Package org.jasig.cas.authentication.handler

The handler package contains the classes used to authenticate a user.

See: Description

Interface Summary

Interface	Description
PasswordEncoder	Interface to provide a standard way to translate a plaintext password into a different representation of that password so that the password may be compared with the stored encrypted password without having to decode the encrypted password.
PrincipalNameTransformer	Strategy pattern component for transforming principal names in the authentication pipeline.

Class Summary

Class	Description
DefaultPasswordEncoder	Implementation of PasswordEncoder using message digest.
NoOpPrincipalNameTransformer	Simple implementation that actually does NO transformation.
PlainTextPasswordEncoder	Default password encoder for the case where no password encoder is needed.
PrefixSuffixPrincipalNameTransformer	Transform the user id by adding a prefix or suffix.

Exception Summary

Exception	Description
AuthenticationException	The most generic type of authentication exception that one can catch if not sure what specific implementation will be thrown.
BadCredentialsAuthenticationException	Generic Bad Credential Exception.
BadPasswordAuthenticationException	The exception to throw when we know the username is correct but the password is not.
BadUsernameOrPasswordAuthenticationException	Exception to throw when we know the credentials provided were username/password and the combination is wrong.
BlockedCredentialsAuthenticationException	Exception to represent credentials that have been blocked for a reason such as Locked account.
UncategorizedAuthenticationException	Generic abstract exception to extend when you don't know what the heck is going on.
UnknownUsernameAuthenticationException	The exception to throw when we explicitly don't know anything about the username.
UnsupportedCredentialsException	The exception thrown when a Handler does not know how to determine the validity of the credentials based on the fact that it does not know what to do with the credentials presented.

Package org.jasig.cas.authentication.handler Description

The handler package contains the classes used to authenticate a user. It contains the AuthenticationHandler interface which is used to validate credential. It also contains the PasswordEncoders which are used by implementations of the AuthenticationHandler to provide conversion from plain text to whatever the password is encoded as in the data store.

The package also contains a well-defined exception heirarchy to allow fine-grained error messages to be displayed.

Examples of AuthenticationHandlers implementations:

• If the credential are a Userid and Password, then it submits them to an external Kerberos, LDAP, or JDBC authority for validation.
• If the credential are a Certificate, then it verifies the Issuer chain against some list of reliable CAs, checks the date to make sure it hasn't expired, and checks the CRL to make sure it wasn't revoked.
• If authentication has been done by the Servlet Container or by a Filter, then the Credentials have been extracted from the HttpRequest object. Notably, this will include the REMOTE_USER. Such Credentials are implicitly trusted and self validating, so an AuthenticationHandler recognizing such an object will indicate that it is valid without inspecting its contents.