org.apereo.cas.authentication

Class AbstractAuthenticationManager

java.lang.Object

org.apereo.cas.authentication.AbstractAuthenticationManager

All Implemented Interfaces:

AuthenticationManager

Direct Known Subclasses:

PolicyBasedAuthenticationManager

public abstract class AbstractAuthenticationManager
extends java.lang.Object
implements AuthenticationManager

This is AbstractAuthenticationManager, which provides common operations around an authentication manager implementation.

Since:

5.0.0

Field Summary

Fields

Modifier and Type	Field and Description
protected AuthenticationEventExecutionPlan	authenticationEventExecutionPlan Plan to execute the authentication transaction.
protected AuthenticationHandlerResolver	authenticationHandlerResolver The Authentication handler resolver.
protected boolean	principalResolutionFailureFatal Indicate if principal resolution should totally fail and no fall back onto principal that is produced by the authentication handler.

Fields inherited from interface org.apereo.cas.authentication.AuthenticationManager

AUTHENTICATION_METHOD_ATTRIBUTE

Constructor Summary

Constructors

Modifier

Constructor and Description

protected

AbstractAuthenticationManager(AuthenticationEventExecutionPlan authenticationEventExecutionPlan, AuthenticationHandlerResolver authenticationHandlerResolver, boolean principalResolutionFatal) Creates a new authentication manager with a map of authentication handlers to the principal resolvers that should be used upon successful authentication if no principal is resolved by the authentication handler.

Method Summary

Modifier and Type	Method and Description
protected void	addAuthenticationMethodAttribute(AuthenticationBuilder builder, Authentication authentication) Add authentication method attribute.
Authentication	authenticate(AuthenticationTransaction transaction) Authenticates the provided credentials.
protected void	authenticateAndResolvePrincipal(AuthenticationBuilder builder, Credential credential, PrincipalResolver resolver, AuthenticationHandler handler) Authenticate and resolve principal.
protected abstract AuthenticationBuilder	authenticateInternal(AuthenticationTransaction transaction) Follows the same contract as AuthenticationManager.authenticate(AuthenticationTransaction).
protected java.util.Set<AuthenticationHandler>	getAuthenticationHandlersForThisTransaction(AuthenticationTransaction transaction) Gets authentication handlers for this transaction.
protected java.util.Collection<AuthenticationMetaDataPopulator>	getAuthenticationMetadataPopulatorsForTransaction(AuthenticationTransaction transaction) Gets authentication metadata populators for transaction.
protected PrincipalResolver	getPrincipalResolverLinkedToHandlerIfAny(AuthenticationHandler handler, AuthenticationTransaction transaction) Gets principal resolver linked to the handler if any.
protected void	populateAuthenticationMetadataAttributes(AuthenticationBuilder builder, AuthenticationTransaction transaction) Populate authentication metadata attributes.
protected void	publishEvent(org.springframework.context.ApplicationEvent event) Publish event.
protected Principal	resolvePrincipal(AuthenticationHandler handler, PrincipalResolver resolver, Credential credential, Principal principal) Resolve principal.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

authenticationEventExecutionPlan

protected final AuthenticationEventExecutionPlan authenticationEventExecutionPlan

Plan to execute the authentication transaction.

authenticationHandlerResolver

protected final AuthenticationHandlerResolver authenticationHandlerResolver

The Authentication handler resolver.

principalResolutionFailureFatal

protected boolean principalResolutionFailureFatal

Indicate if principal resolution should totally fail and no fall back onto principal that is produced by the authentication handler.

Constructor Detail

AbstractAuthenticationManager

protected AbstractAuthenticationManager(AuthenticationEventExecutionPlan authenticationEventExecutionPlan,
                                        AuthenticationHandlerResolver authenticationHandlerResolver,
                                        boolean principalResolutionFatal)

Creates a new authentication manager with a map of authentication handlers to the principal resolvers that should be used upon successful authentication if no principal is resolved by the authentication handler. If the order of evaluation of authentication handlers is important, a map that preserves insertion order (e.g. LinkedHashMap) should be used.

