com.caucho.security

Class AbstractAuthenticator

java.lang.Object

com.caucho.security.AbstractAuthenticator

All Implemented Interfaces:

HandleAware, Authenticator, java.io.Serializable

Direct Known Subclasses:

AbstractAuthenticator, AbstractCookieAuthenticator, AbstractPasswordAuthenticator, AnonymousAuthenticator, JaasAuthenticator, LdapAuthenticator, ManagementAuthenticator, NullAuthenticator, PropertiesAuthenticator, XmlAuthenticator

public class AbstractAuthenticator
extends java.lang.Object
implements Authenticator, HandleAware, java.io.Serializable

All applications should extend AbstractAuthenticator to implement their custom authenticators. While this isn't absolutely required, it protects implementations from API changes.

The AbstractAuthenticator provides a single-signon cache. Users logged into one web-app will share the same principal.

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
protected PasswordDigest	_passwordDigest
protected java.lang.String	_passwordDigestAlgorithm
protected java.lang.String	_passwordDigestRealm
static java.security.Principal	NULL_USER

Constructor Summary

Constructors

Constructor and Description
AbstractAuthenticator()

Method Summary

Modifier and Type	Method and Description
void	addRoleMapping(java.security.Principal principal, java.lang.String role) Adds a role mapping.
protected java.security.Principal	authenticate(java.security.Principal principal, char[] password) Password-based authenticator.
java.security.Principal	authenticate(java.security.Principal user, Credentials credentials, java.lang.Object details) Authenticator main call to login a user.
protected java.security.Principal	authenticate(java.security.Principal principal, DigestCredentials cred, java.lang.Object details) Validates the user when Resin's Digest authentication.
protected java.security.Principal	authenticate(java.security.Principal principal, HttpDigestCredentials cred, java.lang.Object details) Validates the user when HTTP Digest authentication.
protected java.security.Principal	authenticate(java.security.Principal principal, PasswordCredentials cred, java.lang.Object details) Main authenticator API.
protected byte[]	digest(java.lang.String value)
java.lang.String	getAlgorithm(java.security.Principal user)
protected char[]	getDigest(java.security.Principal user, java.lang.String algorithm, char[] testPassword, char[] systemDigest)
protected byte[]	getDigestSecret(java.security.Principal principal, java.lang.String realm) Returns the digest secret for Digest authentication.
protected byte[]	getDigestSecret(java.security.Principal principal, java.lang.String realm, char[] userPassword)
boolean	getLogoutOnSessionTimeout() Returns true if the user should be logged out on a session timeout.
PasswordDigest	getPasswordDigest() Returns the password digest
protected char[]	getPasswordDigest(java.lang.String user, char[] password) Returns the digest view of the password.
java.lang.String	getPasswordDigestAlgorithm() Returns the password digest algorithm
java.lang.String	getPasswordDigestRealm() Returns the password digest realm
protected PasswordUser	getPasswordUser(java.security.Principal principal) Returns the user based on a principal
protected PasswordUser	getPasswordUser(java.lang.String userName) Abstract method to return a user based on the name
SingleSignon	getSingleSignon() Returns the scoped single-signon
void	init() Initialize the authenticator with the application.
boolean	isUserInRole(java.security.Principal user, java.lang.String role) Returns true if the user plays the named role.
void	logout(java.security.Principal user) Logs the user out from the session.
void	setLogoutOnSessionTimeout(boolean logout) Sets true if the principal should logout when the session times out.
void	setPasswordDigest(PasswordDigest digest) Sets the password digest.
void	setPasswordDigestAlgorithm(java.lang.String digest) Sets the password digest algorithm.
void	setPasswordDigestRealm(java.lang.String realm) Sets the password digest realm.
void	setSerializationHandle(java.lang.Object handle) Sets the serialization handle
protected byte[]	stringToDigest(java.lang.String digest)
java.lang.String	toString()
java.lang.Object	writeReplace() Serialize to the handle

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

NULL_USER

public static final java.security.Principal NULL_USER

_passwordDigestAlgorithm

protected java.lang.String _passwordDigestAlgorithm

_passwordDigestRealm

protected java.lang.String _passwordDigestRealm

_passwordDigest

protected PasswordDigest _passwordDigest

Constructor Detail

AbstractAuthenticator

public AbstractAuthenticator()

Method Detail

getPasswordDigest

public PasswordDigest getPasswordDigest()

Returns the password digest

setPasswordDigest

public void setPasswordDigest(PasswordDigest digest)

Sets the password digest. The password digest of the form: "algorithm-format", e.g. "MD5-base64".

getPasswordDigestAlgorithm

public java.lang.String getPasswordDigestAlgorithm()

