All Superinterfaces:: Action

public interface AuthenticationManager extends Action

Action interface for external authentication. Action factories are called with a AuthenticationContext object as the InvokationContext.getClientContext(). Use AuthenticationContext.getLoginRequest() to get information about the login and password used for logging in.

Since:: 3.3
Author:: Nicklas

Method Summary

Modifier and Type

Method

Description

AuthenticatedUser

authenticate()

Try to authenticate a user given the login information passed to the factory in the AuthenticationContext.

default void

vetoAuthenticatedUser(UserData user, AuthenticatedUser auth)

This method is called if there are multiple installed external authentication managers and at least one of them accepted the user in the authenticate() method.

Method Details
- authenticate
  
  AuthenticatedUser authenticate()
  Try to authenticate a user given the login information passed to the factory in the AuthenticationContext. There are three outcomes from this method:
  
  The login request was valid: An AuthenticatedUser object should be returned with at least the external id of the user.
  The login request was invalid: An AuthenticationException (or a subclass) should be thrown
  It was not possible to know if the request was invalid or not: null should be returned to let the authentication continue with another action or internal authentication.
  Returns:
  
  An AuthenticatedUser object if the user was authenticated, null if this action doesn't know if the login is valid or not
  
  Throws:
  
  AuthenticationException - If the user was not authenticated
- vetoAuthenticatedUser
  
  default void vetoAuthenticatedUser(UserData user, AuthenticatedUser auth)
  
  This method is called if there are multiple installed external authentication managers and at least one of them accepted the user in the authenticate() method. If so, all other authentication managers will get a chance to throw in a veto. For example, an administrator account may be protected with a special authentication manager (for example, YubiKey) while regular users by a simpler method (for example, OTP). If the administrator tries to login with the OTP method then the Yubikey authentication manager may veto this by throwing an AuthenticationException from this method. Note that this method is NOT called on the authentication manager that authenticated a user by returning information from the authenticate() method. To provide backwards compatibility with existing authentication managers this method has a default implementation that doesn't do anything.
  
  Parameters:
  
  user - The user that is trying to login
  
  auth - Information about the authentication
  
  Since:
  
  3.14

Interface AuthenticationManager

Method Summary

Method Details

authenticate

vetoAuthenticatedUser