Class KerberosCredentialProvider
java.lang.Object
org.ametys.runtime.plugin.component.AbstractLogEnabled
org.ametys.core.authentication.AbstractCredentialProvider
org.ametys.plugins.extrausermgt.authentication.kerberos.KerberosCredentialProvider
- All Implemented Interfaces:
CredentialProvider,NonBlockingCredentialProvider,LogEnabled,Disposable,Component,Contextualizable
public class KerberosCredentialProvider
extends AbstractCredentialProvider
implements NonBlockingCredentialProvider, Contextualizable, Disposable
Kerberos http authentication.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected static final StringName of the login config fileprotected static final StringName of the parameter holding the regexp to match ip adressesprotected static final StringName of the parameter holding the authentication server kdc adressprotected static final StringName of the parameter holding the ametys loginprotected static final StringName of the parameter holding the ametys passwordprotected static final StringName of the parameter holding the authentication server realmprotected static final StringKerberos contextprotected static final StringThe url to redirect to skip kerberos current authentication -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidcontextualize(Context context) static LoginContextcreateLoginContext(String realm, String login, String password) Create a logged in LoginContext for Kerberosvoiddispose()voidInitialize the credential provider with given parameters' values.nonBlockingGetUserIdentity(Redirector redirector) Method called by AuthenticateAction each time a request need authentication.booleanMethod called by AuthenticateAction before asking for credentials.booleannonBlockingIsStillConnected(UserIdentity userIdentity, Redirector redirector) Validates that the user specify is still connectedvoidnonBlockingUserAllowed(UserIdentity userIdentity, Redirector redirector) Method called by AuthenticateAction after authentication process succeededvoidnonBlockingUserNotAllowed(Redirector redirector) Method called by AuthenticateAction each a user could not get authenticated.Methods inherited from class org.ametys.core.authentication.AbstractCredentialProvider
equals, getCredentialProviderModelId, getId, getLabel, getParameterValues, hashCodeMethods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLoggerMethods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.ametys.core.authentication.CredentialProvider
getCredentialProviderModelId, getId, getLabel, getParameterValues, getUserIdentity, grantAnonymousRequest, isStillConnected, userAllowed, userNotAllowed
-
Field Details
-
__PARAM_KDC
Name of the parameter holding the authentication server kdc adress- See Also:
-
__PARAM_REALM
Name of the parameter holding the authentication server realm- See Also:
-
__PARAM_LOGIN
Name of the parameter holding the ametys login- See Also:
-
__PARAM_PASSWORD
Name of the parameter holding the ametys password- See Also:
-
__PARAM_IPRESTRICTION
Name of the parameter holding the regexp to match ip adresses- See Also:
-
__LOGIN_CONF_FILE
Name of the login config file- See Also:
-
__SKIP_KERBEROS_URL
The url to redirect to skip kerberos current authentication- See Also:
-
__SESSION_ATTRIBUTE_GSSCONTEXT
Kerberos context- See Also:
-
-
Constructor Details
-
KerberosCredentialProvider
public KerberosCredentialProvider()
-
-
Method Details
-
contextualize
- Specified by:
contextualizein interfaceContextualizable- Throws:
ContextException
-
createLoginContext
public static LoginContext createLoginContext(String realm, String login, String password) throws LoginException Create a logged in LoginContext for Kerberos- Parameters:
realm- The realmlogin- The identifier of a user to the kdcpassword- The associated password- Returns:
- A non null LoginContext (to be logged out)
- Throws:
LoginException- If the login process failed
-
init
public void init(String id, String cpModelId, Map<String, Object> paramValues, String label) throws ExceptionDescription copied from interface:CredentialProviderInitialize the credential provider with given parameters' values.- Specified by:
initin interfaceCredentialProvider- Overrides:
initin classAbstractCredentialProvider- Parameters:
id- The unique identifiercpModelId- The id of credential provider extension pointparamValues- The parameters' valueslabel- The specific label of this instance. Can be null- Throws:
Exception- If an error occurred
-
nonBlockingIsStillConnected
public boolean nonBlockingIsStillConnected(UserIdentity userIdentity, Redirector redirector) throws Exception Description copied from interface:NonBlockingCredentialProviderValidates that the user specify is still connected- Specified by:
nonBlockingIsStillConnectedin interfaceNonBlockingCredentialProvider- Parameters:
userIdentity- the user previously correctly identified with this credential providerredirector- The cocoon redirector- Returns:
- true if this CredentialProvider was in a valid state, false to restart authentication process
- Throws:
Exception- If an error occurred
-
nonBlockingGrantAnonymousRequest
Description copied from interface:NonBlockingCredentialProviderMethod called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be require. Use it with care, as it may lead to obvious security issues.- Specified by:
nonBlockingGrantAnonymousRequestin interfaceNonBlockingCredentialProvider- Returns:
- true if the Request is not authenticated
-
nonBlockingGetUserIdentity
Description copied from interface:NonBlockingCredentialProviderMethod called by AuthenticateAction each time a request need authentication.- Specified by:
nonBlockingGetUserIdentityin interfaceNonBlockingCredentialProvider- Parameters:
redirector- the cocoon redirector.- Returns:
- the
UserIdentitycorresponding to the user (with or without population specified), or null if user could not get authenticated. - Throws:
Exception- if something wrong occurs
-
nonBlockingUserNotAllowed
Description copied from interface:NonBlockingCredentialProviderMethod called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.- Specified by:
nonBlockingUserNotAllowedin interfaceNonBlockingCredentialProvider- Parameters:
redirector- the cocoon Redirector that can be used for redirecting response.
-
nonBlockingUserAllowed
Description copied from interface:NonBlockingCredentialProviderMethod called by AuthenticateAction after authentication process succeeded- Specified by:
nonBlockingUserAllowedin interfaceNonBlockingCredentialProvider- Parameters:
userIdentity- The user correctly connectedredirector- the cocoon Redirector that can be used for redirecting response.
-
dispose
- Specified by:
disposein interfaceDisposable
-