com.caucho.security
Class AbstractAuthenticator

java.lang.Object
  extended by com.caucho.security.AbstractAuthenticator
All Implemented Interfaces:
HandleAware, Authenticator, java.io.Serializable
Direct Known Subclasses:
AbstractAuthenticator, AbstractCookieAuthenticator, AbstractPasswordAuthenticator, AnonymousAuthenticator, JaasAuthenticator, LdapAuthenticator, ManagementAuthenticator, NullAuthenticator, PropertiesAuthenticator, XmlAuthenticator

public class AbstractAuthenticator
extends java.lang.Object
implements Authenticator, HandleAware, java.io.Serializable

All applications should extend AbstractAuthenticator to implement their custom authenticators. While this isn't absolutely required, it protects implementations from API changes.

The AbstractAuthenticator provides a single-signon cache. Users logged into one web-app will share the same principal.

See Also:
Serialized Form

Field Summary
protected  PasswordDigest _passwordDigest
           
protected  java.lang.String _passwordDigestAlgorithm
           
protected  java.lang.String _passwordDigestRealm
           
 
Constructor Summary
AbstractAuthenticator()
           
 
Method Summary
 void addRoleMapping(java.security.Principal principal, java.lang.String role)
          Adds a role mapping.
protected  java.security.Principal authenticate(java.security.Principal principal, char[] password)
          Password-based authenticator.
 java.security.Principal authenticate(java.security.Principal user, Credentials credentials, java.lang.Object details)
          Authenticator main call to login a user.
protected  java.security.Principal authenticate(java.security.Principal principal, DigestCredentials cred, java.lang.Object details)
          Validates the user when Resin's Digest authentication.
protected  java.security.Principal authenticate(java.security.Principal principal, HttpDigestCredentials cred, java.lang.Object details)
          Validates the user when HTTP Digest authentication.
protected  java.security.Principal authenticate(java.security.Principal principal, PasswordCredentials cred, java.lang.Object details)
          Main authenticator API.
protected  byte[] digest(java.lang.String value)
           
 java.lang.String getAlgorithm(java.security.Principal user)
           
protected  char[] getDigest(java.security.Principal user, java.lang.String algorithm, char[] testPassword, char[] systemDigest)
           
protected  byte[] getDigestSecret(java.security.Principal principal, java.lang.String realm)
          Returns the digest secret for Digest authentication.
protected  byte[] getDigestSecret(java.security.Principal principal, java.lang.String realm, char[] userPassword)
           
 boolean getLogoutOnSessionTimeout()
          Returns true if the user should be logged out on a session timeout.
 PasswordDigest getPasswordDigest()
          Returns the password digest
protected  char[] getPasswordDigest(java.lang.String user, char[] password)
          Returns the digest view of the password.
 java.lang.String getPasswordDigestAlgorithm()
          Returns the password digest algorithm
 java.lang.String getPasswordDigestRealm()
          Returns the password digest realm
protected  PasswordUser getPasswordUser(java.security.Principal principal)
          Returns the user based on a principal
protected  PasswordUser getPasswordUser(java.lang.String userName)
          Abstract method to return a user based on the name
 SingleSignon getSingleSignon()
          Returns the scoped single-signon
 void init()
          Initialize the authenticator with the application.
 boolean isUserInRole(java.security.Principal user, java.lang.String role)
          Returns true if the user plays the named role.
 void logout(java.security.Principal user)
          Logs the user out from the session.
 void setLogoutOnSessionTimeout(boolean logout)
          Sets true if the principal should logout when the session times out.
 void setPasswordDigest(PasswordDigest digest)
          Sets the password digest.
 void setPasswordDigestAlgorithm(java.lang.String digest)
          Sets the password digest algorithm.
 void setPasswordDigestRealm(java.lang.String realm)
          Sets the password digest realm.
 void setSerializationHandle(java.lang.Object handle)
          Sets the serialization handle
protected  byte[] stringToDigest(java.lang.String digest)
           
 java.lang.String toString()
           
 java.lang.Object writeReplace()
          Serialize to the handle
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

_passwordDigestAlgorithm

protected java.lang.String _passwordDigestAlgorithm

_passwordDigestRealm

protected java.lang.String _passwordDigestRealm

_passwordDigest

protected PasswordDigest _passwordDigest
Constructor Detail

AbstractAuthenticator

public AbstractAuthenticator()
Method Detail

getPasswordDigest

public PasswordDigest getPasswordDigest()
Returns the password digest


setPasswordDigest

public void setPasswordDigest(PasswordDigest digest)
Sets the password digest. The password digest of the form: "algorithm-format", e.g. "MD5-base64".


