|
Jive Forums API (5.5.20.2-oracle) Developer Javadocs | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.jivesoftware.base.AuthFactory
public abstract class AuthFactory
An abstract class that defines a framework for providing authentication services in Jive. The static getAuthToken(String, String), getAuthToken(HttpServletRequest, HttpServletResponse), and getAnonymousAuthToken() methods should be called directly from applications using Jive in order to obtain an AuthToken.
Users of Jive that wish to change the AuthFactory implementation used to generate
tokens can set the AuthFactory.className
Jive property. For example, if
you have altered Jive to use LDAP for user information, you'd want to write a custom
implementation of AuthFactory to make LDAP authToken queries. After changing the
AuthFactory.className
Jive property, you must restart your application
server.
The getAuthToken method that takes servlet request and response objects as arguments can be used to implement single sign-on. Additionally, two helper methods are provided for securely encrypting and decrypting login information so that it can be stored as a cookie value to implement auto-login.
Field Summary | |
---|---|
protected static EncryptionUtil |
cipher
|
static java.lang.String |
COOKIE_AUTOLOGIN
Name of the cookie used to store user info for auto-login purposes. |
static java.lang.String |
COOKIE_JIVE_SERVER_INFO
Cookie used for things like akamai to tell information about a specific server. |
static java.lang.String |
COOKIE_LOGGED_IN
Cookie used to show that the current user is logged in. |
static java.lang.String |
SESSION_AUTHORIZATION
Name of the key in a user's session that AuthToken tokens are customarily stored at. |
Constructor Summary | |
---|---|
AuthFactory()
|
Method Summary | |
---|---|
protected void |
addServerInfoCookie(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
|
protected void |
checkAuthorization(AuthToken authToken,
javax.servlet.http.HttpServletRequest request)
Checks if the specified AuthToken is authorized. |
static void |
checkIfBanned(AuthToken authToken,
javax.servlet.http.HttpServletRequest request)
This will check to see if user is banned. |
protected void |
clearSessionUserInfo(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Concrete subclasses may wish to override this method to destroy session info as appropriate. |
protected abstract AuthToken |
createAnonymousAuthToken()
Creates anonymous AuthToken tokens. |
protected AuthToken |
createAuthToken(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Creates AuthToken tokens based on information from servlet request and response objects. |
protected abstract AuthToken |
createAuthToken(java.lang.String username,
java.lang.String password)
Creates AuthToken tokens for users. |
protected AuthToken |
createSessionUserInfo(java.lang.String username,
java.lang.String password,
boolean autoLogin,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Concrete subclasses may wish to override this method to create session info as appropriate. |
static java.lang.String[] |
decryptAuthInfo(java.lang.String value)
Utility method that decrypts a String built by the encryptAuthInfo method containing a username and password. |
static java.lang.String |
encryptAuthInfo(java.lang.String username,
java.lang.String password)
Utility method that builds an encrypted String containing a username and password, which is useful for storing as a cookie. |
static void |
forceReload()
Method used internally by Jive. |
static AuthToken |
getAnonymousAuthToken()
Returns an anonymous user AuthToken. |
static AuthToken |
getAuthToken(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Returns the AuthToken token associated with the information in a servlet request and response object. |
static AuthToken |
getAuthToken(java.lang.String username,
java.lang.String password)
Returns the AuthToken token associated with the specified username and password. |
protected static java.lang.String |
getServerInfoCookieProperty(javax.naming.InitialContext ctx,
java.lang.String property,
java.lang.String defaultVal)
This method will see if a property for the jive.server.info cookie is on the initial context under java:comp/env/jive/{myprop} if not found there it will check jive local properties for the property under jive.server.info. |
static AuthToken |
loginUser(java.lang.String username,
java.lang.String password,
boolean autoLogin,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
This method is a method for logging a user in and creating the appropriate session variables and/or cookies to keep state. |
static void |
logoutUser(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
This method is a method for logging a user out and destroying or resetting the appropriate session variables and/or cookies to keep state. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String SESSION_AUTHORIZATION
public static final java.lang.String COOKIE_AUTOLOGIN
public static final java.lang.String COOKIE_LOGGED_IN
public static final java.lang.String COOKIE_JIVE_SERVER_INFO
protected static EncryptionUtil cipher
Constructor Detail |
---|
public AuthFactory()
Method Detail |
---|
public static AuthToken getAuthToken(java.lang.String username, java.lang.String password) throws UnauthorizedException
When using most implementations of this class, authToken tokens should be cached. A convenient place to store a token is often in the HttpSession.
username
- the username to create an AuthToken with.password
- the password to create an AuthToken with.
UnauthorizedException
- if the username and password do not match any existing user.public static AuthToken getAuthToken(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws UnauthorizedException
request
- a HttpServletRequest object.response
- a HttpServletResponse object.
UnauthorizedException
- if no authToken information is found.public static AuthToken getAnonymousAuthToken()
public static java.lang.String encryptAuthInfo(java.lang.String username, java.lang.String password)
username
- the username to encode.password
- the password to encode.
public static java.lang.String[] decryptAuthInfo(java.lang.String value) throws javax.crypto.IllegalBlockSizeException
value
- the encrypted String.
{ null, null }
if value equals null or the empty string.
javax.crypto.IllegalBlockSizeException
- if the block size isn't a valid valueprotected abstract AuthToken createAuthToken(java.lang.String username, java.lang.String password) throws UnauthorizedException
username
- the username to create an AuthToken with.password
- the password to create an AuthToken with.
UnauthorizedException
- if the username and password do not match any existing user.protected AuthToken createAuthToken(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws UnauthorizedException
If this method is not overwriten by a concrete subclass of AuthFactory, then the following default behavior will be used to search for login information:
request
- a HttpServletRequest object.response
- a HttpServletResponse object.
UnauthorizedException
- if no authToken information is found.protected abstract AuthToken createAnonymousAuthToken()
public static AuthToken loginUser(java.lang.String username, java.lang.String password, boolean autoLogin, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws UnauthorizedException
username
- the username to create an AuthToken with.password
- the password to create an AuthToken with.autoLogin
- whether autoLogin capability is requested or not.request
- a HttpServletRequest object.response
- a HttpServletResponse object.
UnauthorizedException
- if the username and password do not match any existing user.protected AuthToken createSessionUserInfo(java.lang.String username, java.lang.String password, boolean autoLogin, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws UnauthorizedException
username
- the username to create an AuthToken with.password
- the password to create an AuthToken with.autoLogin
- whether autoLogin capability is requested or not.request
- a HttpServletRequest object.response
- a HttpServletResponse object.
UnauthorizedException
- if the username and password do not match any existing user.protected void addServerInfoCookie(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected void checkAuthorization(AuthToken authToken, javax.servlet.http.HttpServletRequest request) throws UnauthorizedException
authToken
- the auth token to checkrequest
- the current request
UnauthorizedException
- if the auth token is not authorizedpublic static void checkIfBanned(AuthToken authToken, javax.servlet.http.HttpServletRequest request)
authToken
- the auth tokenrequest
- the httpservlet request
UnauthorizedException
public static void logoutUser(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
request
- a HttpServletRequest object.response
- a HttpServletResponse object.public static void forceReload()
protected void clearSessionUserInfo(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
request
- a HttpServletRequest object.response
- a HttpServletResponse object.protected static java.lang.String getServerInfoCookieProperty(javax.naming.InitialContext ctx, java.lang.String property, java.lang.String defaultVal)
ctx
- used to look up values in the jndi contextproperty
- The property to lookupdefaultVal
- The default value if no values is found
|
Jive Forums Project Page | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |