Package de.xima.fc.handler.system
Class AuthenticationHandler
- java.lang.Object
-
- de.xima.fc.handler.AMSApiHandler
-
- de.xima.fc.handler.system.AuthenticationHandler
-
- All Implemented Interfaces:
IAPIHandler,IAuthenticationHandler,Serializable
public class AuthenticationHandler extends AMSApiHandler implements IAuthenticationHandler
- Author:
- XIMA MEDIA GmbH
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description AuthenticationHandler()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description MfaTempTokenInfoDtocheckTwoFactorAuthentication(IUser user)Checks if two-factor authentication is required for the given user.IClientDescriptorgetActiveClientDescriptor(UserContext uc, String clientName)Returns the client descriptor for the given client name.Map<String,IClientDescriptor>getActiveClientDescriptors(UserContext uc, Set<String> clientNames)Returns the client descriptors for the given client names.IAuthenticator<?>getAuthenticator(UserContext uc, UUID callbackUuid)Returns the authenticator with the given callback UUID.List<IClientDescriptor>getBackendClientDescriptors(UserContext uc)Finds all active client descriptors that are configured for the backend in order.List<IClientDescriptor>getBackendInputClientDescriptors(UserContext uc)Finds all active client descriptors that are configured for the backend and that require direct input of credentials in order.List<IClientDescriptor>getBackendRedirectClientDescriptors(UserContext uc)Finds all active client descriptors that are configured for the backend and redirect the user to an external IDP (in order).static IClientDescriptorgetClient(IEntityContext ec, String clientName)Returns theclientfor the given client name.IClientDescriptorgetClientDescriptor(UserContext uc, String clientName)Returns theclientfor the given client name.List<IClientDescriptor>getClientDescriptorsByTenant(UserContext uc, UUID tenantUuid)Returns the client descriptor for the tenant with the given UUID.PagedResult<IClientDescriptor>getClientDescriptorsByUserPortal(UserContext uc, UserPortal userPortal, int page, int pageSize)Gets all client descriptors available for the given user portalPagedResult<IClientDescriptor>getClientDescriptorsByUserPortal(UserContext uc, UUID userPortalUuid, int page, int pageSize)Gets all client descriptors available for the user portal given by its UUID.Set<String>getClientNamesByUserPortalAlias(UserContext uc, String portalAlias)Set<IClientDescriptor>getRestClientDescriptors(UserContext uc)Finds all active client descriptors that are available for the REST API.org.pac4j.core.profile.UserProfilegetUserProfileByCredentials(UserContext uc, UUID callbackUuid, String userName, String password)Gets the user profile for the given authenticator.booleanhasReachedMaxTokenLimit(IUser user)Returns whether the user has reached the maximum number of temporary MFA tokens allowed.booleanisTwoFactorAuthenticationRequired(IUser user)Checks if two-factor authentication is required for the given user.AuthenticationDataloadAuthRequestData(UserContext uc, AuthenticationDataRequest request)Reads the data required for authenticating a form request, including theform, theclient, and theauthenticator configurations.MfaTempTokenInfoDtorefreshMfaTempToken(String encrypt)MfaVerificationResultDtoverifyMfaCode(String code, String tempToken, boolean saveAuthentication)Verifies the provided MFA code against a temporary token.-
Methods inherited from class de.xima.fc.handler.AMSApiHandler
getName
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface de.xima.fc.com.interfaces.IAPIHandler
getName
-
-
-
-
Method Detail
-
getClient
@Nullable public static IClientDescriptor getClient(IEntityContext ec, String clientName)
Returns theclientfor the given client name.- Parameters:
ec- Current entity context for accessing the database.clientName- to get client descriptor for- Returns:
- the client for the given client name if available or
nullif none was found - Since:
- 8.0.0
-
checkTwoFactorAuthentication
public MfaTempTokenInfoDto checkTwoFactorAuthentication(IUser user) throws UserMfaTempTokenMaxException
Description copied from interface:IAuthenticationHandlerChecks if two-factor authentication is required for the given user.- Specified by:
checkTwoFactorAuthenticationin interfaceIAuthenticationHandler- Parameters:
user- the user to check- Returns:
- a TwoFactorAuthenticationRequiredDto if two-factor authentication is required, or null if it is not required
- Throws:
UserMfaTempTokenMaxException- if the maximum number of temporary tokens for two-factor authentication has been reached
-
getActiveClientDescriptor
public IClientDescriptor getActiveClientDescriptor(UserContext uc, String clientName)
Description copied from interface:IAuthenticationHandlerReturns the client descriptor for the given client name. The client needs to be active.- Specified by:
getActiveClientDescriptorin interfaceIAuthenticationHandler- Parameters:
uc- user context for accessing the database.clientName- name of the client.- Returns:
- the client descriptor for the given client name iff it is active and
nullotherwise.
