org.apache.jetspeed.security.spi.impl
Class InternalPasswordCredentialInterceptorsProxy

java.lang.Object
  extended byorg.apache.jetspeed.security.spi.impl.InternalPasswordCredentialInterceptorsProxy
All Implemented Interfaces:
InternalPasswordCredentialInterceptor

public class InternalPasswordCredentialInterceptorsProxy
extends Object
implements InternalPasswordCredentialInterceptor

Provides a wrapper around a list of interceptors so multiple interceptors can be used with the DefaultCredentialHandler. Each interceptor will be invoked sequentially.

Version:
$Id$
Author:
Ate Douma

Field Summary
private  InternalPasswordCredentialInterceptor[] interceptors
           
 
Constructor Summary
InternalPasswordCredentialInterceptorsProxy(List interceptors)
           
 
Method Summary
 boolean afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser, String userName, org.apache.jetspeed.security.om.InternalCredential credential, boolean authenticated)
           Invoked during authentication after the provided password is compared against the one retrieved from the InternalCredential.
 boolean afterLoad(PasswordCredentialProvider pcProvider, String userName, org.apache.jetspeed.security.om.InternalCredential credential)
           Invoked after a password credential is loaded from the persistent store.
 void beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser, Collection credentials, String userName, org.apache.jetspeed.security.om.InternalCredential credential, String password)
           Invoked when the first password credential is to be saved for a user.
 void beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser, Collection credentials, String userName, org.apache.jetspeed.security.om.InternalCredential credential, String password, boolean authenticated)
           Invoked when a new password value is to be saved for a user.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

interceptors

private InternalPasswordCredentialInterceptor[] interceptors
Constructor Detail

InternalPasswordCredentialInterceptorsProxy

public InternalPasswordCredentialInterceptorsProxy(List interceptors)
Method Detail

afterLoad

public boolean afterLoad(PasswordCredentialProvider pcProvider,
                         String userName,
                         org.apache.jetspeed.security.om.InternalCredential credential)
                  throws org.apache.jetspeed.security.SecurityException
Description copied from interface: InternalPasswordCredentialInterceptor

Invoked after a password credential is loaded from the persistent store.

If true is returned the credential is expected to be updated and its changes will be stored again.

A thrown SecurityException will be logged as an error and result in the credential to be ignored as if not existing (like for authentication).

Specified by:
afterLoad in interface InternalPasswordCredentialInterceptor
Parameters:
pcProvider - provides callback access to for instance the configured CredentialPasswordEncoder and CredentialPasswordValidator
userName - the name of the principal to which the credential belongs
credential - the credential just loaded from the persistent store
Returns:
true if the credential is updated
Throws:
org.apache.jetspeed.security.SecurityException
See Also:
InternalPasswordCredentialInterceptor.afterLoad(org.apache.jetspeed.security.spi.PasswordCredentialProvider, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)

afterAuthenticated

public boolean afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser,
                                  String userName,
                                  org.apache.jetspeed.security.om.InternalCredential credential,
                                  boolean authenticated)
                           throws org.apache.jetspeed.security.SecurityException
Description copied from interface: InternalPasswordCredentialInterceptor

Invoked during authentication after the provided password is compared against the one retrieved from the InternalCredential.

If true is returned, the credential is expected to be updated and its enabled and expired flags will checked if the credential is (still) valid.

Note: the enabled and expired flags are only checked if this method returns true.

A thrown SecurityException will be passed on to the authentication requestor.

Specified by:
afterAuthenticated in interface InternalPasswordCredentialInterceptor
Parameters:
internalUser - the user to which the credential belongs
userName - the name of the principal to which the credential belongs
credential - the credential of the user
authenticated - true if the provided password matches the value of the credential
Returns:
true if the credential is updated
Throws:
org.apache.jetspeed.security.SecurityException
See Also:
InternalPasswordCredentialInterceptor.afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, boolean)

beforeCreate

public void beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser,
                         Collection credentials,
                         String userName,
                         org.apache.jetspeed.security.om.InternalCredential credential,
                         String password)
                  throws org.apache.jetspeed.security.SecurityException
Description copied from interface: InternalPasswordCredentialInterceptor

Invoked when the first password credential is to be saved for a user.

This callback method can be used to set default values like the expiration date.

A thrown SecurityException is passed on to the new password requestor.

Specified by:
beforeCreate in interface InternalPasswordCredentialInterceptor
Parameters:
internalUser - the user to which the credential belongs
credentials - the collection of credentials which will set on the user after (already contains the new credential)
userName - the name of the principal to which the credential belongs
credential - the credential of the user
password - the new password value (already set on the new credential)
Throws:
org.apache.jetspeed.security.SecurityException
See Also:
InternalPasswordCredentialInterceptor.beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, InternalCredential, java.lang.String)

beforeSetPassword

public void beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser,
                              Collection credentials,
                              String userName,
                              org.apache.jetspeed.security.om.InternalCredential credential,
                              String password,
                              boolean authenticated)
                       throws org.apache.jetspeed.security.SecurityException
Description copied from interface: InternalPasswordCredentialInterceptor

Invoked when a new password value is to be saved for a user.

The new password value is not yet set on the provided credential when this callback is invoked. This allows custom history maintenance and/or auditing to be performed.

The provided authenticated flag can be used to differentiate between a new password value set directly by a user itself or through an administrative interface.

After this callback is invoked, the specified password value will be set, as well as a reset of the updateRequired flag, before the credential is saved.

A thrown SecurityException is passed on to the set password requestor.

Specified by:
beforeSetPassword in interface InternalPasswordCredentialInterceptor
Parameters:
internalUser - the user to which the credential belongs
credentials - the collection of credentials which will set on the user after (already contains the new credential)
userName - the name of the principal to which the credential belongs
credential - the credential of the user
password - the new password value (already set on the new credential)
authenticated - true if the new password value is provided by the user directly
Throws:
org.apache.jetspeed.security.SecurityException
See Also:
InternalPasswordCredentialInterceptor.beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)


Copyright © 1999-2005 Apache Software Foundation. All Rights Reserved.