Parameters:

authenticationEventExecutionPlan - Describe the execution plan for this manager

authenticationHandlerResolver - the authentication handler resolver

principalResolutionFatal - the principal resolution fatal

Method Detail

populateAuthenticationMetadataAttributes

protected void populateAuthenticationMetadataAttributes(AuthenticationBuilder builder,
                                                        AuthenticationTransaction transaction)

Populate authentication metadata attributes.

Parameters:

builder - the builder

transaction - the transaction

addAuthenticationMethodAttribute

protected void addAuthenticationMethodAttribute(AuthenticationBuilder builder,
                                                Authentication authentication)

Add authentication method attribute.

Parameters:

builder - the builder

authentication - the authentication

resolvePrincipal

protected Principal resolvePrincipal(AuthenticationHandler handler,
                                     PrincipalResolver resolver,
                                     Credential credential,
                                     Principal principal)

Resolve principal.

Parameters:

handler - the handler name

resolver - the resolver

credential - the credential

principal - the current authenticated principal from a handler, if any.

Returns:

the principal

authenticate

@Timed(name="AUTHENTICATE_TIMER")
 @Metered(name="AUTHENTICATE_METER")
 @Counted(name="AUTHENTICATE_COUNT",
         monotonic=true)
public Authentication authenticate(AuthenticationTransaction transaction)
                                                                                                                                                                     throws AuthenticationException

Description copied from interface: AuthenticationManager

Authenticates the provided credentials. On success, an Authentication object is returned containing metadata about the result of each authenticated credential. Note that a particular implementation may require some or all credentials to be successfully authenticated. Failure to authenticate is considered an exceptional case, and an AuthenticationException is thrown.

Specified by:

authenticate in interface AuthenticationManager

Parameters:

transaction - Process a single authentication transaction

Returns:

Authentication object on success that contains metadata about credentials that were authenticated.

Throws:

AuthenticationException - On authentication failure. The exception contains details on each of the credentials that failed to authenticate.

authenticateAndResolvePrincipal

protected void authenticateAndResolvePrincipal(AuthenticationBuilder builder,
                                               Credential credential,
                                               PrincipalResolver resolver,
                                               AuthenticationHandler handler)
                                        throws java.security.GeneralSecurityException,
                                               PreventedException

Authenticate and resolve principal.

Parameters:

builder - the builder

credential - the credential

resolver - the resolver

handler - the handler

Throws:

java.security.GeneralSecurityException - the general security exception

PreventedException - the prevented exception

authenticateInternal

protected abstract AuthenticationBuilder authenticateInternal(AuthenticationTransaction transaction)
                                                       throws AuthenticationException

Follows the same contract as AuthenticationManager.authenticate(AuthenticationTransaction).

Parameters:

transaction - the authentication transaction

Returns:

An authentication containing a resolved principal and metadata about successful and failed authentications. There SHOULD be a record of each attempted authentication, whether success or failure.

Throws:

AuthenticationException - When one or more credentials failed authentication such that security policy was not satisfied.

getAuthenticationHandlersForThisTransaction

protected java.util.Set<AuthenticationHandler> getAuthenticationHandlersForThisTransaction(AuthenticationTransaction transaction)

Gets authentication handlers for this transaction.

Parameters:

transaction - the transaction

Returns:

the authentication handlers for this transaction

getPrincipalResolverLinkedToHandlerIfAny

protected PrincipalResolver getPrincipalResolverLinkedToHandlerIfAny(AuthenticationHandler handler,
                                                                     AuthenticationTransaction transaction)

Gets principal resolver linked to the handler if any.

Parameters:

handler - the handler

transaction - the transaction

Returns:

the principal resolver linked to handler if any, or null.

getAuthenticationMetadataPopulatorsForTransaction

protected java.util.Collection<AuthenticationMetaDataPopulator> getAuthenticationMetadataPopulatorsForTransaction(AuthenticationTransaction transaction)

Gets authentication metadata populators for transaction.

Parameters:

transaction - the transaction

Returns:

the authentication metadata populators for transaction

publishEvent

protected void publishEvent(org.springframework.context.ApplicationEvent event)

Publish event.

Parameters:

event - the event