List<UserPopulation> userPopulations)

Determine if there is a list of credential providers to use

Parameters:

userPopulations - The list of applicable user populations

Returns:

true if credentialproviders can be used

_getAvailableUserPopulationsIds

protected Set<String> _getAvailableUserPopulationsIds(Request request,
 List<String> contexts)

Get the available populations for the given contexts

Parameters:

request - The request

contexts - The contexts

Returns:

The non-null list of populations

_getChosenUserPopulationId

protected String _getChosenUserPopulationId(Request request,
 List<UserPopulation> availableUserPopulations)

Get the population for the given context

Parameters:

request - The request

availableUserPopulations - The available users populations

Returns:

The chosen population id. Can be null.

_process

protected boolean _process(Request request,
 boolean runningBlockingkMode,
 CredentialProvider runningCredentialProvider,
 int runningCredentialProviderIndex,
 Redirector redirector,
 List<UserPopulation> userPopulations)
                    throws Exception

Try to authenticate with this credential provider in this mode. Delegates to _doProcess

Parameters:

request - The request

runningBlockingkMode - false for non-blocking mode, true for blocking mode

runningCredentialProvider - the Credential provider to test

runningCredentialProviderIndex - The index of the currently tested credential provider

redirector - The cocoon redirector

userPopulations - The list of possible user populations

Returns:

false if we should try with another Credential provider, true otherwise

Throws:

Exception - If an error occurred

_doProcess

protected boolean _doProcess(Request request,
 boolean runningBlockingkMode,
 CredentialProvider runningCredentialProvider,
 Redirector redirector,
 List<UserPopulation> userPopulations)
                      throws Exception

Try to authenticate with this credential provider in this mode

Parameters:

request - The request

runningBlockingkMode - false for non-blocking mode, true for blocking mode

runningCredentialProvider - the Credential provider to test

redirector - The cocoon redirector

userPopulations - The list of possible user populations

Returns:

false if we should try with another Credential provider, true otherwise

Throws:

Exception - If an error occurred

_handleWeakPassword

protected void _handleWeakPassword(Request request,
 CredentialProvider runningCredentialProvider,
 Redirector redirector,
 UserIdentity userIdentity)
                            throws Exception

Handle weak password exception

Parameters:

request - the request

runningCredentialProvider - the credential provider that detected the weak password

redirector - the redirector

userIdentity - the user identity with a weak password

Throws:

Exception - if an error occurred

_getWeakPasswordURI

protected Optional<String> _getWeakPasswordURI(Request request,
 UserIdentity userIdentity)

Get the URI where the user should be redirected after a weak password is detected

Parameters:

request - the current request

userIdentity - the user identity with a weak password

Returns:

the absolute uri

_logLoginEvent

protected void _logLoginEvent(CredentialProvider credentialProvider,
 UserIdentity userIdentity)

Log login event

Parameters:

credentialProvider - the running credential provider

userIdentity - the user identity

_logLogoutEvent

protected void _logLogoutEvent(UserIdentity userIdentity)

Log logout event

Parameters:

userIdentity - the user identity

_resetConnectingStateToSession

protected static void _resetConnectingStateToSession(Request request)

Reset the connecting information in session

Parameters:

request - The request

_saveConnectingStateToSession

protected void _saveConnectingStateToSession(Request request,
 int runningCredentialProviderIndex,
 boolean runningBlockingkMode)

When the process end successfully, save the state

Parameters:

request - The request

runningBlockingkMode - false for non-blocking mode, true for blocking mode

runningCredentialProviderIndex - the currently tested credential provider

_setUserIdentityInSession

protected void _setUserIdentityInSession(Request request,
 UserIdentity userIdentity,
 CredentialProvider credentialProvider,
 boolean blockingMode)

Save user identity in request

Parameters:

request - The request

userIdentity - The useridentity to save

credentialProvider - The credential provider used to connect

blockingMode - The mode used for the credential provider

setUserIdentityInSession

public static void setUserIdentityInSession(Request request,
 UserIdentity userIdentity,
 CredentialProvider credentialProvider,
 boolean blockingMode)

Save user identity in request

Parameters:

request - The request

userIdentity - The useridentity to save

credentialProvider - The credential provider used to connect

blockingMode - The mode used for the credential provider

renewSession

public static Session renewSession(Request request)

Change the session id (for security purposes)

Parameters:

request - The current request

Returns:

The new session

_getUserIdentityFromSession

protected UserIdentity _getUserIdentityFromSession(Request request)

Get the user identity of the connected user from the session

Parameters:

request - The request

Returns:

The connected useridentity or null

getUserIdentityFromSession

public static UserIdentity getUserIdentityFromSession(Request request)