-
getActiveClientDescriptors
public Map<String,IClientDescriptor> getActiveClientDescriptors(UserContext uc, Set<String> clientNames)
Description copied from interface:IAuthenticationHandlerReturns the client descriptors for the given client names. The clients need to be active.- Specified by:
getActiveClientDescriptorsin interfaceIAuthenticationHandler- Parameters:
uc- user context for accessing the database.clientNames- names of the clients.- Returns:
- the client descriptors for the given client names iff they are active as a map. The keys of the map entries are the client names.
-
getAuthenticator
public IAuthenticator<?> getAuthenticator(UserContext uc, UUID callbackUuid)
Description copied from interface:IAuthenticationHandlerReturns the authenticator with the given callback UUID.- Specified by:
getAuthenticatorin interfaceIAuthenticationHandler- Parameters:
uc- User context for accessing the database.callbackUuid- Callback UUI of the authenticator- Returns:
- authenticator with the given callback UUID.
-
getBackendClientDescriptors
public List<IClientDescriptor> getBackendClientDescriptors(UserContext uc)
Description copied from interface:IAuthenticationHandlerFinds all active client descriptors that are configured for the backend in order. Clients with credentials authenticators are at the beginning of the list.- Specified by:
getBackendClientDescriptorsin interfaceIAuthenticationHandler- Parameters:
uc- user context for accessing the database.- Returns:
- ordered list of all active client descriptors configured for the backend.
-
getBackendInputClientDescriptors
public List<IClientDescriptor> getBackendInputClientDescriptors(UserContext uc)
Description copied from interface:IAuthenticationHandlerFinds all active client descriptors that are configured for the backend and that require direct input of credentials in order.- Specified by:
getBackendInputClientDescriptorsin interfaceIAuthenticationHandler- Parameters:
uc- user context for accessing the database.- Returns:
- ordered list of all active client descriptors configured for the backend and require direct input of credentials.
-
getBackendRedirectClientDescriptors
public List<IClientDescriptor> getBackendRedirectClientDescriptors(UserContext uc)
Description copied from interface:IAuthenticationHandlerFinds all active client descriptors that are configured for the backend and redirect the user to an external IDP (in order).- Specified by:
getBackendRedirectClientDescriptorsin interfaceIAuthenticationHandler- Parameters:
uc- user context for accessing the database.- Returns:
- ordered list of all active client descriptors configured for the backend and redirect the user to an external IDP.
-
getClientDescriptor
@Nullable public IClientDescriptor getClientDescriptor(UserContext uc, String clientName)
Description copied from interface:IAuthenticationHandlerReturns theclientfor the given client name.- Specified by:
getClientDescriptorin interfaceIAuthenticationHandler- Parameters:
uc- user context for accessing the database.clientName- name of the client (callback UUID or authentication client type nam).- Returns:
- the pac4j client for the given client name or
nullif none could be found.
-
getClientDescriptorsByTenant
public List<IClientDescriptor> getClientDescriptorsByTenant(UserContext uc, UUID tenantUuid)
Description copied from interface:IAuthenticationHandlerReturns the client descriptor for the tenant with the given UUID.- Specified by:
getClientDescriptorsByTenantin interfaceIAuthenticationHandler- Parameters:
uc- user context for accessing the database.tenantUuid- the UUID of thetenant.- Returns:
- a list of client descriptors for the tenant with the given UUID ordered first by whether the client descriptor is a client descriptor of the tenant or a system client descriptor and then by the name of the client descriptor.
-
getClientDescriptorsByUserPortal
public PagedResult<IClientDescriptor> getClientDescriptorsByUserPortal(UserContext uc, UserPortal userPortal, int page, int pageSize)
Description copied from interface:IAuthenticationHandlerGets all client descriptors available for the given user portal- Specified by:
getClientDescriptorsByUserPortalin interfaceIAuthenticationHandler- Parameters:
uc- user context for database transactions.userPortal- to get the client descriptors for.page- to get.pageSize- size of the page to get.- Returns:
- the client descriptors available for the given user portal
-
getClientDescriptorsByUserPortal
public PagedResult<IClientDescriptor> getClientDescriptorsByUserPortal(UserContext uc, UUID userPortalUuid, int page, int pageSize)
Description copied from interface:IAuthenticationHandlerGets all client descriptors available for the user portal given by its UUID.- Specified by:
getClientDescriptorsByUserPortalin interfaceIAuthenticationHandler- Parameters:
uc- user context for database transactions.userPortalUuid- UUID of the user portal to get the client descriptors for.page- page to get.pageSize- size of the page to get.- Returns:
- the client descriptors available for the user portal given by its UUID.
