Package org.apereo.cas.authentication
Interface AuthenticationHandler
-
- All Superinterfaces:
org.springframework.core.Ordered
- All Known Subinterfaces:
PrePostAuthenticationHandler
- Functional Interface:
- This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.
@FunctionalInterface public interface AuthenticationHandler extends org.springframework.core.Ordered
An authentication handler authenticates a single credential. In many cases credentials are authenticated by comparison with data in a system of record such as LDAP directory or database.- Since:
- 4.0.0
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
SUCCESSFUL_AUTHENTICATION_HANDLERS
Attribute name containing collection of handler names that successfully authenticated credential.
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description AuthenticationHandlerExecutionResult
authenticate(Credential credential)
Authenticates the given credential.default java.lang.String
getName()
Gets a unique name for this authentication handler within the Spring context that contains it.default int
getOrder()
default boolean
supports(java.lang.Class<? extends Credential> clazz)
Supports credential class.default boolean
supports(Credential credential)
Determines whether the handler has the capability to authenticate the given credential.
-
-
-
Field Detail
-
SUCCESSFUL_AUTHENTICATION_HANDLERS
static final java.lang.String SUCCESSFUL_AUTHENTICATION_HANDLERS
Attribute name containing collection of handler names that successfully authenticated credential.- See Also:
- Constant Field Values
-
-
Method Detail
-
authenticate
AuthenticationHandlerExecutionResult authenticate(Credential credential) throws java.security.GeneralSecurityException, PreventedException
Authenticates the given credential. There are three possible outcomes of this process, and implementers MUST adhere to the following contract:- Success -- return
AuthenticationHandlerExecutionResult
- Failure -- throw
GeneralSecurityException
- Indeterminate -- throw
PreventedException
- Parameters:
credential
- The credential to authenticate.- Returns:
- A result object containing metadata about a successful authentication event that includes at a minimum the name of the handler that
authenticated the credential and some credential metadata. The following data is optional:
Principal
- Messages issued by the handler about the credential (e.g. impending password expiration warning)
- Throws:
java.security.GeneralSecurityException
- On authentication failures where the root cause is security related, e.g. invalid credential. Implementing classes SHOULD be as specific as possible in communicating the reason for authentication failure. Recommendations for common cases:- Bad password:
javax.security.auth.login.FailedLoginException
- Expired password:
javax.security.auth.login.CredentialExpiredException
- User account expired:
javax.security.auth.login.AccountExpiredException
- User account locked:
javax.security.auth.login.AccountLockedException
- User account not found:
javax.security.auth.login.AccountNotFoundException
- Time of authentication not allowed:
org.apereo.cas.authentication.InvalidLoginTimeException
- Location of authentication not allowed:
org.apereo.cas.authentication.InvalidLoginLocationException
- Expired X.509 certificate:
java.security.cert.CertificateExpiredException
- Bad password:
PreventedException
- On errors that prevented authentication from occurring. Implementing classes SHOULD take care to populate the cause, where applicable, with the error that prevented authentication.
- Success -- return
-
supports
default boolean supports(Credential credential)
Determines whether the handler has the capability to authenticate the given credential. In practical terms, theauthenticate(Credential)
method MUST be capable of processing a given credential ifsupports
returns true on the same credential.- Parameters:
credential
- The credential to check.- Returns:
- True if the handler supports the Credential, false otherwise.
-
supports
default boolean supports(java.lang.Class<? extends Credential> clazz)
Supports credential class.- Parameters:
clazz
- the clazz- Returns:
- true/false
-
getName
default java.lang.String getName()
Gets a unique name for this authentication handler within the Spring context that contains it. For implementations that allow setting a unique name, deployers MUST take care to ensure that every handler instance has a unique name.- Returns:
- Unique name within a Spring context.
-
getOrder
default int getOrder()
- Specified by:
getOrder
in interfaceorg.springframework.core.Ordered
-
-