All Superinterfaces:

org.springframework.core.Ordered

All Known Subinterfaces:

PrePostAuthenticationHandler

Functional Interface:

This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.
```
@FunctionalInterface
public interface AuthenticationHandler
extends org.springframework.core.Ordered
```
An authentication handler authenticates a single credential. In many cases credentials are authenticated by comparison with data in a system of record such as LDAP directory or database.

Since:

4.0.0

Field Summary

Fields
Modifier and Type	Field	Description
`static java.lang.String`	`SUCCESSFUL_AUTHENTICATION_HANDLERS`	Attribute name containing collection of handler names that successfully authenticated credential.

Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Method Summary

All Methods Instance Methods Abstract Methods Default Methods
Modifier and Type	Method	Description
`AuthenticationHandlerExecutionResult`	`authenticate(Credential credential)`	Authenticates the given credential.
`default java.lang.String`	`getName()`	Gets a unique name for this authentication handler within the Spring context that contains it.
`default int`	`getOrder()`
`default boolean`	`supports(java.lang.Class<? extends Credential> clazz)`	Supports credential class.
`default boolean`	`supports(Credential credential)`	Determines whether the handler has the capability to authenticate the given credential.

- Field Detail
  - SUCCESSFUL_AUTHENTICATION_HANDLERS
```
static final java.lang.String SUCCESSFUL_AUTHENTICATION_HANDLERS
```
    Attribute name containing collection of handler names that successfully authenticated credential.
    
    See Also:
    
    Constant Field Values
- Method Detail
  - authenticate
```
AuthenticationHandlerExecutionResult authenticate(Credential credential)
                                           throws java.security.GeneralSecurityException,
                                                  PreventedException
```
    Authenticates the given credential. There are three possible outcomes of this process, and implementers MUST adhere to the following contract:
    
    Success -- return AuthenticationHandlerExecutionResult
    
    Failure -- throw GeneralSecurityException
    
    Indeterminate -- throw PreventedException
    Parameters:
    
    credential - The credential to authenticate.
    
    Returns:
    
    A result object containing metadata about a successful authentication event that includes at a minimum the name of the handler that authenticated the credential and some credential metadata. The following data is optional:
    
    Principal
    
    Messages issued by the handler about the credential (e.g. impending password expiration warning)
    
    Throws:
    
    java.security.GeneralSecurityException - On authentication failures where the root cause is security related, e.g. invalid credential. Implementing classes SHOULD be as specific as possible in communicating the reason for authentication failure. Recommendations for common cases:
    
    Bad password: javax.security.auth.login.FailedLoginException
    
    Expired password: javax.security.auth.login.CredentialExpiredException
    
    User account expired: javax.security.auth.login.AccountExpiredException
    
    User account locked: javax.security.auth.login.AccountLockedException
    
    User account not found: javax.security.auth.login.AccountNotFoundException
    
    Time of authentication not allowed: org.apereo.cas.authentication.InvalidLoginTimeException
    
    Location of authentication not allowed: org.apereo.cas.authentication.InvalidLoginLocationException
    
    Expired X.509 certificate: java.security.cert.CertificateExpiredException
    
    PreventedException - On errors that prevented authentication from occurring. Implementing classes SHOULD take care to populate the cause, where applicable, with the error that prevented authentication.
  - supports
```
default boolean supports(Credential credential)
```
    Determines whether the handler has the capability to authenticate the given credential. In practical terms, the authenticate(Credential) method MUST be capable of processing a given credential if supports returns true on the same credential.
    
    Parameters:
    
    credential - The credential to check.
    
    Returns:
    
    True if the handler supports the Credential, false otherwise.
  - supports
```
default boolean supports(java.lang.Class<? extends Credential> clazz)
```
    Supports credential class.
    
    Parameters:
    
    clazz - the clazz
    
    Returns:
    
    true/false
  - getName
```
default java.lang.String getName()
```
    Gets a unique name for this authentication handler within the Spring context that contains it. For implementations that allow setting a unique name, deployers MUST take care to ensure that every handler instance has a unique name.
    
    Returns:
    
    Unique name within a Spring context.
  - getOrder
```
default int getOrder()
```
    Specified by:
    
    getOrder in interface org.springframework.core.Ordered

Interface AuthenticationHandler

Field Summary

Fields inherited from interface org.springframework.core.Ordered

Method Summary

Field Detail

SUCCESSFUL_AUTHENTICATION_HANDLERS

Method Detail

authenticate

supports

supports

getName

getOrder