| org.dspace.authenticate.AuthenticationMethod
All known Subclasses: org.dspace.authenticate.X509Authentication, org.dspace.authenticate.PasswordAuthentication, org.dspace.authenticate.LDAPAuthentication, org.dspace.authenticate.IPAuthentication,
AuthenticationMethod | public interface AuthenticationMethod (Code) | | Implement this interface to participate in the stackable
authentication mechanism. See the AuthenticationManager
class for details about configuring authentication handlers.
Each authentication method provides a way to map
"credentials" supplied by the client into a DSpace e-person.
"Authentication" is when the credentials are compared against some
sort of registry or other test of authenticity.
The DSpace instance may configure many authentication methods, in a
"stack". The same credentials are passed to each method in turn
until one accepts them, so each method need only attempt to interpret
and validate the credentials and fail gracefully if they are not
appropriate for it. The next method in the stack is then called.
See Also: AuthenticationManager author: Larry Stone version: $Revision: 2168 $ |
Field Summary | |
final public static int | BAD_ARGS User or password is not appropriate for this method. | final public static int | BAD_CREDENTIALS User exists, but credentials (e.g. passwd) don't match. | final public static int | CERT_REQUIRED Not allowed to login this way without X.509 certificate. | final public static int | NO_SUCH_USER User not found using this method. | final public static int | SUCCESS Authenticated OK, EPerson has been set. |
Method Summary | |
public boolean | allowSetPassword(Context context, HttpServletRequest request, String username) Should (or can) we allow the user to change their password.
Note that this means the password stored in the EPerson record, so if
any method in the stack returns true, the user is
allowed to change it.
Parameters: context - DSpace context Parameters: request - HTTP request, in case it's needed. | public int | authenticate(Context context, String username, String password, String realm, HttpServletRequest request) Authenticate the given or implicit credentials.
This is the heart of the authentication method: test the
credentials for authenticity, and if accepted, attempt to match
(or optionally, create) an EPerson . | public boolean | canSelfRegister(Context context, HttpServletRequest request, String username) Predicate, whether to allow new EPerson to be created.
The answer determines whether a new user is created when
the credentials describe a valid entity but there is no
corresponding EPerson in DSpace yet.
The EPerson is only created if authentication succeeds.
Parameters: context - DSpace context Parameters: request - HTTP request, in case it's needed. | public int[] | getSpecialGroups(Context context, HttpServletRequest request) Get list of extra groups that user implicitly belongs to.
Returns IDs of any EPerson-groups that the user authenticated by
this request is implicitly a member of -- e.g.
a group that depends on the client network-address.
It might make sense to implement this method by itself in a separate
authentication method that just adds special groups, if the
code doesn't belong with any existing auth method.
The stackable authentication system was designed expressly to
separate functions into "stacked" methods to keep your
site-specific code modular and tidy.
Parameters: context - A valid DSpace context. Parameters: request - The request that started this operation, or null if not applicable. | public void | initEPerson(Context context, HttpServletRequest request, EPerson eperson) Initialize a new EPerson record for a self-registered new user.
Set any data in the EPerson that is specific to this authentication
method.
Parameters: context - DSpace context Parameters: request - HTTP request, in case it's needed. | public boolean | isImplicit() Predicate, is this an implicit authentication method.
An implicit method gets credentials from the environment (such as
an HTTP request or even Java system properties) rather than the
explicit username and password. | public String | loginPageTitle(Context context) Get title of login page to which to redirect.
Returns a message key that gets translated into the title
or label for "login page" (or null, if not implemented) This
title may be used to identify the link to the login page in a
selection menu, when there are multiple ways to login.
Parameters: context - DSpace context, will be modified (ePerson set) upon success. | public String | loginPageURL(Context context, HttpServletRequest request, HttpServletResponse response) Get login page to which to redirect.
Returns URL (as string) to which to redirect to obtain
credentials (either password prompt or e.g. |
BAD_ARGS | final public static int BAD_ARGS(Code) | | User or password is not appropriate for this method.
|
BAD_CREDENTIALS | final public static int BAD_CREDENTIALS(Code) | | User exists, but credentials (e.g. passwd) don't match.
|
CERT_REQUIRED | final public static int CERT_REQUIRED(Code) | | Not allowed to login this way without X.509 certificate.
|
NO_SUCH_USER | final public static int NO_SUCH_USER(Code) | | User not found using this method.
|
SUCCESS | final public static int SUCCESS(Code) | | Authenticated OK, EPerson has been set.
|
allowSetPassword | public boolean allowSetPassword(Context context, HttpServletRequest request, String username) throws SQLException(Code) | | Should (or can) we allow the user to change their password.
Note that this means the password stored in the EPerson record, so if
any method in the stack returns true, the user is
allowed to change it.
Parameters: context - DSpace context Parameters: request - HTTP request, in case it's needed. May be null. Parameters: username - Username, if available. May be null. true if this method allows user to change ePerson password. |
authenticate | public int authenticate(Context context, String username, String password, String realm, HttpServletRequest request) throws SQLException(Code) | | Authenticate the given or implicit credentials.
This is the heart of the authentication method: test the
credentials for authenticity, and if accepted, attempt to match
(or optionally, create) an EPerson . If an EPerson is found it is
set in the Context that was passed.
Parameters: context - DSpace context, will be modified (ePerson set) upon success. Parameters: username - Username (or email address) when method is explicit. Use null forimplicit method. Parameters: password - Password for explicit auth, or null for implicit method. Parameters: realm - Realm is an extra parameter used by some authentication methods, leave null ifnot applicable. Parameters: request - The HTTP request that started this operation, or null if not applicable. One of:SUCCESS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, BAD_ARGSMeaning: SUCCESS - authenticated OK. BAD_CREDENTIALS - user exists, but credentials (e.g. passwd) don't match CERT_REQUIRED - not allowed to login this way without X.509 cert. NO_SUCH_USER - user not found using this method. BAD_ARGS - user/pw not appropriate for this method |
canSelfRegister | public boolean canSelfRegister(Context context, HttpServletRequest request, String username) throws SQLException(Code) | | Predicate, whether to allow new EPerson to be created.
The answer determines whether a new user is created when
the credentials describe a valid entity but there is no
corresponding EPerson in DSpace yet.
The EPerson is only created if authentication succeeds.
Parameters: context - DSpace context Parameters: request - HTTP request, in case it's needed. May be null. Parameters: username - Username, if available. May be null. true if new ePerson should be created. |
getSpecialGroups | public int[] getSpecialGroups(Context context, HttpServletRequest request) throws SQLException(Code) | | Get list of extra groups that user implicitly belongs to.
Returns IDs of any EPerson-groups that the user authenticated by
this request is implicitly a member of -- e.g.
a group that depends on the client network-address.
It might make sense to implement this method by itself in a separate
authentication method that just adds special groups, if the
code doesn't belong with any existing auth method.
The stackable authentication system was designed expressly to
separate functions into "stacked" methods to keep your
site-specific code modular and tidy.
Parameters: context - A valid DSpace context. Parameters: request - The request that started this operation, or null if not applicable. array of EPerson-group IDs, possibly 0-length, butnever null . |
initEPerson | public void initEPerson(Context context, HttpServletRequest request, EPerson eperson) throws SQLException(Code) | | Initialize a new EPerson record for a self-registered new user.
Set any data in the EPerson that is specific to this authentication
method.
Parameters: context - DSpace context Parameters: request - HTTP request, in case it's needed. May be null. Parameters: eperson - newly created EPerson record - email + information from theregistration form will have been filled out. |
isImplicit | public boolean isImplicit()(Code) | | Predicate, is this an implicit authentication method.
An implicit method gets credentials from the environment (such as
an HTTP request or even Java system properties) rather than the
explicit username and password. For example, a method that reads
the X.509 certificates in an HTTPS request is implicit.
true if this method uses implicit authentication. |
loginPageTitle | public String loginPageTitle(Context context)(Code) | | Get title of login page to which to redirect.
Returns a message key that gets translated into the title
or label for "login page" (or null, if not implemented) This
title may be used to identify the link to the login page in a
selection menu, when there are multiple ways to login.
Parameters: context - DSpace context, will be modified (ePerson set) upon success. title text. |
loginPageURL | public String loginPageURL(Context context, HttpServletRequest request, HttpServletResponse response)(Code) | | Get login page to which to redirect.
Returns URL (as string) to which to redirect to obtain
credentials (either password prompt or e.g. HTTPS port for client
cert.); null means no redirect.
Parameters: context - DSpace context, will be modified (ePerson set) upon success. Parameters: request - The HTTP request that started this operation, or null if not applicable. Parameters: response - The HTTP response from the servlet method. fully-qualified URL or null |
|
|