ShibAuthentication (DSpace Kernel :: API and Implementation 1.5.2 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.dspace.authenticate
Class ShibAuthentication

java.lang.Object
  org.dspace.authenticate.ShibAuthentication

All Implemented Interfaces:: AuthenticationMethod

public class ShibAuthentication
extends Object
implements AuthenticationMethod
extends Object
implements AuthenticationMethod

Shibboleth authentication for DSpace, tested on Shibboleth 1.3.x and Shibboleth 2.x. Read Shib DSpace 1.5 for installation procedure. Read dspace.cfg for details on options available.

Version:: $Revision: 3713 $
Author:: Bruc Liong, MELCOE, Xiang Kevin Li, MELCOE

Field Summary

Fields inherited from interface org.dspace.authenticate.AuthenticationMethod
`BAD_ARGS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, SUCCESS`

Constructor Summary
`ShibAuthentication()`

Method Summary
`boolean`	`allowSetPassword(Context context, javax.servlet.http.HttpServletRequest request, String email)` Indicate whether or not a particular self-registering user can set themselves a password in the profile info form.
`int`	`authenticate(Context context, String username, String password, String realm, javax.servlet.http.HttpServletRequest request)` Authenticate the given or implicit credentials.
`boolean`	`canSelfRegister(Context context, javax.servlet.http.HttpServletRequest request, String username)` Indicate whether or not a particular user can self-register, based on e-mail address.
`int[]`	`getSpecialGroups(Context context, javax.servlet.http.HttpServletRequest request)` Grab the special groups to be automatically provisioned for the current user.
`void`	`initEPerson(Context context, javax.servlet.http.HttpServletRequest request, EPerson eperson)` Initialise a new e-person record for a self-registered new user.
`boolean`	`isImplicit()` Predicate, is this an implicit authentication method.
`String`	`loginPageTitle(Context context)` Get title of login page to which to redirect.
`String`	`loginPageURL(Context context, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Get login page to which to redirect.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

ShibAuthentication

public ShibAuthentication()

Method Detail

authenticate

public int authenticate(Context context,
                        String username,
                        String password,
                        String realm,
                        javax.servlet.http.HttpServletRequest request)
                 throws SQLException

Description copied from interface: AuthenticationMethod

Authenticate the given or implicit credentials. This is the heart of the authentication method: test the credentials for authenticity, and if accepted, attempt to match (or optionally, create) an EPerson. If an EPerson is found it is set in the Context that was passed.

Specified by:: authenticate in interface AuthenticationMethod

Parameters:: context - DSpace context, will be modified (ePerson set) upon success.; username - Username (or email address) when method is explicit. Use null for implicit method.; password - Password for explicit auth, or null for implicit method.; realm - Realm is an extra parameter used by some authentication methods, leave null if not applicable.; request - The HTTP request that started this operation, or null if not applicable.
Returns:: One of: SUCCESS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, BAD_ARGS
Meaning:
SUCCESS - authenticated OK.
BAD_CREDENTIALS - user exists, but credentials (e.g. passwd) don't match
CERT_REQUIRED - not allowed to login this way without X.509 cert.
NO_SUCH_USER - user not found using this method.
BAD_ARGS - user/pw not appropriate for this method
Throws:: SQLException

getSpecialGroups

public int[] getSpecialGroups(Context context,
                              javax.servlet.http.HttpServletRequest request)

Grab the special groups to be automatically provisioned for the current user. Currently the mapping for the groups is done one-to-one, future version can consider the usage of regex for such mapping.

Specified by:: getSpecialGroups in interface AuthenticationMethod

Parameters:: context - A valid DSpace context.; request - The request that started this operation, or null if not applicable.
Returns:: array of EPerson-group IDs, possibly 0-length, but never null.

allowSetPassword

public boolean allowSetPassword(Context context,
                                javax.servlet.http.HttpServletRequest request,
                                String email)
                         throws SQLException

Indicate whether or not a particular self-registering user can set themselves a password in the profile info form.

Specified by:: allowSetPassword in interface AuthenticationMethod

Parameters:: context - DSpace context; request - HTTP request, in case anything in that is used to decide; email - e-mail address of user attempting to register
Returns:: true if this method allows user to change ePerson password.
Throws:: SQLException

isImplicit

public boolean isImplicit()

Predicate, is this an implicit authentication method. An implicit method gets credentials from the environment (such as an HTTP request or even Java system properties) rather than the explicit username and password. For example, a method that reads the X.509 certificates in an HTTPS request is implicit.

Specified by:: isImplicit in interface AuthenticationMethod

Returns:: true if this method uses implicit authentication.

canSelfRegister

public boolean canSelfRegister(Context context,
                               javax.servlet.http.HttpServletRequest request,
                               String username)
                        throws SQLException

Indicate whether or not a particular user can self-register, based on e-mail address.

Specified by:: canSelfRegister in interface AuthenticationMethod

Parameters:: context - DSpace context; request - HTTP request, in case anything in that is used to decide; email - e-mail address of user attempting to register
Returns:: true if new ePerson should be created.
Throws:: SQLException

initEPerson

public void initEPerson(Context context,
                        javax.servlet.http.HttpServletRequest request,
                        EPerson eperson)
                 throws SQLException

Initialise a new e-person record for a self-registered new user.

Specified by:: initEPerson in interface AuthenticationMethod

Parameters:: context - DSpace context; request - HTTP request, in case it's needed; eperson - newly created EPerson record - email + information from the registration form will have been filled out.
Throws:: SQLException

loginPageURL

public String loginPageURL(Context context,
                           javax.servlet.http.HttpServletRequest request,
                           javax.servlet.http.HttpServletResponse response)

Get login page to which to redirect. Returns URL (as string) to which to redirect to obtain credentials (either password prompt or e.g. HTTPS port for client cert.); null means no redirect.

Specified by:: loginPageURL in interface AuthenticationMethod

Parameters:: context - DSpace context, will be modified (ePerson set) upon success.; request - The HTTP request that started this operation, or null if not applicable.; response - The HTTP response from the servlet method.
Returns:: fully-qualified URL or null

loginPageTitle

public String loginPageTitle(Context context)

Get title of login page to which to redirect. Returns a message key that gets translated into the title or label for "login page" (or null, if not implemented) This title may be used to identify the link to the login page in a selection menu, when there are multiple ways to login.

Specified by:: loginPageTitle in interface AuthenticationMethod

Parameters:: context - DSpace context, will be modified (ePerson set) upon success.
Returns:: title text.