org.jasig.cas.authentication.handler.support

Class AbstractPreAndPostProcessingAuthenticationHandler

java.lang.Object

org.jasig.cas.authentication.AbstractAuthenticationHandler

org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler

All Implemented Interfaces:

AuthenticationHandler

Direct Known Subclasses:

AbstractUsernamePasswordAuthenticationHandler

public abstract class AbstractPreAndPostProcessingAuthenticationHandler
extends AbstractAuthenticationHandler

Abstract authentication handler that allows deployers to utilize the bundled AuthenticationHandlers while providing a mechanism to perform tasks before and after authentication.

Since:

3.1

Author:

Scott Battaglia, Marvin S. Addison

Field Summary

Fields

Modifier and Type	Field and Description
protected org.slf4j.Logger	logger Instance of logging for subclasses.

Constructor Summary

Constructors

Constructor and Description
AbstractPreAndPostProcessingAuthenticationHandler()

Method Summary

Methods

Modifier and Type	Method and Description
HandlerResult	authenticate(Credential credential) Authenticates the given credential.
protected abstract HandlerResult	doAuthentication(Credential credential) Performs the details of authentication and returns an authentication handler result on success.
protected HandlerResult	postAuthenticate(Credential credential, HandlerResult result) Template method to perform arbitrary post-authentication actions.
protected boolean	preAuthenticate(Credential credential) Template method to perform arbitrary pre-authentication actions.

Methods inherited from class org.jasig.cas.authentication.AbstractAuthenticationHandler

getName, setName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.jasig.cas.authentication.AuthenticationHandler

supports

Field Detail

logger

protected final org.slf4j.Logger logger

Instance of logging for subclasses.

Constructor Detail

AbstractPreAndPostProcessingAuthenticationHandler

public AbstractPreAndPostProcessingAuthenticationHandler()

Method Detail

preAuthenticate

protected boolean preAuthenticate(Credential credential)

Template method to perform arbitrary pre-authentication actions.

Parameters:

credential - the Credential supplied

Returns:

true if authentication should continue, false otherwise.

postAuthenticate

protected HandlerResult postAuthenticate(Credential credential,
                             HandlerResult result)

Template method to perform arbitrary post-authentication actions.

Parameters:

credential - the supplied credential

result - the result of the authentication attempt.

Returns:

An authentication handler result that MAY be different or modified from that provided.

authenticate

public final HandlerResult authenticate(Credential credential)
                                 throws GeneralSecurityException,
                                        PreventedException

Authenticates the given credential. There are three possible outcomes of this process, and implementers MUST adhere to the following contract:

1. Success -- return HandlerResult
2. Failure -- throw GeneralSecurityException
3. Indeterminate -- throw PreventedException

Parameters:

credential - The credential to authenticate.

Returns:

A result object containing metadata about a successful authentication event that includes at a minimum the name of the handler that authenticated the credential and some credential metadata. The following data is optional:

• Principal
• Messages issued by the handler about the credential (e.g. impending password expiration warning)

Throws:

GeneralSecurityException - On authentication failures where the root cause is security related, e.g. invalid credential. Implementing classes SHOULD be as specific as possible in communicating the reason for authentication failure. Recommendations for common cases:

• Bad password: FailedLoginException
• Expired password: CredentialExpiredException
• User account expired: AccountExpiredException
• User account locked: AccountLockedException
• User account not found: AccountNotFoundException
• Time of authentication not allowed: InvalidLoginTimeException
• Location of authentication not allowed: InvalidLoginLocationException
• Expired X.509 certificate: CertificateExpiredException

PreventedException - On errors that prevented authentication from occurring. Implementing classes SHOULD take care to populate the cause, where applicable, with the error that prevented authentication.

doAuthentication

protected abstract HandlerResult doAuthentication(Credential credential)
                                           throws GeneralSecurityException,
                                                  PreventedException

Performs the details of authentication and returns an authentication handler result on success.

Parameters:

credential - Credential to authenticate.

Returns:

Authentication handler result on success.

Throws:

GeneralSecurityException - On authentication failure that is thrown out to the caller of authenticate(org.jasig.cas.authentication.Credential).

PreventedException - On the indeterminate case when authentication is prevented.