Get the user identity of the connected user from the session

Parameters:

request - The request

Returns:

The connected useridentity or null

_getCredentialProviderFromSession

protected CredentialProvider _getCredentialProviderFromSession(Request request)

Get the credential provider used for the current connection

Parameters:

request - The request

Returns:

The credential provider used or null

getCredentialProviderFromSession

public static CredentialProvider getCredentialProviderFromSession(Request request)

Get the credential provider used for the current connection

Parameters:

request - The request

Returns:

The credential provider used or null

_getCredentialProviderModeFromSession

protected Boolean _getCredentialProviderModeFromSession(Request request)

Get the credential provider mode used for the current connection

Parameters:

request - The request

Returns:

The credential provider mode used or null

getCredentialProviderModeFromSession

public static Boolean getCredentialProviderModeFromSession(Request request)

Get the credential provider mode used for the current connection

Parameters:

request - The request

Returns:

The credential provider mode used or null

_isCurrentCredentialProviderInBlockingMode

protected boolean _isCurrentCredentialProviderInBlockingMode(Request request)

If there is a running credential provider, was it in non-blocking or blocking mode?

Parameters:

request - The request

Returns:

false if non-blocking, true if blocking

skipCurrentCredentialProvider

public static void skipCurrentCredentialProvider(Request request)

Call this to skip the currently used credential provider and proceed to the next one. Useful for non blocking

Parameters:

request - The request

_getCurrentCredentialProviderIndexFromParameter

protected Integer _getCurrentCredentialProviderIndexFromParameter(Request request)

Get the current credential provider index or -1 if there no running provider FROM REQUEST PARAMETER

Parameters:

request - The request

Returns:

The credential provider index to use in the availablesCredentialProviders list or -1 or null

_getCurrentCredentialProviderIndex

protected int _getCurrentCredentialProviderIndex(Request request,
 List<CredentialProvider> availableCredentialProviders)

Get the current credential provider index or -1 if there no running provider

Parameters:

request - The request

availableCredentialProviders - The list of available credential provider

Returns:

The credential provider index to use in the availablesCredentialProviders list or -1

_getContexts

protected List<String> _getContexts(Request request,
 Parameters parameters)

Get the authentication context

Parameters:

request - The request

parameters - The action parameters

Returns:

The context

Throws:

IllegalArgumentException - If there is no context set

_internalRequest

protected boolean _internalRequest(Request request)

Determine if the request is internal and do not need authentication

Parameters:

request - The request

Returns:

true to bypass this authentication

_acceptedUrl

protected boolean _acceptedUrl(Request request)

Determine if the request is one of the authentication process (except the credential providers)

Parameters:

request - The request

Returns:

true to bypass this authentication

_validateCurrentlyConnectedUser

protected boolean _validateCurrentlyConnectedUser(Request request,
 Redirector redirector,
 Parameters parameters)
                                           throws Exception

This method ensure that there is a currently connected user and that it is still valid

Parameters:

request - The request

redirector - The cocoon redirector

parameters - The action parameters

Returns:

true if the user is connected and valid

Throws:

Exception - if an error occurred

_validateCurrentlyConnectedUserIsInAuthorizedPopulation

protected void _validateCurrentlyConnectedUserIsInAuthorizedPopulation(UserIdentity userCurrentlyConnected,
 Request request,
 Parameters parameters)

This method is the second part of the process that ensure that there is a currently connected user and that it is still valid

Parameters:

userCurrentlyConnected - The user to test

request - The request

parameters - The action parameters

_handleLogout

protected boolean _handleLogout(Redirector redirector,
 Map objectModel,
 String source,
 Parameters parameters)
                         throws Exception

Test if user wants to logout and handle it

Parameters:

redirector - The cocoon redirector

objectModel - The cocoon object model

source - The sitemap source

parameters - The sitemap parameters

Returns:

true if the user was logged out

Throws:

Exception - if an error occurred

_getUserIdentity

protected UserIdentity _getUserIdentity(List<UserPopulation> userPopulations,
 UserIdentity potentialUserIdentity,
 Redirector redirector,
 boolean runningBlockingkMode,
 CredentialProvider runningCredentialProvider)
                                 throws Exception

Check the authentications of the authentication manager

Parameters:

userPopulations - The list of available matching populations

redirector - The cocoon redirector

runningBlockingkMode - false for non-blocking mode, true for blocking mode

runningCredentialProvider - The Credential provider to test

potentialUserIdentity - A possible user identity. Population can be null. User may not exist either.

Returns:

The user population matching credentials or null

Throws:

Exception - If an error occurred

AccessDeniedException - If the user is rejected