org.apereo.cas.authentication.handler.support

Class AbstractPreAndPostProcessingAuthenticationHandler

java.lang.Object

org.apereo.cas.authentication.AbstractAuthenticationHandler

org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler

All Implemented Interfaces:

AuthenticationHandler, PrePostAuthenticationHandler, org.springframework.core.Ordered

Direct Known Subclasses:

AbstractPac4jAuthenticationHandler, AbstractUsernamePasswordAuthenticationHandler, AuthyAuthenticationHandler, AzureAuthenticatorAuthenticationHandler, DuoAuthenticationHandler, GoogleAuthenticatorAuthenticationHandler, JcifsSpnegoAuthenticationHandler, NtlmAuthenticationHandler, PasswordlessTokenAuthenticationHandler, RadiusTokenAuthenticationHandler, SwivelAuthenticationHandler, U2FAuthenticationHandler, WsFederationAuthenticationHandler, X509CredentialsAuthenticationHandler, YubiKeyAuthenticationHandler

public abstract class AbstractPreAndPostProcessingAuthenticationHandler
extends AbstractAuthenticationHandler
implements PrePostAuthenticationHandler

Abstract authentication handler that allows deployers to utilize the bundled AuthenticationHandlers while providing a mechanism to perform tasks before and after authentication.

Since:

3.1

Field Summary

Fields inherited from class org.apereo.cas.authentication.AbstractAuthenticationHandler

credentialSelectionPredicate, principalFactory, servicesManager

Fields inherited from interface org.apereo.cas.authentication.AuthenticationHandler

SUCCESSFUL_AUTHENTICATION_HANDLERS

Fields inherited from interface org.springframework.core.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

Constructors

Constructor and Description
AbstractPreAndPostProcessingAuthenticationHandler(java.lang.String name, ServicesManager servicesManager, PrincipalFactory principalFactory, java.lang.Integer order)

Method Summary

Modifier and Type	Method and Description
AuthenticationHandlerExecutionResult	authenticate(Credential credential) Authenticates the given credential.
protected AuthenticationHandlerExecutionResult	createHandlerResult(Credential credential, Principal principal) Helper method to construct a handler result on successful authentication events.
protected AuthenticationHandlerExecutionResult	createHandlerResult(Credential credential, Principal principal, java.util.List<MessageDescriptor> warnings) Helper method to construct a handler result on successful authentication events.
protected abstract AuthenticationHandlerExecutionResult	doAuthentication(Credential credential) Performs the details of authentication and returns an authentication handler result on success.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apereo.cas.authentication.PrePostAuthenticationHandler

postAuthenticate, preAuthenticate

Methods inherited from interface org.apereo.cas.authentication.AuthenticationHandler

getName, getOrder, supports

Constructor Detail

AbstractPreAndPostProcessingAuthenticationHandler

public AbstractPreAndPostProcessingAuthenticationHandler(java.lang.String name,
                                                         ServicesManager servicesManager,
                                                         PrincipalFactory principalFactory,
                                                         java.lang.Integer order)

Method Detail

authenticate

public AuthenticationHandlerExecutionResult authenticate(Credential credential)
                                                  throws java.security.GeneralSecurityException,
                                                         PreventedException

Description copied from interface: AuthenticationHandler

Authenticates the given credential. There are three possible outcomes of this process, and implementers MUST adhere to the following contract:

1. Success -- return AuthenticationHandlerExecutionResult
2. Failure -- throw GeneralSecurityException
3. Indeterminate -- throw PreventedException

Specified by:

authenticate in interface AuthenticationHandler

Parameters:

credential - The credential to authenticate.

Returns:

A result object containing metadata about a successful authentication event that includes at a minimum the name of the handler that authenticated the credential and some credential metadata. The following data is optional:

• Principal
• Messages issued by the handler about the credential (e.g. impending password expiration warning)

Throws:

java.security.GeneralSecurityException - On authentication failures where the root cause is security related, e.g. invalid credential. Implementing classes SHOULD be as specific as possible in communicating the reason for authentication failure. Recommendations for common cases:

• Bad password: javax.security.auth.login.FailedLoginException
• Expired password: javax.security.auth.login.CredentialExpiredException
• User account expired: javax.security.auth.login.AccountExpiredException
• User account locked: javax.security.auth.login.AccountLockedException
• User account not found: javax.security.auth.login.AccountNotFoundException
• Time of authentication not allowed: org.apereo.cas.authentication.InvalidLoginTimeException
• Location of authentication not allowed: org.apereo.cas.authentication.InvalidLoginLocationException
• Expired X.509 certificate: java.security.cert.CertificateExpiredException

PreventedException - On errors that prevented authentication from occurring. Implementing classes SHOULD take care to populate the cause, where applicable, with the error that prevented authentication.

doAuthentication

protected abstract AuthenticationHandlerExecutionResult doAuthentication(Credential credential)
                                                                  throws java.security.GeneralSecurityException,
                                                                         PreventedException

Performs the details of authentication and returns an authentication handler result on success.

Parameters:

credential - Credential to authenticate.

Returns:

Authentication handler result on success.

Throws:

java.security.GeneralSecurityException - On authentication failure that is thrown out to the caller of authenticate(Credential).

PreventedException - On the indeterminate case when authentication is prevented.

createHandlerResult

protected AuthenticationHandlerExecutionResult createHandlerResult(@NonNull
                                                                   Credential credential,
                                                                   @NonNull
                                                                   Principal principal,
                                                                   java.util.List<MessageDescriptor> warnings)

Helper method to construct a handler result on successful authentication events.

Parameters:

credential - the credential on which the authentication was successfully performed. Note that this credential instance may be different from what was originally provided as transformation of the username may have occurred, if one is in fact defined.

principal - the resolved principal

warnings - the warnings

Returns:

the constructed handler result

createHandlerResult

protected AuthenticationHandlerExecutionResult createHandlerResult(@NonNull
                                                                   Credential credential,
                                                                   @NonNull
                                                                   Principal principal)

Helper method to construct a handler result on successful authentication events.

Parameters:

credential - the credential on which the authentication was successfully performed. Note that this credential instance may be different from what was originally provided as transformation of the username may have occurred, if one is in fact defined.

principal - the resolved principal

Returns:

the constructed handler result