edu.cornell.mannlib.vitro.webapp.controller.authenticate

Class RestrictedAuthenticator

java.lang.Object

edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator

edu.cornell.mannlib.vitro.webapp.controller.authenticate.RestrictedAuthenticator

public class RestrictedAuthenticator
extends Authenticator

A "restricted" authenticator, that will not allow logins except for root and for users that are authorized to maintain the system.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	RestrictedAuthenticator.Factory

Nested classes/interfaces inherited from class edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator

Authenticator.AuthenticatorFactory, Authenticator.LoginNotPermitted

Field Summary

Fields inherited from class edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator

LOGGED_IN_TIMEOUT_INTERVAL, PRIVILEGED_TIMEOUT_INTERVAL

Constructor Summary

Constructors

Constructor and Description
RestrictedAuthenticator(javax.servlet.http.HttpServletRequest req, Authenticator auth)

Method Summary

Modifier and Type	Method and Description
boolean	accountRequiresEditing(UserAccount userAccount) Is a change in name or email required when the user logs in?
UserAccount	getAccountForExternalAuth(String externalAuthId) Get the UserAccount for this external ID, or null if there is none.
UserAccount	getAccountForInternalAuth(String emailAddress) Get the UserAccount for this email address, or null if there is none.
List<String>	getAssociatedIndividualUris(UserAccount userAccount) Get the URIs of all individuals associated with this user, whether by a self-editing property like cornellEmailNetid, or by mayEditAs.
boolean	isCurrentPassword(UserAccount userAccount, String clearTextPassword) Internal: does this UserAccount have this password? False if the userAccount is null.
boolean	isCurrentPasswordArgon2(UserAccount userAccount, String clearTextPassword) Does this UserAccount have this Argon2 password? False if the userAccount is null.
boolean	isUserPermittedToLogin(UserAccount userAccount) Is this user permitted to login? Some Authenticators might disable logins for certain users.
boolean	md5HashIsNull(UserAccount userAccount) Checks if the user still has got an MD5 Password
void	recordLoginAgainstUserAccount(UserAccount userAccount, LoginStatusBean.AuthenticationSource authSource) Record that the user has logged in, with all of the housekeeping that goes with it: - update the user record - set login status and timeout limit in the session - refresh the Identifiers on the request - record the user in the session map - notify other users of the model
void	recordNewPassword(UserAccount userAccount, String newClearTextPassword) Internal: record a new password for the user.
void	recordUserIsLoggedOut() Record that the current user has logged out: - notify other users of the model.
String	toString()

Methods inherited from class edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator

applyArgon2iEncoding, applyMd5Encoding, getIdsForUserAccount, getInstance, isValidEmailAddress, setAuthenticatorFactory, verifyArgon2iHash

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

RestrictedAuthenticator

public RestrictedAuthenticator(javax.servlet.http.HttpServletRequest req,
                               Authenticator auth)

Method Detail

isUserPermittedToLogin

public boolean isUserPermittedToLogin(UserAccount userAccount)

Description copied from class: Authenticator

Is this user permitted to login? Some Authenticators might disable logins for certain users. Behavior when userAccount is null depends on the particular Authenticator. An answer of "true" presumably means that the user will be permitted to login and create an account on the fly. Note that this method may rely on the HttpServletRequest object that was provided to the factory when this instance was created.

Specified by:

isUserPermittedToLogin in class Authenticator

recordLoginAgainstUserAccount

public void recordLoginAgainstUserAccount(UserAccount userAccount,
                                          LoginStatusBean.AuthenticationSource authSource)
                                   throws Authenticator.LoginNotPermitted

Description copied from class: Authenticator

 Record that the user has logged in, with all of the housekeeping that
 goes with it:
 - update the user record
 - set login status and timeout limit in the session
 - refresh the Identifiers on the request
 - record the user in the session map
 - notify other users of the model
 

Specified by:

recordLoginAgainstUserAccount in class Authenticator

Throws:

Authenticator.LoginNotPermitted - if the Authenticator denies this user the ability to login. This should be thrown if and only if isUserPermittedToLogin() returns false.

getAccountForExternalAuth

public UserAccount getAccountForExternalAuth(String externalAuthId)

Description copied from class: Authenticator

Get the UserAccount for this external ID, or null if there is none.

Specified by:

getAccountForExternalAuth in class Authenticator

getAccountForInternalAuth

public UserAccount getAccountForInternalAuth(String emailAddress)

Description copied from class: Authenticator

Get the UserAccount for this email address, or null if there is none.

Specified by:

getAccountForInternalAuth in class Authenticator

md5HashIsNull

public boolean md5HashIsNull(UserAccount userAccount)

Description copied from class: Authenticator

Checks if the user still has got an MD5 Password

Specified by:

md5HashIsNull in class Authenticator

isCurrentPasswordArgon2

public boolean isCurrentPasswordArgon2(UserAccount userAccount,
                                       String clearTextPassword)

Description copied from class: Authenticator

Does this UserAccount have this Argon2 password? False if the userAccount is null.

Specified by:

isCurrentPasswordArgon2 in class Authenticator

isCurrentPassword

public boolean isCurrentPassword(UserAccount userAccount,
                                 String clearTextPassword)

Description copied from class: Authenticator

Internal: does this UserAccount have this password? False if the userAccount is null.

Specified by:

isCurrentPassword in class Authenticator

recordNewPassword

public void recordNewPassword(UserAccount userAccount,
                              String newClearTextPassword)

Description copied from class: Authenticator

Internal: record a new password for the user. Takes no action if the userAccount is null.

Specified by:

recordNewPassword in class Authenticator

accountRequiresEditing

public boolean accountRequiresEditing(UserAccount userAccount)

Description copied from class: Authenticator

Is a change in name or email required when the user logs in?

Specified by:

accountRequiresEditing in class Authenticator

getAssociatedIndividualUris

public List<String> getAssociatedIndividualUris(UserAccount userAccount)

Description copied from class: Authenticator

Get the URIs of all individuals associated with this user, whether by a self-editing property like cornellEmailNetid, or by mayEditAs.

Specified by:

getAssociatedIndividualUris in class Authenticator

recordUserIsLoggedOut

public void recordUserIsLoggedOut()

Description copied from class: Authenticator

 Record that the current user has logged out: - notify other users of the
 model.
 - invalidate the session.
 

Specified by:

recordUserIsLoggedOut in class Authenticator

toString

public String toString()

Overrides:

toString in class Object