Class AuthManager
java.lang.Object
org.dogtagpki.server.authentication.AuthManager
- Direct Known Subclasses:
AgentCertAuthentication
,CertUserDBAuthentication
,DirBasedAuthentication
,HashAuthentication
,NullAuthentication
,PasswdUserDBAuthentication
,SessionAuthentication
,SSLclientCertAuthentication
,TokenAuthentication
Authentication Manager interface.
This interface can also be used for profile authentication.
If authentication is successful, request will be processed
immediately. Otherwise, the request will be deferred and
manual approval is then required.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
protected AuthenticationConfig
static final String
Standard credential for client cert's serial number from revocation.static final String
static final String
static final String
static final String
static final String
protected CMSEngine
protected AuthManagerConfig
protected String[]
protected String
protected String
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionabstract AuthToken
authenticate
(AuthCredentials authCred) Authenticate the given credentials.String[]
Get configuration parameters for this implementation.Get the configuration store for this authentication manager.Get name of authentication manager plugin.getName()
Get the name of this authentication manager instance.Retrieves the localizable name of this policy.abstract String[]
Gets a list of the required credentials for this authentication manager.abstract String
Retrieves the localizable description of this policy.abstract IDescriptor
getValueDescriptor
(Locale locale, String name) Retrieves the descriptor of the given value property by name.abstract Enumeration
<String> Retrieves a list of names of the property.abstract void
init
(ConfigStore config) Initializes this default policy.abstract void
init
(AuthenticationConfig authenticationConfig, String name, String implName, AuthManagerConfig config) Initialize this authentication manager.abstract boolean
Checks if this authenticator requires SSL client authentication.abstract boolean
isValueWriteable
(String name) Checks if the value of the given property should be serializable into the request.abstract void
Populates authentication specific information into the request for auditing purposes.void
setAuthenticationConfig
(AuthenticationConfig authenticationConfig) void
setCMSEngine
(CMSEngine engine) abstract void
shutdown()
Prepare this authentication manager for a shutdown.
-
Field Details
-
AUTHENTICATED_NAME
- See Also:
-
CRED_SSL_CLIENT_CERT
- See Also:
-
CRED_CMC_SIGNING_CERT
- See Also:
-
CRED_CMC_SELF_SIGNED
- See Also:
-
CRED_CERT_SERIAL_TO_REVOKE
Standard credential for client cert's serial number from revocation.- See Also:
-
CRED_SESSION_ID
- See Also:
-
CRED_HOST_NAME
- See Also:
-
engine
-
authenticationConfig
-
mName
-
mImplName
-
mConfig
-
mConfigParams
-
-
Constructor Details
-
AuthManager
public AuthManager()
-
-
Method Details
-
getCMSEngine
-
setCMSEngine
-
getAuthenticationConfig
-
setAuthenticationConfig
-
getName
Get the name of this authentication manager instance.- Returns:
- the name of this authentication manager.
-
getName
Retrieves the localizable name of this policy.- Parameters:
locale
- end user locale- Returns:
- localized authenticator name
-
getImplName
Get name of authentication manager plugin.- Returns:
- the name of the authentication manager plugin.
-
getText
Retrieves the localizable description of this policy.- Parameters:
locale
- end user locale- Returns:
- localized authenticator description
-
getConfigStore
Get the configuration store for this authentication manager.- Returns:
- The configuration store of this authentication manager.
-
getConfigParams
Get configuration parameters for this implementation. The configuration parameters returned is passed to the configuration console so configuration for instances of this implementation can be made through the console.- Returns:
- a list of configuration parameters.
- Throws:
EBaseException
- If an internal error occurred
-
getValueNames
Retrieves a list of names of the property.- Returns:
- a list of property names
-
getValueDescriptor
Retrieves the descriptor of the given value property by name.- Parameters:
locale
- user localename
- property name- Returns:
- descriptor of the requested property
-
isValueWriteable
Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.- Parameters:
name
- property name- Returns:
- true if the property is not security related
-
isSSLClientRequired
public abstract boolean isSSLClientRequired()Checks if this authenticator requires SSL client authentication.- Returns:
- client authentication required or not
-
init
public abstract void init(AuthenticationConfig authenticationConfig, String name, String implName, AuthManagerConfig config) throws EBaseException Initialize this authentication manager.- Parameters:
name
- The name of this authentication manager instance.implName
- The name of the authentication manager plugin.config
- The configuration store for this authentication manager.- Throws:
EBaseException
- If an initialization error occurred.
-
init
Initializes this default policy.- Parameters:
config
- configuration store- Throws:
EProfileException
- failed to initialize
-
authenticate
public abstract AuthToken authenticate(AuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, EBaseException Authenticate the given credentials.- Parameters:
authCred
- The authentication credentials- Returns:
- authentication token
- Throws:
EMissingCredential
- If a required credential for this authentication manager is missing.EInvalidCredentials
- If credentials cannot be authenticated.EBaseException
- If an internal error occurred.
-
populate
Populates authentication specific information into the request for auditing purposes.- Parameters:
token
- authentication tokenrequest
- request- Throws:
EProfileException
- failed to populate
-
shutdown
public abstract void shutdown()Prepare this authentication manager for a shutdown. Called when the server is exiting for any cleanup needed. -
getRequiredCreds
Gets a list of the required credentials for this authentication manager.- Returns:
- The required credential attributes.
-