Examples of com.adito.security.AuthenticationModule

• com.adito.security.AuthenticationModule
  Interface to be implemented to provide a single Authentication Modules.

  Authentication modules provide the logic and the user interface for a single stage in an Authentication Scheme that a user must complete to be able to logon on use Adito's services.

  Each module must have an {@link com.adito.security.AuthenticationModuleDefinition}that must be registed with the {@link com.adito.security.AuthenticationModuleManager}.

  When authentication is required by the module, the first thing that happens is all of the modules in the scheme are initialised by called their {@link #init(AuthenticationScheme)}methods.

  When it is this schemes turn, the {@link #authenticate(HttpServletRequest,RequestParameterMap)}method will be called expecting either a {@link com.adito.security.Credentials}object or any exception to be thrown if the authentication failed.

  If applicable, each module must return the page to a JSP page that provides the web based user interface for the module.

  A module may be capable of supporting the entering of a username, in which case it is known as a Primary Authentication Modules. If this capability is not available, the module is a Secondary Authentication Module and may only be used after a primary has already been used.

  There is a third type called a System Authentication Module which is used interally by the Adito or its plugins but never presented to user directly. These are currently used for Webdav and Embedded client logons. @see com.adito.security.AuthenticationScheme @see com.adito.security.AuthenticationModuleDefinition @see com.adito.security.AuthenticationModuleManager

                scheme = (AuthenticationScheme) request.getSession().getAttribute(Constants.AUTH_SESSION);
            }
        }

        if (scheme != null) {
            AuthenticationModule module = scheme.currentAuthenticationModule();
            if (module == null) {
                log.error("No authentication module.");
                request.getSession().removeAttribute(Constants.AUTH_SESSION);
                return mapping.findForward("logon");
            }

            try {
              // If there is no user in the scheme then it is an invalid login
              if(scheme.getUser() == null) {
                throw new InvalidLoginCredentialsException();
              }

              // Check the account is enabled and not locked
              if(!PolicyUtil.isEnabled(scheme.getUser())) {
                throw new AccountLockedException(scheme.getUsername(), "Account disabled.", true, 0);
              }

              // Check for locks
              LogonControllerFactory.getInstance().checkForAccountLock(scheme.getUsername(), scheme.getUser().getRealm().getResourceName());

              // Authenticate
                authenticate(scheme, request);

                // Check logon is currently allowed
                String logonNotAllowedReason = LogonControllerFactory.getInstance().checkLogonAllowed(
                                scheme.getUser());

                if (logonNotAllowedReason != null) {
                    log.warn("Logon not allowed because '" + logonNotAllowedReason + "'");
                    msgs.add(Globals.ERROR_KEY, new ActionMessage("login.logonNotAllowed", logonNotAllowedReason));
                    saveErrors(request, msgs);
                    return new RedirectWithMessages(mapping.findForward("logon"), request);
                }

                // Check for the next authentication modules
                AuthenticationModule nextModule = scheme.nextAuthenticationModule();
                if (nextModule != null && request.getSession().getAttribute(Constants.SESSION_LOCKED) == null) {
                    if (log.isDebugEnabled())
                        log.debug("There are more authentication modules to satisfy (current mapping = " + mapping.getPath());
                    ActionForward fw = new RedirectWithMessages(mapping.findForward("logon"), request);
                    return fw;

     * @param scheme scheme
     * @param request request
     * @throws Exception on any error
     */
    public static void authenticate(AuthenticationScheme scheme, HttpServletRequest request) throws Exception {
        AuthenticationModule module = scheme.currentAuthenticationModule();
        if (module == null) {
            throw new Exception("No current authentication module");
        }
        RequestParameterMap params = new RequestParameterMap(new ServletRequestAdapter(request));
        User currentUser = scheme.getUser();
        LogonStateAndCache logonStateMachine = (LogonStateAndCache) request.getSession().getAttribute(
                        LogonStateAndCache.LOGON_STATE_MACHINE);

        if (logonStateMachine == null) {
            logonStateMachine = new LogonStateAndCache(LogonStateAndCache.STATE_STARTED, request.getSession());
        }

        if (logonStateMachine.getState() == LogonStateAndCache.STATE_KNOWN_USERNAME_NO_SCHEME_SPOOF_PASSWORD_ENTRY) {
            scheme.addCredentials(new PasswordCredentials("", "".toCharArray()));
        } else if (logonStateMachine.getState() == LogonStateAndCache.STATE_UNKNOWN_USERNAME_PROMPT_FOR_PASSWORD) {
            Credentials creds = module.authenticate(request, params);
            if(creds!=null)
              scheme.addCredentials(creds);
        } else {
          Credentials creds = module.authenticate(request, params);
            if(creds!=null) {
              scheme.addCredentials(creds);
              logonStateMachine.setState(LogonStateAndCache.STATE_VALID_LOGON);
            }
            // Check we have a user object

                    log.debug("Scheme " + authScheme.getSchemeName() + " initialised OK");
            }
        }

        while (true) {
            AuthenticationModule module = authScheme.currentAuthenticationModule();
            if (form != null) {
                form.setCurrentModuleIndex(authScheme.getCurrentModuleIndex());
            }

            // The module may wish to forward somewhere other than to the
            // default login page
            ActionForward forward = module.startAuthentication(mapping, request, response);

            if (module.isRequired()) {
                return forward;
            } else {
                // Are we at the end of the sequence
                if (authScheme.nextAuthenticationModule() == null) {
                    return LogonAction.finishAuthentication(authScheme, request, response);