Package de.xima.fc.api.system

Class AuthenticationAPI

  • public class AuthenticationAPI
extends ASubAPI
    Author:
    XIMA MEDIA GmbH

    • Constructor Detail

      • AuthenticationAPI

        public AuthenticationAPI()

    • Method Detail

      • getActiveClientDescriptor

        public IClientDescriptor getActiveClientDescriptor​(UserContext uc,
                                                   String clientName)
        Returns the client descriptor for the given client name. The client needs to be active.
        Parameters:
        uc - user context for accessing the database.
        clientName - name of the client.
        Returns:
        the client descriptor for the given client name iff it is active and null otherwise.
        Since:
        8.0.0

      • getActiveClientDescriptors

        public Map<String,​IClientDescriptor> getActiveClientDescriptors​(UserContext uc,
                                                                      Set<String> clientNames)
        Returns the client descriptors for the given client names. The clients need to be active.
        Parameters:
        uc - user context for accessing the database.
        clientNames - names of the clients.
        Returns:
        the client descriptors for the given client names iff they are active as a map. The keys of the map entries are the client names.
        Since:
        8.0.0

      • getBackendClientDescriptors

        public List<IClientDescriptor> getBackendClientDescriptors​(UserContext uc)
        Finds all active client descriptors that are configured for the backend in order. Clients with credentials authenticators are at the beginning of the list.
        Parameters:
        uc - user context for accessing the database.
        Returns:
        ordered list of all client descriptors configured for the backend.
        Since:
        8.0.0

      • getBackendInputClientDescriptors

        public List<IClientDescriptor> getBackendInputClientDescriptors​(UserContext uc)
        Finds all active client descriptors that are configured for the backend and require direct input of creadentials (in order).
        Parameters:
        uc - user context for accessing the database.
        Returns:
        ordered list of all active client descriptors configured for the backend that require direct input of user credentials.

      • getBackendRedirectClientDescriptors

        public List<IClientDescriptor> getBackendRedirectClientDescriptors​(UserContext uc)
        Finds all active client descriptors that are configured for the backend and redirect the user to an external IDP (in order).
        Parameters:
        uc - user context for accessing the database.
        Returns:
        ordered list of all active client descriptors configured for the backend and redirect the user to an external IDP.
        Since:
        8.0.0

      • getClientDescriptorByProfile

        @Nullable
public IClientDescriptor getClientDescriptorByProfile​(UserContext uc,
                                                      String clientName)
        Returns the client for the given client name.
        Parameters:
        uc - user context for accessing the database.
        clientName - name of the client (callback UUID or authentication client type nam).
        Returns:
        the pac4j client for the given client name or null if none could be found.
        Since:
        8.0.0

      • getRestClientDescriptors

        public Set<IClientDescriptor> getRestClientDescriptors​(UserContext uc)
        Finds all active client descriptors that are available for the REST API.
        Parameters:
        uc - user context for accessing the database.
        Returns:
        a set of all active client descriptors available for the REST API.
        Since:
        8.2.0

      • getUserProfileByCredentials

        public org.pac4j.core.profile.UserProfile getUserProfileByCredentials​(UserContext uc,
                                                                      UUID callbackUuid,
                                                                      String userName,
                                                                      String password)
        Gets the user profile for the given authenticator. Only allowed for LDAP authenticators at the moment.
        Parameters:
        uc - user context for accessing the database.
        callbackUuid - callback UUID of the authenticator
        userName - of the user
        password - of the user
        Returns:
        the pac4j UserProfile of the user if the user was successfully validated.
        Since:
        8.0.0

      • isTwoFactorAuthenticationRequired

        public boolean isTwoFactorAuthenticationRequired​(IUser user)
        Checks if two-factor authentication is required for the given user.
        Parameters:
        user - the user to check
        Returns:
        true if two-factor authentication is required, false otherwise
        Throws:
        IllegalArgumentException - if the user is null or not authenticated
        Since:
        8.4.0

      • hasReachedMaxTokenLimit

        public boolean hasReachedMaxTokenLimit​(IUser user)
        Returns whether the user has reached the maximum number of temporary MFA tokens allowed.
        Parameters:
        user - the user to check for maximum token limit
        Returns:
        true if the user has reached the maximum token limit, false otherwise
        Throws:
        IllegalArgumentException - if the user is null or does not have a profile