|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface AuthenticationStrategy
A AuthenticationStrategy
implementation assists the ModularRealmAuthenticator
during the
log-in process in a pluggable realm (PAM) environment.
The ModularRealmAuthenticator
will consult implementations of this interface on what to do during each
interaction with the configured Realms. This allows a pluggable strategy of whether or not an authentication
attempt must be successful for all realms, only 1 or more realms, no realms, etc.
AllSuccessfulStrategy
,
AtLeastOneSuccessfulStrategy
,
FirstSuccessfulStrategy
Method Summary | |
---|---|
AuthenticationInfo |
afterAllAttempts(AuthenticationToken token,
AuthenticationInfo aggregate)
Method invoked by the ModularAuthenticator signifying that all of its configured Realms have been consulted for account data, allowing post-proccessing after all realms have completed. |
AuthenticationInfo |
afterAttempt(Realm realm,
AuthenticationToken token,
AuthenticationInfo singleRealmInfo,
AuthenticationInfo aggregateInfo,
Throwable t)
Method invoked by the ModularAuthenticator just after the given realm has been consulted for authentication, allowing post-authentication-attempt logic for that realm only. |
AuthenticationInfo |
beforeAllAttempts(Collection<? extends Realm> realms,
AuthenticationToken token)
Method invoked by the ModularAuthenticator signifying that the authentication process is about to begin for the specified token - called before any Realm is actually invoked. |
AuthenticationInfo |
beforeAttempt(Realm realm,
AuthenticationToken token,
AuthenticationInfo aggregate)
Method invoked by the ModularAuthenticator just prior to the realm being consulted for account data, allowing pre-authentication-attempt logic for that realm only. |
Method Detail |
---|
AuthenticationInfo beforeAllAttempts(Collection<? extends Realm> realms, AuthenticationToken token) throws AuthenticationException
token
- called before any Realm
is actually invoked.
The AuthenticationInfo
object returned from this method is essentially an empty place holder for
aggregating account data across multiple realms. It should be populated by the strategy implementation over the
course of authentication attempts across the multiple realms. It will be passed into the
beforeAttempt(org.apache.shiro.realm.Realm, org.apache.shiro.authc.AuthenticationToken, org.apache.shiro.authc.AuthenticationInfo)
calls, allowing inspection of the aggregated account data up to that point in the
multi-realm authentication, allowing any logic to be executed accordingly.
realms
- the Realms that will be consulted during the authentication process for the specified token.token
- the Principal/Credential representation to be used during authentication for a corresponding subject.
AuthenticationException
- if the strategy implementation does not wish the Authentication attempt to execute.AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException
This method returns an AuthenticationInfo
object that will be used for further interaction with realms. Most
implementations will merely return the aggregate
method argument if they don't have a need to
manipulate it.
realm
- the realm that will be consulted for AuthenticationInfo
for the specified token
.token
- the AuthenticationToken
submitted for the subject attempting system log-in.aggregate
- the aggregated AuthenticationInfo object being used across the multi-realm authentication attempt
aggregate
method argument is the normal case if no special action needs to be taken.
AuthenticationException
- an exception thrown by the Strategy implementation if it wishes the login
process for the associated subject (user) to stop immediately.AuthenticationInfo afterAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo singleRealmInfo, AuthenticationInfo aggregateInfo, Throwable t) throws AuthenticationException
This method returns an AuthenticationInfo
object that will be used for further interaction with realms. Most
implementations will merge the singleRealmInfo
into the aggregateInfo
and
just return the aggregateInfo
for continued use throughout the authentication process.
realm
- the realm that was just consulted for AuthenticationInfo
for the given token
.token
- the AuthenticationToken
submitted for the subject attempting system log-in.singleRealmInfo
- the info returned from a single realm.aggregateInfo
- the aggregate info representing all realms in a multi-realm environment.t
- the Throwable thrown by the Realm during the attempt, or null
if the method returned normally.
aggregateAccount
method argument is the normal case if no special action needs to be taken.
AuthenticationException
- an exception thrown by the Strategy implementation if it wishes the login process
for the associated subject (user) to stop immediately.AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException
Returns the final AuthenticationInfo object that will be returned from the Authenticator to the authenticate() caller. This is most likely the aggregate AuthenticationInfo object that has been populated by many realms, but the actual return value is always up to the implementation.
token
- the AuthenticationToken
submitted for the subject attempting system log-in.aggregate
- the aggregate AuthenticationInfo
instance populated by all realms during the log-in attempt.
AuthenticationInfo
object to return to the Authenticator.authenticate() caller.
AuthenticationException
- if the Strategy implementation wishes to fail the authentication attempt.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |