org.apache.lucene.gdata.server.authentication
Interface AuthenticationController

All Superinterfaces:
ServerComponent
All Known Implementing Classes:
BlowfishAuthenticationController

public interface AuthenticationController
extends ServerComponent

Implementations of the AuthenticationController interface contain all the logic for processing token based authentification. A token is an encoded unique String value passed back to the client if successfully authenticated. Clients provide account name, password, the requested service and the name of the application used for accessing the the gdata service.

The algorithmn to create and reauthenticate the token can be choosen by the implementor.
This interface extends ServerComponent e.g. implementing classes can be registered as a Component in the GDataServerRegistry to be accessed via the provided lookup service

Author:
Simon Willnauer
See Also:
BlowfishAuthenticationController

Field Summary
static String ACCOUNT_PARAMETER
          Authentication parameter for the account name.
static String APPLICATION_PARAMETER
          Authentication parameter for the application name of the clients application.
static String AUTHORIZATION_HEADER
          The header name containing the authentication token provided by the client
static String PASSWORD_PARAMETER
          Authentication parameter for the account password.
static String SERVICE_PARAMETER
          Authentication parameter for the requested service.
static String TOKEN_KEY
          The key used for respond the auth token to the client.
 
Method Summary
 String authenticatAccount(GDataAccount account, String requestIp)
          Creates a authentication token for the given account.
 boolean authenticateToken(String token, String requestIp, GDataAccount.AccountRole role, String accountName)
          Authenticates the given auth token and checks the given parameter for matching the information contained inside the token.
 
Methods inherited from interface org.apache.lucene.gdata.server.registry.ServerComponent
destroy, initialize
 

Field Detail

AUTHORIZATION_HEADER

static final String AUTHORIZATION_HEADER
The header name containing the authentication token provided by the client

See Also:
Constant Field Values

ACCOUNT_PARAMETER

static final String ACCOUNT_PARAMETER
Authentication parameter for the account name. Provided by the client to recieve the auth token.

See Also:
Constant Field Values

PASSWORD_PARAMETER

static final String PASSWORD_PARAMETER
Authentication parameter for the account password. Provided by the client to recieve the auth token.

See Also:
Constant Field Values

SERVICE_PARAMETER

static final String SERVICE_PARAMETER
Authentication parameter for the requested service. Provided by the client to recieve the auth token.

See Also:
Constant Field Values

APPLICATION_PARAMETER

static final String APPLICATION_PARAMETER
Authentication parameter for the application name of the clients application. This is just used for loggin purposes

See Also:
Constant Field Values

TOKEN_KEY

static final String TOKEN_KEY
The key used for respond the auth token to the client. Either as a cookie (key as cookie name) or as plain response (TOKEN_KEY=TOKEN)

See Also:
Constant Field Values
Method Detail

authenticatAccount

String authenticatAccount(GDataAccount account,
                          String requestIp)
Creates a authentication token for the given account. The token will be calculated based on a part of the clients ip address, the account role and the account name and the time in millisecond at the point of creation.

Parameters:
account - - the account to create the token for
requestIp - - the clients request ip address
Returns:
- a BASE64 encoded authentification token

authenticateToken

boolean authenticateToken(String token,
                          String requestIp,
                          GDataAccount.AccountRole role,
                          String accountName)
Authenticates the given auth token and checks the given parameter for matching the information contained inside the token.

if the given account name is null the authentication will ignore the account name and the decision whether the token is valid or not will be based on the given role compared to the role inside the token

Parameters:
token - - the token to authenticate
requestIp - - the client request IP address
role - - the required role
accountName - - the name of the account
Returns:
true if the given values match the values inside the token and if the timestamp plus the configured timeout is greater than the current time, if one of the values does not match or the token has timed out it will return false


Copyright © 2000-2008 Apache Software Foundation. All Rights Reserved.