Package org.dspace.authenticate

Class PasswordAuthentication

java.lang.Object
org.dspace.authenticate.PasswordAuthentication
All Implemented Interfaces:
AuthenticationMethod
public class PasswordAuthentication extends Object implements AuthenticationMethod
A stackable authentication method based on the DSpace internal "EPerson" database. See the AuthenticationMethod interface for more details.

The username is the E-Person's email address, and and the password (given to the authenticate() method) must match the EPerson password.

This is the default method for a new DSpace configuration. If you are implementing a new "explicit" authentication method, use this class as a model.

You can use this (or another explicit) method in the stack to implement HTTP Basic Authentication for servlets, by passing the Basic Auth username and password to the AuthenticationManager.

Author:
Larry Stone

  • Constructor Details

    • PasswordAuthentication

      public PasswordAuthentication()

  • Method Details

    • canSelfRegister

      public boolean canSelfRegister(Context context, jakarta.servlet.http.HttpServletRequest request, String email) throws SQLException
      Look to see if this email address is allowed to register.

      The configuration key domain.valid is examined in authentication-password.cfg to see what domains are valid.

      Example - aber.ac.uk domain : @aber.ac.uk Example - MIT domain and all .ac.uk domains: @mit.edu, .ac.uk

      Specified by:
      canSelfRegister in interface AuthenticationMethod
      Parameters:
      email - email
      context - DSpace context
      request - HTTP request, in case it's needed. May be null.
      Returns:
      true if new ePerson should be created.
      Throws:
      SQLException - if database error

    • initEPerson

      public void initEPerson(Context context, jakarta.servlet.http.HttpServletRequest request, EPerson eperson) throws SQLException
      Nothing extra to initialize.
      Specified by:
      initEPerson in interface AuthenticationMethod
      Parameters:
      context - DSpace context
      request - HTTP request, in case it's needed. May be null.
      eperson - newly created EPerson record - email + information from the registration form will have been filled out.
      Throws:
      SQLException - if database error

    • allowSetPassword

      public boolean allowSetPassword(Context context, jakarta.servlet.http.HttpServletRequest request, String username) throws SQLException
      We always allow the user to change their password.
      Specified by:
      allowSetPassword in interface AuthenticationMethod
      Parameters:
      context - DSpace context
      request - HTTP request, in case it's needed. May be null.
      username - Username, if available. May be null.
      Returns:
      true if this method allows user to change ePerson password.
      Throws:
      SQLException - if database error

    • isImplicit

      public boolean isImplicit()
      This is an explicit method, since it needs username and password from some source.
      Specified by:
      isImplicit in interface AuthenticationMethod
      Returns:
      false

    • getSpecialGroups

      public List<Group> getSpecialGroups(Context context, jakarta.servlet.http.HttpServletRequest request)
      Add authenticated users to the group defined in authentication-password.cfg by the login.specialgroup key.
      Specified by:
      getSpecialGroups in interface AuthenticationMethod
      Parameters:
      context - A valid DSpace context.
      request - The request that started this operation, or null if not applicable.
      Returns:
      array of EPerson-group IDs, possibly 0-length, but never null.

    • authenticate

      public int authenticate(Context context, String username, String password, String realm, jakarta.servlet.http.HttpServletRequest request) throws SQLException
      Check credentials: username must match the email address of an EPerson record, and that EPerson must be allowed to login. Password must match its password. Also checks for EPerson that is only allowed to login via an implicit method and returns CERT_REQUIRED if that is the case.
      Specified by:
      authenticate in interface AuthenticationMethod
      Parameters:
      context - DSpace context, will be modified (EPerson set) upon success.
      username - Username (or email address) when method is explicit. Use null for implicit method.
      password - Password for explicit auth, or null for implicit method.
      realm - Realm is an extra parameter used by some authentication methods, leave null if not applicable.
      request - The HTTP request that started this operation, or null if not applicable.
      Returns:
      One of: SUCCESS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, BAD_ARGS

      Meaning:
      SUCCESS - authenticated OK.
      BAD_CREDENTIALS - user exists, but password doesn't match
      CERT_REQUIRED - not allowed to login this way without X.509 cert.
      NO_SUCH_USER - no EPerson with matching email address.
      BAD_ARGS - missing username, or user matched but cannot login.

      Throws:
      SQLException - if database error

    • loginPageURL

      public String loginPageURL(Context context, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Returns URL of password-login servlet.
      Specified by:
      loginPageURL in interface AuthenticationMethod
      Parameters:
      context - DSpace context, will be modified (EPerson set) upon success.
      request - The HTTP request that started this operation, or null if not applicable.
      response - The HTTP response from the servlet method.
      Returns:
      fully-qualified URL

    • getName

      public String getName()
      Description copied from interface: AuthenticationMethod
      Returns a short name that uniquely identifies this authentication method
      Specified by:
      getName in interface AuthenticationMethod
      Returns:
      The authentication method name

    • isUsed

      public boolean isUsed(Context context, jakarta.servlet.http.HttpServletRequest request)
      Description copied from interface: AuthenticationMethod
      Get whether the authentication method is being used.
      Specified by:
      isUsed in interface AuthenticationMethod
      Parameters:
      context - The DSpace context
      request - The current request
      Returns:
      whether the authentication method is being used.

    • canChangePassword

      public boolean canChangePassword(Context context, EPerson ePerson, String currentPassword)
      Description copied from interface: AuthenticationMethod
      Check if the given current password is valid to change the password of the given ePerson
      Specified by:
      canChangePassword in interface AuthenticationMethod
      Parameters:
      context - The DSpace context
      ePerson - the ePerson related to the password change
      currentPassword - The current password to check
      Returns:
      true if the provided password matches with current password