All Superinterfaces:

Action
```
public interface AuthenticationManager
extends Action
```
Action interface for external authentication. Action factories are called with a AuthenticationContext object as the InvokationContext.getClientContext(). Use AuthenticationContext.getLoginRequest() to get information about the login and password used for logging in.

Since:

3.3

Author:

Nicklas

Method Summary

All Methods Instance Methods Abstract Methods Default Methods
Modifier and Type	Method	Description
`AuthenticatedUser`	`authenticate()`	Try to authenticate a user given the login information passed to the factory in the `AuthenticationContext`.
`default void`	`vetoAuthenticatedUser(UserData user, AuthenticatedUser auth)`	This method is called if there are multiple installed external authentication managers and at least one of them accepted the user in the `authenticate()` method.

- Method Detail
  - authenticate
```
AuthenticatedUser authenticate()
```
    Try to authenticate a user given the login information passed to the factory in the AuthenticationContext. There are three outcomes from this method:
    
    The login request was valid: An AuthenticatedUser object should be returned with at least the external id of the user.
    The login request was invalid: An AuthenticationException (or a subclass) should be thrown
    It was not possible to know if the request was invalid or not: null should be returned to let the authentication continue with another action or internal authentication.
    Returns:
    
    An AuthenticatedUser object if the user was authenticated, null if this action doesn't know if the login is valid or not
    
    Throws:
    
    AuthenticationException - If the user was not authenticated
  - vetoAuthenticatedUser
```
default void vetoAuthenticatedUser(UserData user,
                                   AuthenticatedUser auth)
```
    This method is called if there are multiple installed external authentication managers and at least one of them accepted the user in the authenticate() method. If so, all other authentication managers will get a chance to throw in a veto. For example, an administrator account may be protected with a special authentication manager (for example, YubiKey) while regular users by a simpler method (for example, OTP). If the administrator tries to login with the OTP method then the Yubikey authentication manager may veto this by throwing an AuthenticationException from this method. Note that this method is NOT called on the authentication manager that authenticated a user by returning information from the authenticate() method. To provide backwards compatibility with existing authentication managers this method has a default implementation that doesn't do anything.
    
    Parameters:
    
    user - The user that is trying to login
    
    auth - Information about the authentication
    
    Since:
    
    3.14

Interface AuthenticationManager

Method Summary

Method Detail

authenticate

vetoAuthenticatedUser