Interface AuthenticationManager
-
- All Superinterfaces:
Action
public interface AuthenticationManager extends Action
Action interface for external authentication. Action factories are called with aAuthenticationContext
object as theInvokationContext.getClientContext()
. UseAuthenticationContext.getLoginRequest()
to get information about the login and password used for logging in.- Since:
- 3.3
- Author:
- Nicklas
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description AuthenticatedUser
authenticate()
Try to authenticate a user given the login information passed to the factory in theAuthenticationContext
.default void
vetoAuthenticatedUser(UserData user, AuthenticatedUser auth)
This method is called if there are multiple installed external authentication managers and at least one of them accepted the user in theauthenticate()
method.
-
-
-
Method Detail
-
authenticate
AuthenticatedUser authenticate()
Try to authenticate a user given the login information passed to the factory in theAuthenticationContext
. There are three outcomes from this method:- The login request was valid: An
AuthenticatedUser
object should be returned with at least the external id of the user. - The login request was invalid: An
AuthenticationException
(or a subclass) should be thrown - It was not possible to know if the request was invalid or not: null should be returned to let the authentication continue with another action or internal authentication.
- Returns:
- An AuthenticatedUser object if the user was authenticated, null if this action doesn't know if the login is valid or not
- Throws:
AuthenticationException
- If the user was not authenticated
- The login request was valid: An
-
vetoAuthenticatedUser
default void vetoAuthenticatedUser(UserData user, AuthenticatedUser auth)
This method is called if there are multiple installed external authentication managers and at least one of them accepted the user in theauthenticate()
method. If so, all other authentication managers will get a chance to throw in a veto. For example, an administrator account may be protected with a special authentication manager (for example, YubiKey) while regular users by a simpler method (for example, OTP). If the administrator tries to login with the OTP method then the Yubikey authentication manager may veto this by throwing anAuthenticationException
from this method. Note that this method is NOT called on the authentication manager that authenticated a user by returning information from theauthenticate()
method. To provide backwards compatibility with existing authentication managers this method has a default implementation that doesn't do anything.- Parameters:
user
- The user that is trying to loginauth
- Information about the authentication- Since:
- 3.14
-
-