Returns the password digest algorithm

setPasswordDigestAlgorithm

public void setPasswordDigestAlgorithm(java.lang.String digest)

Sets the password digest algorithm. The password digest of the form: "algorithm-format", e.g. "MD5-base64".

getPasswordDigestRealm

public java.lang.String getPasswordDigestRealm()

Returns the password digest realm

setPasswordDigestRealm

public void setPasswordDigestRealm(java.lang.String realm)

Sets the password digest realm.

getLogoutOnSessionTimeout

public boolean getLogoutOnSessionTimeout()

Returns true if the user should be logged out on a session timeout.

setLogoutOnSessionTimeout

public void setLogoutOnSessionTimeout(boolean logout)

Sets true if the principal should logout when the session times out.

addRoleMapping

public void addRoleMapping(java.security.Principal principal,
                           java.lang.String role)

Adds a role mapping.

init

@PostConstruct
public void init()
                         throws ServletException

Initialize the authenticator with the application.

Throws:

ServletException

getAlgorithm

public java.lang.String getAlgorithm(java.security.Principal user)

Specified by:

getAlgorithm in interface Authenticator

authenticate

public java.security.Principal authenticate(java.security.Principal user,
                                            Credentials credentials,
                                            java.lang.Object details)

Authenticator main call to login a user.

Specified by:

authenticate in interface Authenticator

Parameters:

user - the Login's user, generally a BasicPrincipal just containing the name, but may contain an X.509 certificate

credentials - the login credentials

details - extra information, e.g. HttpServletRequest

isUserInRole

public boolean isUserInRole(java.security.Principal user,
                            java.lang.String role)

Returns true if the user plays the named role.

Specified by:

isUserInRole in interface Authenticator

Parameters:

user - the user to test

role - the role to test

logout

public void logout(java.security.Principal user)

Logs the user out from the session.

Specified by:

logout in interface Authenticator

Parameters:

user - the logged in user

authenticate

protected java.security.Principal authenticate(java.security.Principal principal,
                                               PasswordCredentials cred,
                                               java.lang.Object details)

Main authenticator API.

authenticate

protected java.security.Principal authenticate(java.security.Principal principal,
                                               char[] password)

Password-based authenticator.

authenticate

protected java.security.Principal authenticate(java.security.Principal principal,
                                               HttpDigestCredentials cred,
                                               java.lang.Object details)

Validates the user when HTTP Digest authentication. The HTTP Digest authentication uses the following algorithm to calculate the digest. The digest is then compared to the client digest.

 A1 = MD5(username + ':' + realm + ':' + password)
 A2 = MD5(method + ':' + uri)
 digest = MD5(A1 + ':' + nonce + A2)
 

Parameters:

principal - the user trying to authenticate.

cred - the digest credentials

Returns:

the logged in principal if successful

authenticate

protected java.security.Principal authenticate(java.security.Principal principal,
                                               DigestCredentials cred,
                                               java.lang.Object details)

Validates the user when Resin's Digest authentication. The digest authentication uses the following algorithm to calculate the digest. The digest is then compared to the client digest.

 A1 = MD5(username + ':' + realm + ':' + password)
 digest = MD5(A1 + ':' + nonce)
 

Parameters:

principal - the user trying to authenticate.

cred - the digest credentials

Returns:

the logged in principal if successful

getPasswordDigest

protected char[] getPasswordDigest(java.lang.String user,
                                   char[] password)

Returns the digest view of the password. The default uses the PasswordDigest class if available, and returns the plaintext password if not.

getDigestSecret

protected byte[] getDigestSecret(java.security.Principal principal,
                                 java.lang.String realm)

Returns the digest secret for Digest authentication.

getDigestSecret

protected byte[] getDigestSecret(java.security.Principal principal,
                                 java.lang.String realm,
                                 char[] userPassword)

getPasswordUser

protected PasswordUser getPasswordUser(java.lang.String userName)

Abstract method to return a user based on the name

Parameters:

userName - the string user name

Returns:

the populated PasswordUser value

getPasswordUser

protected PasswordUser getPasswordUser(java.security.Principal principal)

Returns the user based on a principal

getSingleSignon

public SingleSignon getSingleSignon()

Returns the scoped single-signon

stringToDigest

protected byte[] stringToDigest(java.lang.String digest)

digest

protected byte[] digest(java.lang.String value)
                 throws ServletException

Throws:

ServletException

getDigest

protected char[] getDigest(java.security.Principal user,
                           java.lang.String algorithm,
                           char[] testPassword,
                           char[] systemDigest)

setSerializationHandle

public void setSerializationHandle(java.lang.Object handle)

Sets the serialization handle

Specified by:

setSerializationHandle in interface HandleAware

writeReplace

public java.lang.Object writeReplace()

Serialize to the handle

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object