-
getRestClientDescriptors
public Set<IClientDescriptor> getRestClientDescriptors(UserContext uc)
Description copied from interface:IAuthenticationHandlerFinds all active client descriptors that are available for the REST API.- Specified by:
getRestClientDescriptorsin interfaceIAuthenticationHandler- Parameters:
uc- user context for accessing the database.- Returns:
- a set of all active client descriptors available for the REST API.
-
getUserProfileByCredentials
public org.pac4j.core.profile.UserProfile getUserProfileByCredentials(UserContext uc, UUID callbackUuid, String userName, String password)
Description copied from interface:IAuthenticationHandlerGets the user profile for the given authenticator. Only allowed for LDAP authenticators at the moment.- Specified by:
getUserProfileByCredentialsin interfaceIAuthenticationHandler- Parameters:
uc- User context for accessing the database.callbackUuid- Callback UUID of the authenticatoruserName- Name of the userpassword- Password of the user- Returns:
- the pac4j
UserProfileof the user if the user was successfully validated.
-
isTwoFactorAuthenticationRequired
public boolean isTwoFactorAuthenticationRequired(IUser user)
Description copied from interface:IAuthenticationHandlerChecks if two-factor authentication is required for the given user.- Specified by:
isTwoFactorAuthenticationRequiredin interfaceIAuthenticationHandler- Parameters:
user- the user to check- Returns:
- true if two-factor authentication is required, false otherwise
-
hasReachedMaxTokenLimit
public boolean hasReachedMaxTokenLimit(IUser user)
Description copied from interface:IAuthenticationHandlerReturns whether the user has reached the maximum number of temporary MFA tokens allowed.- Specified by:
hasReachedMaxTokenLimitin interfaceIAuthenticationHandler- Parameters:
user- the user to check for maximum token limit- Returns:
- true if the user has reached the maximum token limit, false otherwise
-
loadAuthRequestData
public AuthenticationData loadAuthRequestData(UserContext uc, AuthenticationDataRequest request)
Description copied from interface:IAuthenticationHandlerReads the data required for authenticating a form request, including theform, theclient, and theauthenticator configurations.- Specified by:
loadAuthRequestDatain interfaceIAuthenticationHandler- Parameters:
uc- User context for accessing the database.request- Data with theclient,form, andform record.- Returns:
- The loaded data.
-
verifyMfaCode
public MfaVerificationResultDto verifyMfaCode(String code, String tempToken, boolean saveAuthentication) throws UserMfaTempTokenNotFoundException, UserMfaTempTokenMaxException, UserMfaTempTokenExpiredException
Description copied from interface:IAuthenticationHandlerVerifies the provided MFA code against a temporary token.- Specified by:
verifyMfaCodein interfaceIAuthenticationHandler- Parameters:
code- the MFA code to verifytempToken- the temporary token associated with the MFA codesaveAuthentication- whether to save the authentication state if the code is valid- Returns:
- the result of the MFA verification, containing details about the verification process
- Throws:
UserMfaTempTokenNotFoundException- if the temporary token is not foundUserMfaTempTokenMaxException- if the maximum number of verification attempts for the temporary token has been reachedUserMfaTempTokenExpiredException- if the temporary token has expired
-
refreshMfaTempToken
public MfaTempTokenInfoDto refreshMfaTempToken(String encrypt) throws UserMfaTempTokenNotFoundException, UserMfaTempTokenMaxException, UserMfaTempTokenExpiredException
- Specified by:
refreshMfaTempTokenin interfaceIAuthenticationHandler- Throws:
UserMfaTempTokenNotFoundExceptionUserMfaTempTokenMaxExceptionUserMfaTempTokenExpiredException
-
getClientNamesByUserPortalAlias
public Set<String> getClientNamesByUserPortalAlias(UserContext uc, String portalAlias)
- Specified by:
getClientNamesByUserPortalAliasin interfaceIAuthenticationHandler
-
-