Interface AuthenticationManager
- All Superinterfaces:
Action
Action interface for external authentication. Action factories are called
with a
AuthenticationContext
object as the InvokationContext.getClientContext()
.
Use AuthenticationContext.getLoginRequest()
to get information about the login
and password used for logging in.- Since:
- 3.3
- Author:
- Nicklas
-
Method Summary
Modifier and TypeMethodDescriptionTry to authenticate a user given the login information passed to the factory in theAuthenticationContext
.default void
vetoAuthenticatedUser
(UserData user, AuthenticatedUser auth) This method is called if there are multiple installed external authentication managers and at least one of them accepted the user in theauthenticate()
method.
-
Method Details
-
authenticate
AuthenticatedUser authenticate()Try to authenticate a user given the login information passed to the factory in theAuthenticationContext
. There are three outcomes from this method:- The login request was valid: An
AuthenticatedUser
object should be returned with at least the external id of the user. - The login request was invalid: An
AuthenticationException
(or a subclass) should be thrown - It was not possible to know if the request was invalid or not: null should be returned to let the authentication continue with another action or internal authentication.
- Returns:
- An AuthenticatedUser object if the user was authenticated, null if this action doesn't know if the login is valid or not
- Throws:
AuthenticationException
- If the user was not authenticated
- The login request was valid: An
-
vetoAuthenticatedUser
This method is called if there are multiple installed external authentication managers and at least one of them accepted the user in theauthenticate()
method. If so, all other authentication managers will get a chance to throw in a veto. For example, an administrator account may be protected with a special authentication manager (for example, YubiKey) while regular users by a simpler method (for example, OTP). If the administrator tries to login with the OTP method then the Yubikey authentication manager may veto this by throwing anAuthenticationException
from this method. Note that this method is NOT called on the authentication manager that authenticated a user by returning information from theauthenticate()
method. To provide backwards compatibility with existing authentication managers this method has a default implementation that doesn't do anything.- Parameters:
user
- The user that is trying to loginauth
- Information about the authentication- Since:
- 3.14
-