getPasswordDigestAlgorithm

public java.lang.String getPasswordDigestAlgorithm()
Returns the password digest algorithm


setPasswordDigestAlgorithm

public void setPasswordDigestAlgorithm(java.lang.String digest)
Sets the password digest algorithm. The password digest of the form: "algorithm-format", e.g. "MD5-base64".


getPasswordDigestRealm

public java.lang.String getPasswordDigestRealm()
Returns the password digest realm


setPasswordDigestRealm

public void setPasswordDigestRealm(java.lang.String realm)
Sets the password digest realm.


getLogoutOnSessionTimeout

public boolean getLogoutOnSessionTimeout()
Returns true if the user should be logged out on a session timeout.


setLogoutOnSessionTimeout

public void setLogoutOnSessionTimeout(boolean logout)
Sets true if the principal should logout when the session times out.


addRoleMapping

public void addRoleMapping(java.security.Principal principal,
                           java.lang.String role)
Adds a role mapping.


init

@PostConstruct
public void init()
          throws ServletException
Initialize the authenticator with the application.

Throws:
ServletException

getAlgorithm

public java.lang.String getAlgorithm(java.security.Principal user)
Specified by:
getAlgorithm in interface Authenticator

authenticate

public java.security.Principal authenticate(java.security.Principal user,
                                            Credentials credentials,
                                            java.lang.Object details)
Authenticator main call to login a user.

Specified by:
authenticate in interface Authenticator
Parameters:
user - the Login's user, generally a BasicPrincipal just containing the name, but may contain an X.509 certificate
credentials - the login credentials
details - extra information, e.g. HttpServletRequest

isUserInRole

public boolean isUserInRole(java.security.Principal user,
                            java.lang.String role)
Returns true if the user plays the named role.

Specified by:
isUserInRole in interface Authenticator
Parameters:
user - the user to test
role - the role to test

logout

public void logout(java.security.Principal user)
Logs the user out from the session.

Specified by:
logout in interface Authenticator
Parameters:
user - the logged in user

authenticate

protected java.security.Principal authenticate(java.security.Principal principal,
                                               PasswordCredentials cred,
                                               java.lang.Object details)
Main authenticator API.


authenticate

protected java.security.Principal authenticate(java.security.Principal principal,
                                               char[] password)
Password-based authenticator.


authenticate

protected java.security.Principal authenticate(java.security.Principal principal,
                                               HttpDigestCredentials cred,
                                               java.lang.Object details)
Validates the user when HTTP Digest authentication. The HTTP Digest authentication uses the following algorithm to calculate the digest. The digest is then compared to the client digest.
 A1 = MD5(username + ':' + realm + ':' + password)
 A2 = MD5(method + ':' + uri)
 digest = MD5(A1 + ':' + nonce + A2)
 

Parameters:
principal - the user trying to authenticate.
cred - the digest credentials
Returns:
the logged in principal if successful

authenticate

protected java.security.Principal authenticate(java.security.Principal principal,
                                               DigestCredentials cred,
                                               java.lang.Object details)
Validates the user when Resin's Digest authentication. The digest authentication uses the following algorithm to calculate the digest. The digest is then compared to the client digest.
 A1 = MD5(username + ':' + realm + ':' + password)
 digest = MD5(A1 + ':' + nonce)
 

Parameters:
principal - the user trying to authenticate.
cred - the digest credentials
Returns:
the logged in principal if successful

getPasswordDigest

protected char[] getPasswordDigest(java.lang.String user,
                                   char[] password)
Returns the digest view of the password. The default uses the PasswordDigest class if available, and returns the plaintext password if not.


getDigestSecret

protected byte[] getDigestSecret(java.security.Principal principal,
                                 java.lang.String realm)
Returns the digest secret for Digest authentication.


getDigestSecret

protected byte[] getDigestSecret(java.security.Principal principal,
                                 java.lang.String realm,
                                 char[] userPassword)

getPasswordUser

protected PasswordUser getPasswordUser(java.lang.String userName)
Abstract method to return a user based on the name

Parameters:
userName - the string user name
Returns:
the populated PasswordUser value

getPasswordUser

protected PasswordUser getPasswordUser(java.security.Principal principal)
Returns the user based on a principal


getSingleSignon

public SingleSignon getSingleSignon()
Returns the scoped single-signon


stringToDigest

protected byte[] stringToDigest(java.lang.String digest)

digest

protected byte[] digest(java.lang.String value)
                 throws ServletException
Throws:
ServletException

getDigest

protected char[] getDigest(java.security.Principal user,
                           java.lang.String algorithm,
                           char[] testPassword,
                           char[] systemDigest)

setSerializationHandle

public void setSerializationHandle(java.lang.Object handle)
Sets the serialization handle

Specified by:
setSerializationHandle in interface HandleAware

writeReplace

public java.lang.Object writeReplace()
Serialize to the handle


toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object