PasswordAuthentication (DSpace Kernel :: API and Implementation 1.5.2 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.dspace.authenticate
Class PasswordAuthentication

java.lang.Object
  org.dspace.authenticate.PasswordAuthentication

All Implemented Interfaces:: AuthenticationMethod

public class PasswordAuthentication
extends Object
implements AuthenticationMethod
extends Object
implements AuthenticationMethod

A stackable authentication method based on the DSpace internal "EPerson" database. See the AuthenticationMethod interface for more details.

The username is the E-Person's email address, and and the password (given to the authenticate() method) must match the EPerson password.

This is the default method for a new DSpace configuration. If you are implementing a new "explicit" authentication method, use this class as a model.

You can use this (or another explict) method in the stack to implement HTTP Basic Authentication for servlets, by passing the Basic Auth username and password to the AuthenticationManager.

Version:: $Revision: 3705 $
Author:: Larry Stone

Field Summary

Fields inherited from interface org.dspace.authenticate.AuthenticationMethod
`BAD_ARGS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, SUCCESS`

Constructor Summary
`PasswordAuthentication()`

Method Summary
`boolean`	`allowSetPassword(Context context, javax.servlet.http.HttpServletRequest request, String username)` We always allow the user to change their password.
`int`	`authenticate(Context context, String username, String password, String realm, javax.servlet.http.HttpServletRequest request)` Check credentials: username must match the email address of an EPerson record, and that EPerson must be allowed to login.
`boolean`	`canSelfRegister(Context context, javax.servlet.http.HttpServletRequest request, String email)` Look to see if this email address is allowed to register.
`int[]`	`getSpecialGroups(Context context, javax.servlet.http.HttpServletRequest request)` Add authenticated users to the group defined in dspace.cfg by the password.login.specialgroup key.
`void`	`initEPerson(Context context, javax.servlet.http.HttpServletRequest request, EPerson eperson)` Nothing extra to initialize.
`boolean`	`isImplicit()` This is an explicit method, since it needs username and password from some source.
`String`	`loginPageTitle(Context context)` Returns message key for title of the "login" page, to use in a menu showing the choice of multiple login methods.
`String`	`loginPageURL(Context context, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Returns URL of password-login servlet.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

PasswordAuthentication

public PasswordAuthentication()

Method Detail

canSelfRegister

public boolean canSelfRegister(Context context,
                               javax.servlet.http.HttpServletRequest request,
                               String email)
                        throws SQLException

Look to see if this email address is allowed to register.

The configuration key authentication.password.domain.valid is examined in dspace.cfg to see what doamins are valid.

Example - aber.ac.uk domains : @aber.ac.uk Example - MIT domain and all .ac.uk domains: @mit.edu, .ac.uk

Specified by:: canSelfRegister in interface AuthenticationMethod

Parameters:: context - DSpace context; request - HTTP request, in case it's needed. May be null.; email - Username, if available. May be null.
Returns:: true if new ePerson should be created.
Throws:: SQLException

initEPerson

public void initEPerson(Context context,
                        javax.servlet.http.HttpServletRequest request,
                        EPerson eperson)
                 throws SQLException

Nothing extra to initialize.

Specified by:: initEPerson in interface AuthenticationMethod

Parameters:: context - DSpace context; request - HTTP request, in case it's needed. May be null.; eperson - newly created EPerson record - email + information from the registration form will have been filled out.
Throws:: SQLException

allowSetPassword

public boolean allowSetPassword(Context context,
                                javax.servlet.http.HttpServletRequest request,
                                String username)
                         throws SQLException

We always allow the user to change their password.

Specified by:: allowSetPassword in interface AuthenticationMethod

Parameters:: context - DSpace context; request - HTTP request, in case it's needed. May be null.; username - Username, if available. May be null.
Returns:: true if this method allows user to change ePerson password.
Throws:: SQLException

isImplicit

public boolean isImplicit()

This is an explicit method, since it needs username and password from some source.

Specified by:: isImplicit in interface AuthenticationMethod

Returns:: false

getSpecialGroups

public int[] getSpecialGroups(Context context,
                              javax.servlet.http.HttpServletRequest request)

Add authenticated users to the group defined in dspace.cfg by the password.login.specialgroup key.

Specified by:: getSpecialGroups in interface AuthenticationMethod

Parameters:: context - A valid DSpace context.; request - The request that started this operation, or null if not applicable.
Returns:: array of EPerson-group IDs, possibly 0-length, but never null.

authenticate

public int authenticate(Context context,
                        String username,
                        String password,
                        String realm,
                        javax.servlet.http.HttpServletRequest request)
                 throws SQLException

Check credentials: username must match the email address of an EPerson record, and that EPerson must be allowed to login. Password must match its password. Also checks for EPerson that is only allowed to login via an implicit method and returns CERT_REQUIRED if that is the case.

Specified by:: authenticate in interface AuthenticationMethod

Parameters:: context - DSpace context, will be modified (EPerson set) upon success.; username - Username (or email address) when method is explicit. Use null for implicit method.; password - Password for explicit auth, or null for implicit method.; realm - Realm is an extra parameter used by some authentication methods, leave null if not applicable.; request - The HTTP request that started this operation, or null if not applicable.
Returns:: One of: SUCCESS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, BAD_ARGS
Meaning:
SUCCESS - authenticated OK.
BAD_CREDENTIALS - user exists, but assword doesn't match
CERT_REQUIRED - not allowed to login this way without X.509 cert.
NO_SUCH_USER - no EPerson with matching email address.
BAD_ARGS - missing username, or user matched but cannot login.
Throws:: SQLException

loginPageURL

public String loginPageURL(Context context,
                           javax.servlet.http.HttpServletRequest request,
                           javax.servlet.http.HttpServletResponse response)

Returns URL of password-login servlet.

Specified by:: loginPageURL in interface AuthenticationMethod

Parameters:: context - DSpace context, will be modified (EPerson set) upon success.; request - The HTTP request that started this operation, or null if not applicable.; response - The HTTP response from the servlet method.
Returns:: fully-qualified URL

loginPageTitle

public String loginPageTitle(Context context)

Returns message key for title of the "login" page, to use in a menu showing the choice of multiple login methods.

Specified by:: loginPageTitle in interface AuthenticationMethod

Parameters:: context - DSpace context, will be modified (EPerson set) upon success.
Returns:: Message key to look up in i18n message catalog.