Package org.ametys.core.authentication

Interface CredentialProvider

All Known Subinterfaces:

BlockingCredentialProvider, NonBlockingCredentialProvider

All Known Implementing Classes:

AADCredentialProvider, AbstractCredentialProvider, BasicCredentialProvider, CASCredentialProvider, DefinedCredentialProvider, FormCredentialProvider, KerberosCredentialProvider, RemoteUserCredentialProvider, UserDAO.ImpersonateCredentialProvider

public interface CredentialProvider

Defines the authentication mode of users. Implementations may cover HTTP authentication, SSO, ... DO NOT implement this interface, implements either BlockingCredentialProvider, either NonBlockingCredentialProvider or both.

Method Summary

Modifier and Type	Method	Description
String	getCredentialProviderModelId()	Get the id of the CredentialProviderModel extension point
String	getId()	A unique identifier
String	getLabel()	Get the label of the CredentialProvider
Map<String,Object>	getParameterValues()	Get the values of parameters (from credential provider model)
default UserIdentity	getUserIdentity(boolean blockingkMode, Redirector redirector)	Method called by AuthenticateAction each time a request need authentication.
default boolean	grantAnonymousRequest(boolean blockingkMode)	Method called by AuthenticateAction before asking for credentials.
void	init(String id, String cpModelId, Map<String,Object> paramValues, String label)	Initialize the credential provider with given parameters' values.
default boolean	isStillConnected(boolean blockingkMode, UserIdentity userCurrentlyConnected, Redirector redirector)	Validates that the user specify is still connected
default void	userAllowed(boolean blockingkMode, UserIdentity userIdentity, Redirector redirector)	Method called by AuthenticateAction after authentication process succeeded
default void	userNotAllowed(boolean blockingkMode, Redirector redirector)	Method called by AuthenticateAction each a user could not get authenticated.

Method Detail

getId

String getId()

A unique identifier

Returns:

The non-null and non-empty identifier

getLabel

String getLabel()

Get the label of the CredentialProvider

Returns:

The label

getCredentialProviderModelId

String getCredentialProviderModelId()

Get the id of the CredentialProviderModel extension point

Returns:

the id of extension point

getParameterValues

Map<String,Object> getParameterValues()

Get the values of parameters (from credential provider model)

Returns:

the parameters' values

init

void init(String id,
          String cpModelId,
          Map<String,Object> paramValues,
          String label)
   throws Exception

Initialize the credential provider with given parameters' values.

Parameters:

id - The unique identifier

cpModelId - The id of credential provider extension point

paramValues - The parameters' values

label - The specific label of this instance. Can be null

Throws:

Exception - If an error occurred

grantAnonymousRequest

default boolean grantAnonymousRequest(boolean blockingkMode)

Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be required. Use it with care, as it may lead to obvious security issues.

Parameters:

blockingkMode - true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available

Returns:

true if the Request does not need to be authenticated

isStillConnected

default boolean isStillConnected(boolean blockingkMode,
                                 UserIdentity userCurrentlyConnected,
                                 Redirector redirector)
                          throws Exception

Validates that the user specify is still connected

Parameters:

userCurrentlyConnected - the user previously correctly identified with this credential provider

blockingkMode - true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available

redirector - The cocoon redirector

Returns:

true if this CredentialProvider was in a valid state, false to restart authentication process

Throws:

Exception - If an error occurred

getUserIdentity

default UserIdentity getUserIdentity(boolean blockingkMode,
                                     Redirector redirector)
                              throws Exception

Method called by AuthenticateAction each time a request need authentication.

Parameters:

blockingkMode - true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available

redirector - the cocoon redirector.

Returns:

the UserIdentity corresponding to the user (with or without population specified), or null if user could not get authenticated.

Throws:

Exception - If an error occurred

userNotAllowed

default void userNotAllowed(boolean blockingkMode,
                            Redirector redirector)
                     throws Exception

Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.

Parameters:

blockingkMode - true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available

redirector - the cocoon Redirector that can be used for redirecting response.

Throws:

Exception - if something wrong occurs

userAllowed

default void userAllowed(boolean blockingkMode,
                         UserIdentity userIdentity,
                         Redirector redirector)
                  throws Exception

Method called by AuthenticateAction after authentication process succeeded

Parameters:

blockingkMode - true to use the blocking mode of the credential provider if available, false to use the non blocking mode if available

userIdentity - The user correctly connected

redirector - the cocoon Redirector that can be used for redirecting response.

Throws:

Exception - if something wrong occurs