Interface IAuthenticationHandler

All Superinterfaces:
IAPIHandler, Serializable
All Known Implementing Classes:
AuthenticationHandler
public interface IAuthenticationHandler extends IAPIHandler
Author:
XIMA MEDIA GmbH

  • Method Details

    • checkTwoFactorAuthentication

      MfaTempTokenInfoDto checkTwoFactorAuthentication(IUser user) throws UserMfaTempTokenMaxException
      Checks if two-factor authentication is required for the given user.
      Parameters:
      user - the user to check
      Returns:
      a TwoFactorAuthenticationRequiredDto if two-factor authentication is required, or null if it is not required
      Throws:
      UserMfaTempTokenMaxException - if the maximum number of temporary tokens for two-factor authentication has been reached
      IllegalArgumentException - if the user is null or not authenticated
      Since:
      8.4.0

    • getActiveClientDescriptor

      IClientDescriptor getActiveClientDescriptor(UserContext uc, String clientName)
      Returns the client descriptor for the given client name. The client needs to be active.
      Parameters:
      uc - user context for accessing the database.
      clientName - name of the client.
      Returns:
      the client descriptor for the given client name iff it is active and null otherwise.
      Since:
      8.0.0

    • getActiveClientDescriptors

      Map<String, IClientDescriptor> getActiveClientDescriptors(UserContext uc, Set<String> clientNames)
      Returns the client descriptors for the given client names. The clients need to be active.
      Parameters:
      uc - user context for accessing the database.
      clientNames - names of the clients.
      Returns:
      the client descriptors for the given client names iff they are active as a map. The keys of the map entries are the client names.
      Since:
      8.0.0

    • getAuthenticator

      IAuthenticator<?> getAuthenticator(UserContext uc, UUID callbackUuid)
      Returns the authenticator with the given callback UUID.
      Parameters:
      uc - User context for accessing the database.
      callbackUuid - Callback UUI of the authenticator
      Returns:
      authenticator with the given callback UUID.
      Since:
      7.2.0

    • getBackendClientDescriptors

      List<IClientDescriptor> getBackendClientDescriptors(UserContext uc)
      Finds all active client descriptors that are configured for the backend in order. Clients with credentials authenticators are at the beginning of the list.
      Parameters:
      uc - user context for accessing the database.
      Returns:
      ordered list of all active client descriptors configured for the backend.
      Since:
      8.0.0

    • getBackendInputClientDescriptors

      List<IClientDescriptor> getBackendInputClientDescriptors(UserContext uc)
      Finds all active client descriptors that are configured for the backend and that require direct input of credentials in order.
      Parameters:
      uc - user context for accessing the database.
      Returns:
      ordered list of all active client descriptors configured for the backend and require direct input of credentials.
      Since:
      8.0.0

    • getBackendRedirectClientDescriptors

      List<IClientDescriptor> getBackendRedirectClientDescriptors(UserContext uc)
      Finds all active client descriptors that are configured for the backend and redirect the user to an external IDP (in order).
      Parameters:
      uc - user context for accessing the database.
      Returns:
      ordered list of all active client descriptors configured for the backend and redirect the user to an external IDP.
      Since:
      8.0.0

    • getClientDescriptor

      @Nullable IClientDescriptor getClientDescriptor(UserContext uc, String clientName)
      Returns the client for the given client name.
      Parameters:
      uc - user context for accessing the database.
      clientName - name of the client (callback UUID or authentication client type nam).
      Returns:
      the pac4j client for the given client name or null if none could be found.
      Since:
      8.0.0

    • getClientDescriptorsByTenant

      List<IClientDescriptor> getClientDescriptorsByTenant(UserContext uc, UUID tenantUuid)
      Returns the client descriptor for the tenant with the given UUID.
      Parameters:
      uc - user context for accessing the database.
      tenantUuid - the UUID of the tenant.
      Returns:
      a list of client descriptors for the tenant with the given UUID ordered first by whether the client descriptor is a client descriptor of the tenant or a system client descriptor and then by the name of the client descriptor.
      Since:
      8.4.0

