Package org.ametys.core.authentication

Interface CredentialProvider

All Known Subinterfaces:
BlockingCredentialProvider, NonBlockingCredentialProvider
All Known Implementing Classes:
AbstractCredentialProvider, AbstractMSALCredentialProvider, AbstractOIDCCredentialProvider, ADFSCredentialProvider, AutoDiscoveringOIDCCredentialProvider, BasicCredentialProvider, CASCredentialProvider, DefinedCredentialProvider, EntraIDCredentialProvider, FacebookCredentialProvider, FormCredentialProvider, GenericOIDCCredentialProvider, GoogleCredentialProvider, KerberosCredentialProvider, RemoteUserCredentialProvider, UserDAO.ImpersonateCredentialProvider
public interface CredentialProvider
Defines the authentication mode of users. Implementations may cover HTTP authentication, SSO, ... DO NOT implement this interface, implements either BlockingCredentialProvider, either NonBlockingCredentialProvider or both.

  • Method Details

    • getId

      String getId()
      A unique identifier
      Returns:
      The non-null and non-empty identifier

    • getLabel

      String getLabel()
      Get the label of the CredentialProvider
      Returns:
      The label

    • getCredentialProviderModelId

      String getCredentialProviderModelId()
      Get the id of the CredentialProviderModel extension point
      Returns:
      the id of extension point

    • getParameterValues

      Map<String,Object> getParameterValues()
      Get the values of parameters (from credential provider model)
      Returns:
      the parameters' values

    • init

      void init(String id, String cpModelId, Map<String,Object> paramValues, String label) throws Exception
      Initialize the credential provider with given parameters' values.
      Parameters:
      id - The unique identifier
      cpModelId - The id of credential provider extension point
      paramValues - The parameters' values
      label - The specific label of this instance. Can be null
      Throws:
      Exception - If an error occurred

    • grantAnonymousRequest

      default boolean grantAnonymousRequest(boolean blockingkMode)
      Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be required. Use it with care, as it may lead to obvious security issues.
      Parameters:
      blockingkMode - true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available
      Returns:
      true if the Request does not need to be authenticated

    • isStillConnected

      default boolean isStillConnected(boolean blockingkMode, UserIdentity userCurrentlyConnected, Redirector redirector) throws Exception
      Validates that the user specify is still connected
      Parameters:
      blockingkMode - true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available
      userCurrentlyConnected - the user previously correctly identified with this credential provider
      redirector - The cocoon redirector
      Returns:
      true if this CredentialProvider was in a valid state, false to restart authentication process
      Throws:
      Exception - If an error occurred

    • getUserIdentity

      default UserIdentity getUserIdentity(boolean blockingkMode, Redirector redirector) throws Exception
      Method called by AuthenticateAction each time a request need authentication.
      Parameters:
      blockingkMode - true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available
      redirector - the cocoon redirector.
      Returns:
      the UserIdentity corresponding to the user (with or without population specified), or null if user could not get authenticated.
      Throws:
      Exception - If an error occurred

    • userNotAllowed

      default void userNotAllowed(boolean blockingkMode, Redirector redirector) throws Exception
      Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.
      Parameters:
      blockingkMode - true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available
      redirector - the cocoon Redirector that can be used for redirecting response.
      Throws:
      Exception - if something wrong occurs

    • userAllowed

      default void userAllowed(boolean blockingkMode, UserIdentity userIdentity, Redirector redirector) throws Exception
      Method called by AuthenticateAction after authentication process succeeded
      Parameters:
      blockingkMode - true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available
      userIdentity - The user correctly connected
      redirector - the cocoon Redirector that can be used for redirecting response.
      Throws:
      Exception - if something wrong occurs