Package org.dspace.authenticate

Class AuthenticationServiceImpl

java.lang.Object
org.dspace.authenticate.AuthenticationServiceImpl
All Implemented Interfaces:
AuthenticationService
public class AuthenticationServiceImpl extends Object implements AuthenticationService
Access point for the stackable authentication methods.

This class initializes the "stack" from the DSpace configuration, and then invokes methods in the appropriate order on behalf of clients.

See the AuthenticationMethod interface for details about what each function does.

Configuration
The stack of authentication methods is defined by one property in the DSpace configuration: 

   plugin.sequence.org.dspace.eperson.AuthenticationMethod = a list of method class names
     e.g.
   plugin.sequence.org.dspace.eperson.AuthenticationMethod = \
       org.dspace.eperson.X509Authentication, \
       org.dspace.eperson.PasswordAuthentication

The "stack" is always traversed in order, with the methods specified first (in the configuration) thus getting highest priority.

Author:
Larry Stone
See Also:

  • Field Details

  • Constructor Details

    • AuthenticationServiceImpl

      protected AuthenticationServiceImpl()

  • Method Details

    • getAuthenticationMethodStack

      public List<AuthenticationMethod> getAuthenticationMethodStack()

    • authenticate

      public int authenticate(Context context, String username, String password, String realm, jakarta.servlet.http.HttpServletRequest request)
      Description copied from interface: AuthenticationService
      Test credentials for authenticity. Apply the given credentials to each authenticate() method in the stack. Returns upon the first SUCCESS, or otherwise returns the most favorable outcome from one of the methods.
      Specified by:
      authenticate in interface AuthenticationService
      Parameters:
      context - DSpace context, will be modified (ePerson set) upon success.
      username - Username (or email address) when method is explicit. Use null for implicit method.
      password - Password for explicit auth, or null for implicit method.
      realm - Realm is an extra parameter used by some authentication methods, leave null if not applicable.
      request - The HTTP request that started this operation, or null if not applicable.
      Returns:
      One of: SUCCESS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, BAD_ARGS

      Meaning:
      SUCCESS - authenticated OK.
      BAD_CREDENTIALS - user exists, but credentials (e.g. password) don't match
      CERT_REQUIRED - not allowed to login this way without X.509 cert.
      NO_SUCH_USER - user not found using this method.
      BAD_ARGS - user/password not appropriate for this method

    • authenticateImplicit

      public int authenticateImplicit(Context context, String username, String password, String realm, jakarta.servlet.http.HttpServletRequest request)
      Description copied from interface: AuthenticationService
      Test credentials for authenticity, using only Implicit methods. Just like authenticate(), except it only invokes the implicit authentication methods the stack.
      Specified by:
      authenticateImplicit in interface AuthenticationService
      Parameters:
      context - DSpace context, will be modified (ePerson set) upon success.
      username - Username (or email address) when method is explicit. Use null for implicit method.
      password - Password for explicit auth, or null for implicit method.
      realm - Realm is an extra parameter used by some authentication methods, leave null if not applicable.
      request - The HTTP request that started this operation, or null if not applicable.
      Returns:
      One of: SUCCESS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, BAD_ARGS

      Meaning:
      SUCCESS - authenticated OK.
      BAD_CREDENTIALS - user exists, but credentials (e.g. password) don't match
      CERT_REQUIRED - not allowed to login this way without X.509 cert.
      NO_SUCH_USER - user not found using this method.
      BAD_ARGS - user/password not appropriate for this method

    • authenticateInternal

      protected int authenticateInternal(Context context, String username, String password, String realm, jakarta.servlet.http.HttpServletRequest request, boolean implicitOnly)

    • updateLastActiveDate

      public void updateLastActiveDate(Context context)
      Description copied from interface: AuthenticationService
      Update the last active (login) timestamp on the current authenticated user
      Specified by:
      updateLastActiveDate in interface AuthenticationService
      Parameters:
      context - The authenticated context

    • canSelfRegister

      public boolean canSelfRegister(Context context, jakarta.servlet.http.HttpServletRequest request, String username) throws SQLException
      Description copied from interface: AuthenticationService
      Predicate, can a new EPerson be created. Invokes canSelfRegister() of every authentication method in the stack, and returns true if any of them is true.
      Specified by:
      canSelfRegister in interface AuthenticationService
      Parameters:
      context - DSpace context
      request - HTTP request, in case it's needed. Can be null.
      username - Username, if available. Can be null.
      Returns:
      true if new ePerson should be created.
      Throws:
      SQLException - if database error

    • allowSetPassword

      public boolean allowSetPassword(Context context, jakarta.servlet.http.HttpServletRequest request, String username) throws SQLException
      Description copied from interface: AuthenticationService
      Predicate, can user set EPerson password. Returns true if the allowSetPassword() method of any member of the stack returns true.
      Specified by:
      allowSetPassword in interface AuthenticationService
      Parameters:
      context - DSpace context
      request - HTTP request, in case it's needed. Can be null.
      username - Username, if available. Can be null.
      Returns:
      true if this method allows user to change ePerson password.
      Throws:
      SQLException - if database error

    • initEPerson

      public void initEPerson(Context context, jakarta.servlet.http.HttpServletRequest request, EPerson eperson) throws SQLException
      Specified by:
      initEPerson in interface AuthenticationService
      Throws:
      SQLException

    • getSpecialGroups

      public List<Group> getSpecialGroups(Context context, jakarta.servlet.http.HttpServletRequest request) throws SQLException
      Description copied from interface: AuthenticationService
      Get list of extra groups that user implicitly belongs to. Returns accumulation of groups of all the getSpecialGroups() methods in the stack.
      Specified by:
      getSpecialGroups in interface AuthenticationService
      Parameters:
      context - A valid DSpace context.
      request - The request that started this operation, or null if not applicable.
      Returns:
      Returns IDs of any groups the user authenticated by this request is in implicitly -- checks for e.g. network-address dependent groups.
      Throws:
      SQLException - if database error

    • authenticationMethodIterator

      public Iterator<AuthenticationMethod> authenticationMethodIterator()
      Description copied from interface: AuthenticationService
      Get stack of authentication methods. Return an Iterator that steps through each configured authentication method, in order of precedence.
      Specified by:
      authenticationMethodIterator in interface AuthenticationService
      Returns:
      Iterator object.

    • getAuthenticationMethod

      public String getAuthenticationMethod(Context context, jakarta.servlet.http.HttpServletRequest request)
      Description copied from interface: AuthenticationService
      Retrieves the currently used authentication method name based on the context and the request
      Specified by:
      getAuthenticationMethod in interface AuthenticationService
      Parameters:
      context - A valid DSpace context.
      request - The request that started this operation, or null if not applicable.
      Returns:
      the currently used authentication method name

    • canChangePassword

      public boolean canChangePassword(Context context, EPerson ePerson, String currentPassword)
      Description copied from interface: AuthenticationService
      Check if the given current password is valid to change the password of the given ePerson.
      Specified by:
      canChangePassword in interface AuthenticationService
      Parameters:
      context - The DSpace context
      ePerson - the ePerson related to the password change
      currentPassword - The current password to check
      Returns:
      true if the provided password matches with current password