    • getClientDescriptorsByUserPortal

      PagedResult<IClientDescriptor> getClientDescriptorsByUserPortal(UserContext uc, UserPortal userPortal, int page, int pageSize)
      Gets all client descriptors available for the given user portal
      Parameters:
      uc - user context for database transactions.
      userPortal - to get the client descriptors for.
      page - to get.
      pageSize - size of the page to get.
      Returns:
      the client descriptors available for the given user portal
      Throws:
      de.xima.cmn.http.exception.NotFoundException - if the user portal could not be found.
      Since:
      8.2.0

    • getClientDescriptorsByUserPortal

      PagedResult<IClientDescriptor> getClientDescriptorsByUserPortal(UserContext uc, UUID userPortalUuid, int page, int pageSize)
      Gets all client descriptors available for the user portal given by its UUID.
      Parameters:
      uc - user context for database transactions.
      userPortalUuid - UUID of the user portal to get the client descriptors for.
      page - page to get.
      pageSize - size of the page to get.
      Returns:
      the client descriptors available for the user portal given by its UUID.
      Throws:
      de.xima.cmn.http.exception.NotFoundException - if the user portal with the given UUID could not be found.
      Since:
      8.2.0

    • getRestClientDescriptors

      Set<IClientDescriptor> getRestClientDescriptors(UserContext uc)
      Finds all active client descriptors that are available for the REST API.
      Parameters:
      uc - user context for accessing the database.
      Returns:
      a set of all active client descriptors available for the REST API.
      Since:
      8.2.0

    • getUserProfileByCredentials

      org.pac4j.core.profile.UserProfile getUserProfileByCredentials(UserContext uc, UUID callbackUuid, String userName, String password)
      Gets the user profile for the given authenticator. Only allowed for LDAP authenticators at the moment.
      Parameters:
      uc - User context for accessing the database.
      callbackUuid - Callback UUID of the authenticator
      userName - Name of the user
      password - Password of the user
      Returns:
      the pac4j UserProfile of the user if the user was successfully validated.
      Since:
      8.0.0

    • isTwoFactorAuthenticationRequired

      boolean isTwoFactorAuthenticationRequired(IUser user)
      Checks if two-factor authentication is required for the given user.
      Parameters:
      user - the user to check
      Returns:
      true if two-factor authentication is required, false otherwise
      Throws:
      IllegalArgumentException - if the user is null or not authenticated
      Since:
      8.4.0

    • hasReachedMaxTokenLimit

      boolean hasReachedMaxTokenLimit(IUser user)
      Returns whether the user has reached the maximum number of temporary MFA tokens allowed.
      Parameters:
      user - the user to check for maximum token limit
      Returns:
      true if the user has reached the maximum token limit, false otherwise
      Throws:
      IllegalArgumentException - if the user is null or does not have a profile

    • loadAuthRequestData

      AuthenticationData loadAuthRequestData(UserContext uc, AuthenticationDataRequest request)
      Reads the data required for authenticating a form request, including the form, the client, and the authenticator configurations.
      Parameters:
      uc - User context for accessing the database.
      request - Data with the client, form, and form record.
      Returns:
      The loaded data.

    • verifyMfaCode

      MfaVerificationResultDto verifyMfaCode(String code, String tempToken, boolean saveAuthentication) throws UserMfaTempTokenNotFoundException, UserMfaTempTokenMaxException, UserMfaTempTokenExpiredException
      Verifies the provided MFA code against a temporary token.
      Parameters:
      code - the MFA code to verify
      tempToken - the temporary token associated with the MFA code
      saveAuthentication - whether to save the authentication state if the code is valid
      Returns:
      the result of the MFA verification, containing details about the verification process
      Throws:
      UserMfaTempTokenNotFoundException - if the temporary token is not found
      UserMfaTempTokenMaxException - if the maximum number of verification attempts for the temporary token has been reached
      UserMfaTempTokenExpiredException - if the temporary token has expired
      Since:
      8.4.0

    • refreshMfaTempToken

      MfaTempTokenInfoDto refreshMfaTempToken(String encrypt) throws UserMfaTempTokenNotFoundException, UserMfaTempTokenMaxException, UserMfaTempTokenExpiredException
      Throws:
      UserMfaTempTokenNotFoundException
      UserMfaTempTokenMaxException
      UserMfaTempTokenExpiredException

    • getClientNamesByUserPortalAlias

      Set<String> getClientNamesByUserPortalAlias(UserContext us, String portalAlias)