|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
public interface AuthenticationStrategy
A AuthenticationStrategy implementation assists the ModularRealmAuthenticator during the
log-in process in a pluggable realm (PAM) environment.
The ModularRealmAuthenticator will consult implementations of this interface on what to do during each
interaction with the configured Realms. This allows a pluggable strategy of whether or not an authentication
attempt must be successful for all realms, only 1 or more realms, no realms, etc.
AllSuccessfulStrategy,
AtLeastOneSuccessfulStrategy,
FirstSuccessfulStrategy| Method Summary | |
|---|---|
AuthenticationInfo |
afterAllAttempts(AuthenticationToken token,
AuthenticationInfo aggregate)
Method invoked by the ModularAuthenticator signifying that all of its configured Realms have been consulted for account data, allowing post-proccessing after all realms have completed. |
AuthenticationInfo |
afterAttempt(Realm realm,
AuthenticationToken token,
AuthenticationInfo singleRealmInfo,
AuthenticationInfo aggregateInfo,
Throwable t)
Method invoked by the ModularAuthenticator just after the given realm has been consulted for authentication, allowing post-authentication-attempt logic for that realm only. |
AuthenticationInfo |
beforeAllAttempts(Collection<? extends Realm> realms,
AuthenticationToken token)
Method invoked by the ModularAuthenticator signifying that the authentication process is about to begin for the specified token - called before any Realm is actually invoked. |
AuthenticationInfo |
beforeAttempt(Realm realm,
AuthenticationToken token,
AuthenticationInfo aggregate)
Method invoked by the ModularAuthenticator just prior to the realm being consulted for account data, allowing pre-authentication-attempt logic for that realm only. |
| Method Detail |
|---|
AuthenticationInfo beforeAllAttempts(Collection<? extends Realm> realms,
AuthenticationToken token)
throws AuthenticationException
token - called before any Realm is actually invoked.
The AuthenticationInfo object returned from this method is essentially an empty place holder for
aggregating account data across multiple realms. It should be populated by the strategy implementation over the
course of authentication attempts across the multiple realms. It will be passed into the
beforeAttempt(org.apache.shiro.realm.Realm, org.apache.shiro.authc.AuthenticationToken, org.apache.shiro.authc.AuthenticationInfo) calls, allowing inspection of the aggregated account data up to that point in the
multi-realm authentication, allowing any logic to be executed accordingly.
realms - the Realms that will be consulted during the authentication process for the specified token.token - the Principal/Credential representation to be used during authentication for a corresponding subject.
AuthenticationException - if the strategy implementation does not wish the Authentication attempt to execute.
AuthenticationInfo beforeAttempt(Realm realm,
AuthenticationToken token,
AuthenticationInfo aggregate)
throws AuthenticationException
This method returns an AuthenticationInfo object that will be used for further interaction with realms. Most
implementations will merely return the aggregate method argument if they don't have a need to
manipulate it.
realm - the realm that will be consulted for AuthenticationInfo for the specified token.token - the AuthenticationToken submitted for the subject attempting system log-in.aggregate - the aggregated AuthenticationInfo object being used across the multi-realm authentication attempt
aggregate method argument is the normal case if no special action needs to be taken.
AuthenticationException - an exception thrown by the Strategy implementation if it wishes the login
process for the associated subject (user) to stop immediately.
AuthenticationInfo afterAttempt(Realm realm,
AuthenticationToken token,
AuthenticationInfo singleRealmInfo,
AuthenticationInfo aggregateInfo,
Throwable t)
throws AuthenticationException
This method returns an AuthenticationInfo object that will be used for further interaction with realms. Most
implementations will merge the singleRealmInfo into the aggregateInfo and
just return the aggregateInfo for continued use throughout the authentication process.
realm - the realm that was just consulted for AuthenticationInfo for the given token.token - the AuthenticationToken submitted for the subject attempting system log-in.singleRealmInfo - the info returned from a single realm.aggregateInfo - the aggregate info representing all realms in a multi-realm environment.t - the Throwable thrown by the Realm during the attempt, or null if the method returned normally.
aggregateAccount method argument is the normal case if no special action needs to be taken.
AuthenticationException - an exception thrown by the Strategy implementation if it wishes the login process
for the associated subject (user) to stop immediately.
AuthenticationInfo afterAllAttempts(AuthenticationToken token,
AuthenticationInfo aggregate)
throws AuthenticationException
Returns the final AuthenticationInfo object that will be returned from the Authenticator to the authenticate() caller. This is most likely the aggregate AuthenticationInfo object that has been populated by many realms, but the actual return value is always up to the implementation.
token - the AuthenticationToken submitted for the subject attempting system log-in.aggregate - the aggregate AuthenticationInfo instance populated by all realms during the log-in attempt.
AuthenticationInfo object to return to the Authenticator.authenticate() caller.
AuthenticationException - if the Strategy implementation wishes to fail the authentication attempt.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||