Package org.apache.sling.auth.core.spi

Interface AuthenticationHandler

All Known Implementing Classes:

AbstractAuthenticationHandler

@ConsumerType
public interface AuthenticationHandler

The AuthenticationHandler interface defines the service API used by the authentication implementation to support plugin various ways of extracting credentials from the request.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static class	AuthenticationHandler.FAILURE_REASON_CODES	This enum indicates the supported detailed login failure reason codes: invalid_login: indicates username/password mismatch. password_expired: indicates password has expired or was never set and change initial password is enabled account_locked: the account was disabled or locked account_not_found: the account was not found (not the same as username password mismatch) expired_token: the token credentials used have expired

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	FAILURE_REASON	Name of the request attribute which may be set by the extractCredentials(HttpServletRequest, HttpServletResponse) method if AuthenticationInfo.FAIL_AUTH is returned.
static java.lang.String	FAILURE_REASON_CODE	Name of the request attribute which may be set by the extractCredentials(HttpServletRequest, HttpServletResponse) method if AuthenticationInfo.FAIL_AUTH is returned.
static java.lang.String	PATH_PROPERTY	The name of the service registration property listing one or more URL paths for which the authentication handler is to be used.
static java.lang.String	REQUEST_LOGIN_PARAMETER	The request parameter which may be used to explicitly select an authentication handler by its type if authentication will be requested through requestCredentials(HttpServletRequest, HttpServletResponse).
static java.lang.String	SERVICE_NAME	The name under which an implementation of this interface must be registered to be used as an authentication handler.
static java.lang.String	TYPE_PROPERTY	The name of the service registration property (single string) providing the authentication type of authentication handler.

Method Summary

Modifier and Type	Method	Description
void	dropCredentials(HttpServletRequest request, HttpServletResponse response)	Drops any credential and authentication details from the request and asks the client to do the same.
AuthenticationInfo	extractCredentials(HttpServletRequest request, HttpServletResponse response)	Extracts credential data from the request if at all contained.
boolean	requestCredentials(HttpServletRequest request, HttpServletResponse response)	Requests authentication information from the client.

Field Detail

SERVICE_NAME

static final java.lang.String SERVICE_NAME

The name under which an implementation of this interface must be registered to be used as an authentication handler.

See Also:

Constant Field Values

PATH_PROPERTY

static final java.lang.String PATH_PROPERTY

The name of the service registration property listing one or more URL paths for which the authentication handler is to be used. The property may be a single string value or an array of strings or a Collection of strings.

Each string value may either be an absolute path (e.g. /content) or an absolute URL (e.g. http://thehost/content) to assign the authentication handler to authenticate request for a select virtual host.

Authentication handlers without a path service registration property are ignored.

See Also:

Constant Field Values

TYPE_PROPERTY

static final java.lang.String TYPE_PROPERTY

The name of the service registration property (single string) providing the authentication type of authentication handler. This is the same value as will be returned as the authentication type returned by the extractCredentials(HttpServletRequest, HttpServletResponse) method.

This property is optional but allows the client to optionally select the authentication handler which will actually request credentials upon the requestCredentials(HttpServletRequest, HttpServletResponse) method.

See Also:

REQUEST_LOGIN_PARAMETER, Constant Field Values

REQUEST_LOGIN_PARAMETER

static final java.lang.String REQUEST_LOGIN_PARAMETER

The request parameter which may be used to explicitly select an authentication handler by its type if authentication will be requested through requestCredentials(HttpServletRequest, HttpServletResponse).

See Also:

requestCredentials(HttpServletRequest, HttpServletResponse), TYPE_PROPERTY, Constant Field Values

FAILURE_REASON

static final java.lang.String FAILURE_REASON

Name of the request attribute which may be set by the extractCredentials(HttpServletRequest, HttpServletResponse) method if AuthenticationInfo.FAIL_AUTH is returned.

This result may be used by authentication handlers to inform the user of any failures.

Since:

1.0.2 (Bundle version 1.0.4)

See Also:

extractCredentials(HttpServletRequest, HttpServletResponse), Constant Field Values

FAILURE_REASON_CODE

static final java.lang.String FAILURE_REASON_CODE

Name of the request attribute which may be set by the extractCredentials(HttpServletRequest, HttpServletResponse) method if AuthenticationInfo.FAIL_AUTH is returned.

This result may be used by authentication handlers to inform the user of more detailed failure reasons, e.g. "password_expired".

Since:

1.1.0

See Also:

extractCredentials(HttpServletRequest, HttpServletResponse), Constant Field Values

Method Detail

extractCredentials

AuthenticationInfo extractCredentials(HttpServletRequest request,
                                      HttpServletResponse response)

Extracts credential data from the request if at all contained.

The method returns any of the following values :

Extracted Information

value	description
null	no user details were contained in the request or the handler is not capable or willing to extract credentials from the request
AuthenticationInfo.DOING_AUTH	the handler is in an ongoing authentication transaction with the client. Request processing should be aborted at this stage.
AuthenticationInfo.FAIL_AUTH	the handler failed extracting the credentials from the request for any reason. An example of this result is that credentials are present in the request but they could not be validated and thus not be used for request processing. When returning this value, the authentication handler may also set the FAILURE_REASON request attribute to inform interested parties (including its own requestCredentials(HttpServletRequest, HttpServletResponse) method for the reasons of failure to extract the credentials.
AuthenticationInfo object	The user sent credentials. The returned object contains the credentials as well as the type of authentication transmission employed.

The method must not request credential information from the client, if they are not found in the request.

The value of PATH_PROPERTY service registration property value triggering this call is available as the path request attribute. If the service is registered with multiple path values, the value of the path request attribute may be used to implement specific handling.

Parameters:

request - The request object containing the information for the authentication.

response - The response object which may be used to send the information on the request failure to the user.

Returns:

A valid AuthenticationInfo instance identifying the request user, AuthenticationInfo.DOING_AUTH if the handler is in an authentication transaction with the client or null if the request does not contain authentication information. In case of AuthenticationInfo.DOING_AUTH, the method must have sent a response indicating that fact to the client.

requestCredentials

boolean requestCredentials(HttpServletRequest request,
                           HttpServletResponse response)
                    throws java.io.IOException

Requests authentication information from the client. Returns true if the information has been requested and request processing can be terminated normally. Otherwise the authorization information could not be requested.

The HttpServletResponse.sendError methods should not be used by the implementation because these responses might be post-processed by the servlet container's error handling infrastructure thus preventing the correct operation of the authentication handler. To convey a HTTP response status the HttpServletResponse.setStatus method should be used.

The value of PATH_PROPERTY service registration property value triggering this call is available as the path request attribute. If the service is registered with multiple path values, the value of the path request attribute may be used to implement specific handling.

If the REQUEST_LOGIN_PARAMETER request parameter is set only those authentication handlers registered with an authentication type matching the parameter will be considered for requesting credentials through this method.

A handler not registered with an authentication type will, for backwards compatibility reasons, always be called ignoring the actual value of the REQUEST_LOGIN_PARAMETER parameter.

Parameters:

request - The request object.

response - The response object to which to send the request.

Returns:

true if the handler is able to send an authentication inquiry for the given request. false otherwise.

Throws:

java.io.IOException - If an error occurs sending the authentication inquiry to the client.

dropCredentials

void dropCredentials(HttpServletRequest request,
                     HttpServletResponse response)
              throws java.io.IOException

Drops any credential and authentication details from the request and asks the client to do the same.

Parameters:

request - The request object.

response - The response object to which to send the request.

Throws:

java.io.IOException - If an error occurs asking the client to drop any authentication traces.