Module io.inverno.mod.security
Package io.inverno.mod.security.authentication

Class AbstractPrincipalAuthenticator<A extends PrincipalCredentials,B extends Credentials,C extends PrincipalAuthentication>

java.lang.Object
io.inverno.mod.security.authentication.AbstractPrincipalAuthenticator<A,B,C>
Type Parameters:
A - the type of principal credentials to authenticate
B - the type of credentials resolved by the credentials resolver
C - the type of authentication
All Implemented Interfaces:
Authenticator<A,C>
Direct Known Subclasses:
PrincipalAuthenticator, UserAuthenticator
public abstract class AbstractPrincipalAuthenticator<A extends PrincipalCredentials,B extends Credentials,C extends PrincipalAuthentication> extends Object implements Authenticator<A,C>

Base principal authenticator implementation used to authenticate PrincipalCredentials.

This implementation relies on a CredentialsResolver to resolve trusted credentials from a trusted source (i.e. a trusted repository, a trusted directory service...) and a CredentialsMatcher to match the provided credentials with the resolved trusted credentials.

Implementators must implement the createAuthenticated(io.inverno.mod.security.authentication.Credentials) and createDenied(io.inverno.mod.security.authentication.PrincipalCredentials, io.inverno.mod.security.authentication.AuthenticationException) methods which creates the resulting authentication in case of successful or failed authentication.

Since:
1.5
Author:
Jeremy Kuhn

  • Field Details

  • Constructor Details

    • AbstractPrincipalAuthenticator

      protected AbstractPrincipalAuthenticator(CredentialsResolver<? extends B> credentialsResolver, CredentialsMatcher<? super A,? super B> credentialsMatcher)

      Creates a terminal principal authenticator with the specified credentials resolver and credentials matcher.

      The resulting authenticator is terminal and returns denied authentication when the credentials resolver returns no matching credentials corresponding to the credentials to authenticate or when they do not match.

      Parameters:
      credentialsResolver - a credentials resolver
      credentialsMatcher - a credentials matcher

  • Method Details

    • setTerminal

      public void setTerminal(boolean terminal)

      Sets whether the authenticator is terminal and should return denied authentication on failed authentication or no authentication to indicate it was not able to authenticate credentials.

      Parameters:
      terminal - true to terminate authentication, false otherwise

    • authenticate

      public Mono<C> authenticate(A credentials)
      Description copied from interface: Authenticator

      Authenticates the specified credentials and returns an authentication.

      Implementations can return an empty mono to indicate that they were unable to authenticate the credentials. This does not mean credentials are invalid, this simply mean that a particular authenticator does not manage them and therefore can's possibly determine whether they are valid. For example, when considering login credentials composed of a user and a password, an authenticator which does not manage that particular user can return an empty mono.

      Implementations must return denied authentications with AuthenticationException when they were able to authenticate credentials which turned out to be invalid. For example, a login credentials authenticator must return a denied authentication exception when it does manage a particular username but the provided password was invalid.

      A denied authentication can also bre reported by throwing an AuthenticationException when returning an actual authentication instance is not practical.

      Specified by:
      authenticate in interface Authenticator<A extends PrincipalCredentials,B extends Credentials>
      Parameters:
      credentials - the credentials to authenticate
      Returns:
      a mono emitting an authentication, an error mono or an empty mono if the authenticator could not authenticate the credentials

    • createAuthenticated

      protected abstract C createAuthenticated(B resolvedCredentials) throws AuthenticationException

      Creates an authenticated authentication resulting from a successful authentication using the resolved trusted credentials.

      Parameters:
      resolvedCredentials - the resolved trusted credentials
      Returns:
      an authenticated authentication
      Throws:
      AuthenticationException - if there was an error generating the authentication

    • createDenied

      protected abstract C createDenied(A credentials, AuthenticationException cause) throws AuthenticationException

      Creates a denied authentication resulting from a failed authentication.

      Parameters:
      credentials - the invalid credentials
      cause - the authentication error
      Returns:
      a denied authentication
      Throws:
      AuthenticationException - if there was an error generating the authentication