Package org.ametys.core.authentication
Interface CredentialProvider
- All Known Subinterfaces:
BlockingCredentialProvider
,NonBlockingCredentialProvider
- All Known Implementing Classes:
AbstractCredentialProvider
,AbstractMSALCredentialProvider
,AbstractOIDCCredentialProvider
,ADFSCredentialProvider
,AutoDiscoveringOIDCCredentialProvider
,BasicCredentialProvider
,CASCredentialProvider
,DefinedCredentialProvider
,EntraIDCredentialProvider
,FacebookCredentialProvider
,FormCredentialProvider
,GenericOIDCCredentialProvider
,GoogleCredentialProvider
,KerberosCredentialProvider
,RemoteUserCredentialProvider
,UserDAO.ImpersonateCredentialProvider
public interface CredentialProvider
Defines the authentication mode of users.
Implementations may cover HTTP authentication, SSO, ...
DO NOT implement this interface, implements either
BlockingCredentialProvider
,
either NonBlockingCredentialProvider
or both.-
Method Summary
Modifier and TypeMethodDescriptionGet the id of theCredentialProviderModel
extension pointgetId()
A unique identifiergetLabel()
Get the label of the CredentialProviderGet the values of parameters (from credential provider model)default UserIdentity
getUserIdentity
(boolean blockingkMode, Redirector redirector) Method called by AuthenticateAction each time a request need authentication.default boolean
grantAnonymousRequest
(boolean blockingkMode) Method called by AuthenticateAction before asking for credentials.void
Initialize the credential provider with given parameters' values.default boolean
isStillConnected
(boolean blockingkMode, UserIdentity userCurrentlyConnected, Redirector redirector) Validates that the user specify is still connecteddefault void
userAllowed
(boolean blockingkMode, UserIdentity userIdentity, Redirector redirector) Method called by AuthenticateAction after authentication process succeededdefault void
userNotAllowed
(boolean blockingkMode, Redirector redirector) Method called by AuthenticateAction each a user could not get authenticated.
-
Method Details
-
getId
A unique identifier- Returns:
- The non-null and non-empty identifier
-
getLabel
Get the label of the CredentialProvider- Returns:
- The label
-
getCredentialProviderModelId
Get the id of theCredentialProviderModel
extension point- Returns:
- the id of extension point
-
getParameterValues
Get the values of parameters (from credential provider model)- Returns:
- the parameters' values
-
init
void init(String id, String cpModelId, Map<String, Object> paramValues, String label) throws ExceptionInitialize the credential provider with given parameters' values.- Parameters:
id
- The unique identifiercpModelId
- The id of credential provider extension pointparamValues
- The parameters' valueslabel
- The specific label of this instance. Can be null- Throws:
Exception
- If an error occurred
-
grantAnonymousRequest
Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be required. Use it with care, as it may lead to obvious security issues.- Parameters:
blockingkMode
- true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available- Returns:
- true if the Request does not need to be authenticated
-
isStillConnected
default boolean isStillConnected(boolean blockingkMode, UserIdentity userCurrentlyConnected, Redirector redirector) throws Exception Validates that the user specify is still connected- Parameters:
userCurrentlyConnected
- the user previously correctly identified with this credential providerblockingkMode
- true to use the blocking mode of the credential provider if available, false to use the non blocking mode if availableredirector
- The cocoon redirector- Returns:
- true if this CredentialProvider was in a valid state, false to restart authentication process
- Throws:
Exception
- If an error occurred
-
getUserIdentity
Method called by AuthenticateAction each time a request need authentication.- Parameters:
blockingkMode
- true to use the blocking mode of the credential provider if available, false to use the non blocking mode if availableredirector
- the cocoon redirector.- Returns:
- the
UserIdentity
corresponding to the user (with or without population specified), or null if user could not get authenticated. - Throws:
Exception
- If an error occurred
-
userNotAllowed
Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.- Parameters:
blockingkMode
- true to use the blocking mode of the credential provider if available, false to use the non blocking mode if availableredirector
- the cocoon Redirector that can be used for redirecting response.- Throws:
Exception
- if something wrong occurs
-
userAllowed
default void userAllowed(boolean blockingkMode, UserIdentity userIdentity, Redirector redirector) throws Exception Method called by AuthenticateAction after authentication process succeeded- Parameters:
blockingkMode
- true to use the blocking mode of the credential provider if available, false to use the non blocking mode if availableuserIdentity
- The user correctly connectedredirector
- the cocoon Redirector that can be used for redirecting response.- Throws:
Exception
- if something wrong occurs
-