Class AuthenticationServiceImpl
java.lang.Object
org.alfresco.repo.security.authentication.AbstractAuthenticationService
org.alfresco.repo.security.authentication.AuthenticationServiceImpl
- All Implemented Interfaces:
ActivateableBean,AuthenticationService
- Direct Known Subclasses:
MutableAuthenticationServiceImpl
public class AuthenticationServiceImpl
extends AbstractAuthenticationService
implements ActivateableBean
-
Field Summary
Fields inherited from class org.alfresco.repo.security.authentication.AbstractAuthenticationService
GUEST_AUTHENTICATION_NOT_SUPPORTED -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidauthenticate(String userName, char[] password) Carry out an authentication attempt.voidAuthenticate as the guest user.booleanauthenticationExists(String userName) Check if the given authentication exists.voidRemove the current security informationintcountTickets(boolean nonExpiredOnly) booleanbooleanbooleanbooleangetAuthenticationEnabled(String userName) Is an authentication enabled or disabled?Get the current ticket as a stringGet the name of the currently authenticated user.Gets a set of user names who should be considered 'administrators' by default.Gets a set of user names who should be considered 'guests' by default.Get the domain to which this instance of an authentication service applies.Does this instance alow user to be created?Does this instance allow users to be deleted?Does this instance allow users to update their passwords?Get a new ticket as a stringprotected StringThis method is called from thevalidate(String)method.getProtectedUserKey(String userName) Creates a key by combining the service instance ID with the username.getUsersWithTickets(boolean nonExpiredOnly) booleanCheck if Guest user authentication is allowed.voidinvalidateTicket(String ticket) Invalidate a single ticket by IDintinvalidateTickets(boolean expiredOnly) voidinvalidateUserSession(String userName) Invalidate any tickets held by the user.booleanisActive()Determines whether this bean is active.booleanIs the current user the system user?booleanbooleanisUserProtected(String userName) voidrecordFailedAuthentication(String userName) Method records a failed login attempt.voidsetAllowsUserCreation(boolean allowsUserCreation) voidsetAllowsUserDeletion(boolean allowsUserDeletion) voidsetAllowsUserPasswordChange(boolean allowsUserPasswordChange) voidsetAuthenticationComponent(AuthenticationComponent authenticationComponent) voidvoidsetPersonService(PersonService personService) voidsetProtectedUsersCache(SimpleCache<String, org.alfresco.repo.security.authentication.ProtectedUser> protectedUsersCache) voidsetProtectionEnabled(boolean protectionEnabled) voidsetProtectionLimit(int protectionLimit) voidsetProtectionPeriodSeconds(int protectionPeriodSeconds) voidsetTicketComponent(TicketComponent ticketComponent) voidValidate a ticket.Methods inherited from class org.alfresco.repo.security.authentication.AbstractAuthenticationService
getAllowedUsers, getMaxUsers, preAuthenticationCheck, setSysAdminParams
-
Constructor Details
-
AuthenticationServiceImpl
public AuthenticationServiceImpl()
-
-
Method Details
-
setProtectionPeriodSeconds
public void setProtectionPeriodSeconds(int protectionPeriodSeconds) -
setProtectionEnabled
public void setProtectionEnabled(boolean protectionEnabled) -
isProtectionEnabled
public boolean isProtectionEnabled() -
setProtectionLimit
public void setProtectionLimit(int protectionLimit) -
setProtectedUsersCache
public void setProtectedUsersCache(SimpleCache<String, org.alfresco.repo.security.authentication.ProtectedUser> protectedUsersCache) -
setPersonService
-
setTicketComponent
-
setAuthenticationComponent
-
isActive
public boolean isActive()Description copied from interface:ActivateableBeanDetermines whether this bean is active.- Specified by:
isActivein interfaceActivateableBean- Returns:
trueif this bean is active
-
authenticate
Description copied from interface:AuthenticationServiceCarry out an authentication attempt. If successful the user is set to the current user. The current user is a part of the thread context.- Specified by:
authenticatein interfaceAuthenticationService- Parameters:
userName- the usernamepassword- the passowrd- Throws:
AuthenticationException
-
isUserProtected
- Returns:
trueif user is 'protected' from brute force attack
-
recordFailedAuthentication
Method records a failed login attempt. If the number of recorded failures exceedsprotectionLimitthe user will be considered 'protected'. -
getProtectedUserKey
Creates a key by combining the service instance ID with the username. This are the type of keys maintained by protectedUsersCache map. -
getCurrentUserName
Description copied from interface:AuthenticationServiceGet the name of the currently authenticated user.- Specified by:
getCurrentUserNamein interfaceAuthenticationService- Returns:
- String
- Throws:
AuthenticationException
-
invalidateUserSession
Description copied from interface:AuthenticationServiceInvalidate any tickets held by the user.- Specified by:
invalidateUserSessionin interfaceAuthenticationService- Throws:
AuthenticationException
-
getUsersWithTickets
- Specified by:
getUsersWithTicketsin classAbstractAuthenticationService
-
invalidateTicket
Description copied from interface:AuthenticationServiceInvalidate a single ticket by ID- Specified by:
invalidateTicketin interfaceAuthenticationService- Parameters:
ticket- String- Throws:
AuthenticationException
-
countTickets
public int countTickets(boolean nonExpiredOnly) - Specified by:
countTicketsin classAbstractAuthenticationService
-
invalidateTickets
public int invalidateTickets(boolean expiredOnly) - Specified by:
invalidateTicketsin classAbstractAuthenticationService
-
validate
Description copied from interface:AuthenticationServiceValidate a ticket. Set the current user name accordingly.- Specified by:
validatein interfaceAuthenticationService- Parameters:
ticket- String- Throws:
AuthenticationException
-
getPrevalidationTenantDomain
This method is called from thevalidate(String)method. If this method returns null then the user's tenant will be obtained from the username. This is generally correct in the case where the user can be associated with just one tenant. Override this method in order to force the selection of a different tenant (for whatever reason).- Returns:
- String
-
getCurrentTicket
Description copied from interface:AuthenticationServiceGet the current ticket as a string- Specified by:
getCurrentTicketin interfaceAuthenticationService- Returns:
- String
- Throws:
AuthenticationException
-
getNewTicket
Description copied from interface:AuthenticationServiceGet a new ticket as a string- Specified by:
getNewTicketin interfaceAuthenticationService- Returns:
- String
-
clearCurrentSecurityContext
public void clearCurrentSecurityContext()Description copied from interface:AuthenticationServiceRemove the current security information- Specified by:
clearCurrentSecurityContextin interfaceAuthenticationService
-
isCurrentUserTheSystemUser
public boolean isCurrentUserTheSystemUser()Description copied from interface:AuthenticationServiceIs the current user the system user?- Specified by:
isCurrentUserTheSystemUserin interfaceAuthenticationService
-
authenticateAsGuest
Description copied from interface:AuthenticationServiceAuthenticate as the guest user. This may not be allowed and throw an exception.- Specified by:
authenticateAsGuestin interfaceAuthenticationService- Throws:
AuthenticationException
-
guestUserAuthenticationAllowed
public boolean guestUserAuthenticationAllowed()Description copied from interface:AuthenticationServiceCheck if Guest user authentication is allowed.- Specified by:
guestUserAuthenticationAllowedin interfaceAuthenticationService- Returns:
- true if Guest user authentication is allowed, false otherwise
-
getAllowsUserCreation
public boolean getAllowsUserCreation() -
setAllowsUserCreation
public void setAllowsUserCreation(boolean allowsUserCreation) -
getAllowsUserDeletion
public boolean getAllowsUserDeletion() -
setAllowsUserDeletion
public void setAllowsUserDeletion(boolean allowsUserDeletion) -
getAllowsUserPasswordChange
public boolean getAllowsUserPasswordChange() -
setAllowsUserPasswordChange
public void setAllowsUserPasswordChange(boolean allowsUserPasswordChange) -
getDomain
-
setDomain
-
getDomains
Description copied from interface:AuthenticationServiceGet the domain to which this instance of an authentication service applies.- Specified by:
getDomainsin interfaceAuthenticationService- Returns:
- The domain name
-
getDomainsThatAllowUserCreation
Description copied from interface:AuthenticationServiceDoes this instance alow user to be created?- Specified by:
getDomainsThatAllowUserCreationin interfaceAuthenticationService
-
getDomainsThatAllowUserDeletion
Description copied from interface:AuthenticationServiceDoes this instance allow users to be deleted?- Specified by:
getDomainsThatAllowUserDeletionin interfaceAuthenticationService
-
getDomiansThatAllowUserPasswordChanges
Description copied from interface:AuthenticationServiceDoes this instance allow users to update their passwords?- Specified by:
getDomiansThatAllowUserPasswordChangesin interfaceAuthenticationService
-
getTicketComponents
- Specified by:
getTicketComponentsin classAbstractAuthenticationService
-
getDefaultAdministratorUserNames
Gets a set of user names who should be considered 'administrators' by default.- Specified by:
getDefaultAdministratorUserNamesin interfaceAuthenticationService- Returns:
- a set of user names
-
getDefaultGuestUserNames
Gets a set of user names who should be considered 'guests' by default.- Specified by:
getDefaultGuestUserNamesin interfaceAuthenticationService- Returns:
- a set of user names
-
authenticationExists
Check if the given authentication exists.- Specified by:
authenticationExistsin interfaceAuthenticationService- Parameters:
userName- the username- Returns:
- Returns true if the authentication exists
-
getAuthenticationEnabled
Is an authentication enabled or disabled?- Specified by:
getAuthenticationEnabledin interfaceAuthenticationService- Throws:
AuthenticationException
-