Package de.xima.fc.handler.interfaces.system

Interface IAuthenticationHandler

    • Method Detail

      • checkTwoFactorAuthentication

        MfaTempTokenInfoDto checkTwoFactorAuthentication​(IUser user)
                                          throws UserMfaTempTokenMaxException
        Checks if two-factor authentication is required for the given user.
        Parameters:
        user - the user to check
        Returns:
        a TwoFactorAuthenticationRequiredDto if two-factor authentication is required, or null if it is not required
        Throws:
        UserMfaTempTokenMaxException - if the maximum number of temporary tokens for two-factor authentication has been reached
        IllegalArgumentException - if the user is null or not authenticated
        Since:
        8.4.0

      • getActiveClientDescriptor

        IClientDescriptor getActiveClientDescriptor​(UserContext uc,
                                            String clientName)
        Returns the client descriptor for the given client name. The client needs to be active.
        Parameters:
        uc - user context for accessing the database.
        clientName - name of the client.
        Returns:
        the client descriptor for the given client name iff it is active and null otherwise.
        Since:
        8.0.0

      • getActiveClientDescriptors

        Map<String,​IClientDescriptor> getActiveClientDescriptors​(UserContext uc,
                                                               Set<String> clientNames)
        Returns the client descriptors for the given client names. The clients need to be active.
        Parameters:
        uc - user context for accessing the database.
        clientNames - names of the clients.
        Returns:
        the client descriptors for the given client names iff they are active as a map. The keys of the map entries are the client names.
        Since:
        8.0.0

      • getAuthenticator

        IAuthenticator<?> getAuthenticator​(UserContext uc,
                                   UUID callbackUuid)
        Returns the authenticator with the given callback UUID.
        Parameters:
        uc - User context for accessing the database.
        callbackUuid - Callback UUI of the authenticator
        Returns:
        authenticator with the given callback UUID.
        Since:
        7.2.0

      • getBackendClientDescriptors

        List<IClientDescriptor> getBackendClientDescriptors​(UserContext uc)
        Finds all active client descriptors that are configured for the backend in order. Clients with credentials authenticators are at the beginning of the list.
        Parameters:
        uc - user context for accessing the database.
        Returns:
        ordered list of all active client descriptors configured for the backend.
        Since:
        8.0.0

      • getBackendInputClientDescriptors

        List<IClientDescriptor> getBackendInputClientDescriptors​(UserContext uc)
        Finds all active client descriptors that are configured for the backend and that require direct input of credentials in order.
        Parameters:
        uc - user context for accessing the database.
        Returns:
        ordered list of all active client descriptors configured for the backend and require direct input of credentials.
        Since:
        8.0.0

      • getBackendRedirectClientDescriptors

        List<IClientDescriptor> getBackendRedirectClientDescriptors​(UserContext uc)
        Finds all active client descriptors that are configured for the backend and redirect the user to an external IDP (in order).
        Parameters:
        uc - user context for accessing the database.
        Returns:
        ordered list of all active client descriptors configured for the backend and redirect the user to an external IDP.
        Since:
        8.0.0

      • getClientDescriptor

        @Nullable
IClientDescriptor getClientDescriptor​(UserContext uc,
                                      String clientName)
        Returns the client for the given client name.
        Parameters:
        uc - user context for accessing the database.
        clientName - name of the client (callback UUID or authentication client type nam).
        Returns:
        the pac4j client for the given client name or null if none could be found.
        Since:
        8.0.0

      • getClientDescriptorsByTenant

        List<IClientDescriptor> getClientDescriptorsByTenant​(UserContext uc,
                                                     UUID tenantUuid)
        Returns the client descriptor for the tenant with the given UUID.
        Parameters:
        uc - user context for accessing the database.
        tenantUuid - the UUID of the tenant.
        Returns:
        a list of client descriptors for the tenant with the given UUID ordered first by whether the client descriptor is a client descriptor of the tenant or a system client descriptor and then by the name of the client descriptor.
        Since:
        8.4.0

      • getClientDescriptorsByUserPortal

        PagedResult<IClientDescriptor> getClientDescriptorsByUserPortal​(UserContext uc,
                                                                UserPortal userPortal,
                                                                int page,
                                                                int pageSize)
        Gets all client descriptors available for the given user portal
        Parameters:
        uc - user context for database transactions.
        userPortal - to get the client descriptors for.
        page - to get.
        pageSize - size of the page to get.
        Returns:
        the client descriptors available for the given user portal
        Throws:
        de.xima.cmn.http.exception.NotFoundException - if the user portal could not be found.
        Since:
        8.2.0

      • getClientDescriptorsByUserPortal

        PagedResult<IClientDescriptor> getClientDescriptorsByUserPortal​(UserContext uc,
                                                                UUID userPortalUuid,
                                                                int page,
                                                                int pageSize)
        Gets all client descriptors available for the user portal given by its UUID.
        Parameters:
        uc - user context for database transactions.
        userPortalUuid - UUID of the user portal to get the client descriptors for.
        page - page to get.
        pageSize - size of the page to get.
        Returns:
        the client descriptors available for the user portal given by its UUID.
        Throws:
        de.xima.cmn.http.exception.NotFoundException - if the user portal with the given UUID could not be found.
        Since:
        8.2.0

      • getRestClientDescriptors

        Set<IClientDescriptor> getRestClientDescriptors​(UserContext uc)
        Finds all active client descriptors that are available for the REST API.
        Parameters:
        uc - user context for accessing the database.
        Returns:
        a set of all active client descriptors available for the REST API.
        Since:
        8.2.0

      • getUserProfileByCredentials

        org.pac4j.core.profile.UserProfile getUserProfileByCredentials​(UserContext uc,
                                                               UUID callbackUuid,
                                                               String userName,
                                                               String password)
        Gets the user profile for the given authenticator. Only allowed for LDAP authenticators at the moment.
        Parameters:
        uc - User context for accessing the database.
        callbackUuid - Callback UUID of the authenticator
        userName - Name of the user
        password - Password of the user
        Returns:
        the pac4j UserProfile of the user if the user was successfully validated.
        Since:
        8.0.0

      • isTwoFactorAuthenticationRequired

        boolean isTwoFactorAuthenticationRequired​(IUser user)
        Checks if two-factor authentication is required for the given user.
        Parameters:
        user - the user to check
        Returns:
        true if two-factor authentication is required, false otherwise
        Throws:
        IllegalArgumentException - if the user is null or not authenticated
        Since:
        8.4.0

      • hasReachedMaxTokenLimit

        boolean hasReachedMaxTokenLimit​(IUser user)
        Returns whether the user has reached the maximum number of temporary MFA tokens allowed.
        Parameters:
        user - the user to check for maximum token limit
        Returns:
        true if the user has reached the maximum token limit, false otherwise
        Throws:
        IllegalArgumentException - if the user is null or does not have a profile