org.apache.jackrabbit.core.security.authentication.token

Class TokenBasedAuthentication

java.lang.Object

org.apache.jackrabbit.core.security.authentication.token.TokenBasedAuthentication

All Implemented Interfaces:

Authentication

public class TokenBasedAuthentication
extends Object
implements Authentication

Authentication implementation that compares the tokens stored with a given user node to the token present in the SimpleCredentials attributes. Authentication succeeds if the login token refers to a non-expired token node and if all other credential attributes are equal to the corresponding properties.

Field Summary

Fields

Modifier and Type	Field and Description
static String	TOKEN_ATTRIBUTE The name of the login token attribute.
static long	TOKEN_EXPIRATION Default expiration time for login tokens is 2 hours.

Constructor Summary

Constructors

Constructor and Description
TokenBasedAuthentication(String token, long tokenExpiration, Session session)

Method Summary

Methods

Modifier and Type	Method and Description
boolean	authenticate(Credentials credentials) True if the Credentials identify the User related to this Authentication.
boolean	canHandle(Credentials credentials) An Authentication may only be able to handle certain types of Credentials as the authentication process is tightly coupled to the semantics of the Credentials.
static Credentials	createToken(org.apache.jackrabbit.api.security.user.User user, SimpleCredentials credentials, long tokenExpiration, Session session) Create a new token node for the specified user.
static boolean	doCreateToken(Credentials credentials) Returns true if the specified credentials should be used to create a new login token.
static Node	getTokenNode(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials credentials, Session session)
static boolean	isMandatoryAttribute(String attributeName) Returns true if the specified attributeName starts with or equals TOKEN_ATTRIBUTE.
static boolean	isTokenBasedLogin(Credentials credentials) Returns true if the given credentials object is an instance of TokenCredentials.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TOKEN_EXPIRATION

public static final long TOKEN_EXPIRATION

Default expiration time for login tokens is 2 hours.

See Also:

Constant Field Values

TOKEN_ATTRIBUTE

public static final String TOKEN_ATTRIBUTE

The name of the login token attribute.

See Also:

Constant Field Values

Constructor Detail

TokenBasedAuthentication

public TokenBasedAuthentication(String token,
                        long tokenExpiration,
                        Session session)
                         throws RepositoryException

Throws:

RepositoryException

Method Detail

canHandle

public boolean canHandle(Credentials credentials)

Description copied from interface: Authentication

An Authentication may only be able to handle certain types of Credentials as the authentication process is tightly coupled to the semantics of the Credentials. E.g.: A ticket based Authentication is dependant on a Credentials implementation which allows access to this ticket.

Specified by:

canHandle in interface Authentication

Parameters:

credentials - in questions

Returns:

true if the current Authentication handles the given Credentials

See Also:

Authentication.canHandle(javax.jcr.Credentials)

authenticate

public boolean authenticate(Credentials credentials)
                     throws RepositoryException

Description copied from interface: Authentication

True if the Credentials identify the User related to this Authentication.

Specified by:

authenticate in interface Authentication

Parameters:

credentials - to verify

Returns:

true if Credentials identify the User.

Throws:

RepositoryException - If an error occurs.

See Also:

Authentication.authenticate(javax.jcr.Credentials)

isTokenBasedLogin

public static boolean isTokenBasedLogin(Credentials credentials)

Returns true if the given credentials object is an instance of TokenCredentials.

Parameters:

credentials -

Returns:

true if the given credentials object is an instance of TokenCredentials; false otherwise.

isMandatoryAttribute

public static boolean isMandatoryAttribute(String attributeName)

Returns true if the specified attributeName starts with or equals TOKEN_ATTRIBUTE.

Parameters:

attributeName -

Returns:

true if the specified attributeName starts with or equals TOKEN_ATTRIBUTE.

doCreateToken

public static boolean doCreateToken(Credentials credentials)

Returns true if the specified credentials should be used to create a new login token.

Parameters:

credentials -

Returns:

true if upon successful authentication a new login token should be created; false otherwise.

createToken

public static Credentials createToken(org.apache.jackrabbit.api.security.user.User user,
                      SimpleCredentials credentials,
                      long tokenExpiration,
                      Session session)
                               throws RepositoryException

Create a new token node for the specified user.

Parameters:

user -

credentials -

tokenExpiration -

session -

Returns:

A new instance of TokenCredentials to be used for further login actions against this Authentication implementation.

Throws:

RepositoryException - If there is no node corresponding to the specified user in the current workspace or if an error occurs while creating the token node.

getTokenNode

public static Node getTokenNode(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials credentials,
                Session session)
                         throws RepositoryException

Throws:

RepositoryException