org.dspace.authenticate.service.AuthenticationService Maven / Gradle / Ivy
Show all versions of dspace-api Show documentation
/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.authenticate.service;
import java.sql.SQLException;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.dspace.authenticate.AuthenticationMethod;
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
/**
* Access point for the stackable authentication methods.
*
* This class initializes the "stack" from the DSpace configuration,
* and then invokes methods in the appropriate order on behalf of clients.
*
* See the AuthenticationMethod interface for details about what each
* function does.
*
* Configuration
* The stack of authentication methods is defined by one property in the DSpace configuration:
*
* plugin.sequence.org.dspace.eperson.AuthenticationMethod = a list of method class names
* e.g.
* plugin.sequence.org.dspace.eperson.AuthenticationMethod = \
* org.dspace.eperson.X509Authentication, \
* org.dspace.eperson.PasswordAuthentication
*
*
* The "stack" is always traversed in order, with the methods
* specified first (in the configuration) thus getting highest priority.
*
* @author Larry Stone
* @version $Revision$
* @see AuthenticationMethod
*/
public interface AuthenticationService {
/**
* Test credentials for authenticity.
* Apply the given credentials to each authenticate() method in
* the stack. Returns upon the first SUCCESS, or otherwise
* returns the most favorable outcome from one of the methods.
*
* @param context DSpace context, will be modified (ePerson set) upon success.
* @param username Username (or email address) when method is explicit. Use null for
* implicit method.
* @param password Password for explicit auth, or null for implicit method.
* @param realm Realm is an extra parameter used by some authentication methods, leave null if
* not applicable.
* @param request The HTTP request that started this operation, or null if not applicable.
* @return One of:
* SUCCESS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, BAD_ARGS
*
Meaning:
*
SUCCESS - authenticated OK.
*
BAD_CREDENTIALS - user exists, but credentials (e.g. password) don't match
*
CERT_REQUIRED - not allowed to login this way without X.509 cert.
*
NO_SUCH_USER - user not found using this method.
*
BAD_ARGS - user/password not appropriate for this method
*/
public int authenticate(Context context,
String username,
String password,
String realm,
HttpServletRequest request);
/**
* Test credentials for authenticity, using only Implicit methods.
* Just like authenticate(), except it only invokes the
* implicit authentication methods the stack.
*
* @param context DSpace context, will be modified (ePerson set) upon success.
* @param username Username (or email address) when method is explicit. Use null for
* implicit method.
* @param password Password for explicit auth, or null for implicit method.
* @param realm Realm is an extra parameter used by some authentication methods, leave null if
* not applicable.
* @param request The HTTP request that started this operation, or null if not applicable.
* @return One of:
* SUCCESS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, BAD_ARGS
*
Meaning:
*
SUCCESS - authenticated OK.
*
BAD_CREDENTIALS - user exists, but credentials (e.g. password) don't match
*
CERT_REQUIRED - not allowed to login this way without X.509 cert.
*
NO_SUCH_USER - user not found using this method.
*
BAD_ARGS - user/password not appropriate for this method
*/
public int authenticateImplicit(Context context,
String username,
String password,
String realm,
HttpServletRequest request);
/**
* Predicate, can a new EPerson be created.
* Invokes canSelfRegister() of every authentication
* method in the stack, and returns true if any of them is true.
*
* @param context DSpace context
* @param request HTTP request, in case it's needed. Can be null.
* @param username Username, if available. Can be null.
* @return true if new ePerson should be created.
* @throws SQLException if database error
*/
public boolean canSelfRegister(Context context,
HttpServletRequest request,
String username) throws SQLException;
/**
* Predicate, can user set EPerson password.
* Returns true if the allowSetPassword() method of any
* member of the stack returns true.
*
* @param context DSpace context
* @param request HTTP request, in case it's needed. Can be null.
* @param username Username, if available. Can be null.
* @return true if this method allows user to change ePerson password.
* @throws SQLException if database error
*/
public boolean allowSetPassword(Context context,
HttpServletRequest request,
String username) throws SQLException;
public void initEPerson(Context context,
HttpServletRequest request,
EPerson eperson)
throws SQLException;
/**
* Update the last active (login) timestamp on the current authenticated user
*
* @param context The authenticated context
*/
public void updateLastActiveDate(Context context);
/**
* Get list of extra groups that user implicitly belongs to.
* Returns accumulation of groups of all the getSpecialGroups()
* methods in the stack.
*
* @param context A valid DSpace context.
* @param request The request that started this operation, or null if not applicable.
* @return Returns IDs of any groups the user authenticated by this
* request is in implicitly -- checks for e.g. network-address dependent
* groups.
* @throws SQLException if database error
*/
public List getSpecialGroups(Context context,
HttpServletRequest request) throws SQLException;
/**
* Get stack of authentication methods.
* Return an Iterator that steps through each configured
* authentication method, in order of precedence.
*
* @return Iterator object.
*/
public Iterator authenticationMethodIterator();
}