Package com.netscape.cms.authentication
Class TokenAuthentication
java.lang.Object
com.netscape.cms.authentication.TokenAuthentication
- All Implemented Interfaces:
ProfileAuthenticator
,AuthManager
Token authentication.
Checked if the given token is valid.
- Version:
- $Revision$, $Date$
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
static org.slf4j.Logger
protected static String[]
protected String[]
Fields inherited from interface org.dogtagpki.server.authentication.AuthManager
CRED_CERT_SERIAL_TO_REVOKE, CRED_CMC_SELF_SIGNED, CRED_CMC_SIGNING_CERT, CRED_HOST_NAME, CRED_SSL_CLIENT_CERT
Fields inherited from interface com.netscape.cms.profile.ProfileAuthenticator
AUTHENTICATED_NAME
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionauthenticate
(IAuthCredentials authCred) authenticates user(agent) by certificateString[]
get the list of configuration parameter names required by this authentication manager.gets the configuretion substore used by this authentication managerGets the plugin name of authentication manager.getName()
Gets the name of this authentication manager.Retrieves the localizable name of this policy.String[]
get the list of authentication credential attribute names required by this authentication manager.Retrieves the localizable description of this policy.getValueDescriptor
(Locale locale, String name) Retrieves the descriptor of the given value parameter by name.Retrieves a list of names of the value parameter.void
init
(Profile profile, ConfigStore config) Initializes this default policy.void
init
(String name, String implName, AuthManagerConfig config) initializes the TokenAuthentication auth managerboolean
Checks if this authenticator requires SSL client authentication.boolean
isValueWriteable
(String name) Checks if the value of the given property should be serializable into the request.void
populate
(IAuthToken token, Request request) Populates authentication specific information into the request for auditing purposes.void
shutdown()
prepare this authentication manager for shutdown.
-
Field Details
-
logger
public static org.slf4j.Logger logger -
CRED_SESSION_ID
- See Also:
-
mRequiredCreds
-
mConfigParams
-
-
Constructor Details
-
TokenAuthentication
public TokenAuthentication()
-
-
Method Details
-
init
initializes the TokenAuthentication auth managercalled by AuthSubsystem init() method, when initializing all available authentication managers.
- Specified by:
init
in interfaceAuthManager
- Parameters:
name
- The name of this authentication manager instance.implName
- The name of the authentication manager plugin.config
- The configuration store for this authentication manager.- Throws:
EBaseException
- If an initialization error occurred.
-
getName
Gets the name of this authentication manager.- Specified by:
getName
in interfaceAuthManager
- Returns:
- the name of this authentication manager.
-
getImplName
Gets the plugin name of authentication manager.- Specified by:
getImplName
in interfaceAuthManager
- Returns:
- the name of the authentication manager plugin.
-
isSSLClientRequired
public boolean isSSLClientRequired()Description copied from interface:ProfileAuthenticator
Checks if this authenticator requires SSL client authentication.- Specified by:
isSSLClientRequired
in interfaceProfileAuthenticator
- Returns:
- client authentication required or not
-
authenticate
public IAuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, EBaseException authenticates user(agent) by certificatecalled by other subsystems or their servlets to authenticate users (agents)
- Specified by:
authenticate
in interfaceAuthManager
- Parameters:
authCred
- - authentication credential that contains an usrgrp.Certificates of the user (agent)- Returns:
- the authentication token that contains the following
- Throws:
EMissingCredential
- If a required credential for this authentication manager is missing.EInvalidCredentials
- If credentials cannot be authenticated.EBaseException
- If an internal error occurred.- See Also:
-
getRequiredCreds
get the list of authentication credential attribute names required by this authentication manager. Generally used by the servlets that handle agent operations to authenticate its users. It calls this method to know which are the required credentials from the user (e.g. Javascript form data)- Specified by:
getRequiredCreds
in interfaceAuthManager
- Returns:
- attribute names in Vector
-
getConfigParams
get the list of configuration parameter names required by this authentication manager. Generally used by the Certificate Server Console to display the table for configuration purposes. CertUserDBAuthentication is currently not exposed in this case, so this method is not to be used.- Specified by:
getConfigParams
in interfaceAuthManager
- Returns:
- configuration parameter names in Hashtable of Vectors where each hashtable entry's key is the substore name, value is a Vector of parameter names. If no substore, the parameter name is the Hashtable key itself, with value same as key.
-
shutdown
public void shutdown()prepare this authentication manager for shutdown.- Specified by:
shutdown
in interfaceAuthManager
-
getConfigStore
gets the configuretion substore used by this authentication manager- Specified by:
getConfigStore
in interfaceAuthManager
- Specified by:
getConfigStore
in interfaceProfileAuthenticator
- Returns:
- configuration store
-
init
Description copied from interface:ProfileAuthenticator
Initializes this default policy.- Specified by:
init
in interfaceProfileAuthenticator
- Parameters:
profile
- owner of this authenticatorconfig
- configuration store- Throws:
EProfileException
- failed to initialize
-
getName
Retrieves the localizable name of this policy.- Specified by:
getName
in interfaceProfileAuthenticator
- Parameters:
locale
- end user locale- Returns:
- localized authenticator name
-
getText
Retrieves the localizable description of this policy.- Specified by:
getText
in interfaceProfileAuthenticator
- Parameters:
locale
- end user locale- Returns:
- localized authenticator description
-
getValueNames
Retrieves a list of names of the value parameter.- Specified by:
getValueNames
in interfaceProfileAuthenticator
- Returns:
- a list of property names
-
isValueWriteable
Description copied from interface:ProfileAuthenticator
Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.- Specified by:
isValueWriteable
in interfaceProfileAuthenticator
- Parameters:
name
- property name- Returns:
- true if the property is not security related
-
getValueDescriptor
Retrieves the descriptor of the given value parameter by name.- Specified by:
getValueDescriptor
in interfaceProfileAuthenticator
- Parameters:
locale
- user localename
- property name- Returns:
- descriptor of the requested property
-
populate
Description copied from interface:ProfileAuthenticator
Populates authentication specific information into the request for auditing purposes.- Specified by:
populate
in interfaceProfileAuthenticator
- Parameters:
token
- authentication tokenrequest
- request- Throws:
EProfileException
- failed to populate
-