org.jivesoftware.openfire.auth

Class HybridAuthProvider

java.lang.Object

org.jivesoftware.openfire.auth.HybridAuthProvider

All Implemented Interfaces:

AuthProvider

public class HybridAuthProvider
extends Object
implements AuthProvider

The hybrid auth provider allows up to three AuthProvider implementations to be strung together to do chained authentication checking. The algorithm is as follows:

1. Attempt authentication using the primary provider. If that fails:
2. If the secondary provider is defined, attempt authentication (otherwise return). If that fails:
3. If the tertiary provider is defined, attempt authentication.

This class related to, but is distinct from MappedAuthProvider. The Hybrid variant of the provider iterates over providers, operating on the first applicable instance. The Mapped variant, however, maps each user to exactly one provider. To enable this provider, set the provider.auth.className system property to org.jivesoftware.openfire.auth.HybridAuthProvider. The primary, secondary, and tertiary providers are configured be setting system properties similar to the following:

• hybridAuthProvider.primaryProvider = org.jivesoftware.openfire.auth.DefaultAuthProvider
• hybridAuthProvider.secondaryProvider = org.jivesoftware.openfire.auth.NativeAuthProvider

Each of the chained providers can have a list of override users. If a user is in an override list, authentication will only be attempted with the associated provider (bypassing the chaining logic).

The full list of properties:

• hybridAuthProvider.primaryProvider.className (required) -- the class name of the auth provider.
• hybridAuthProvider.primaryProvider.overrideList -- a comma-delimitted list of usernames for which authentication will only be tried with this provider.
• hybridAuthProvider.secondaryProvider.className -- the class name of the auth provider.
• hybridAuthProvider.secondaryProvider.overrideList -- a comma-delimitted list of usernames for which authentication will only be tried with this provider.
• hybridAuthProvider.tertiaryProvider.className -- the class name of the auth provider.
• hybridAuthProvider.tertiaryProvider.overrideList -- a comma-delimitted list of usernames for which authentication will only be tried with this provider.

The primary provider is required, but all other properties are optional. Each provider should be configured as it is normally, using whatever XML configuration options it specifies.

Author:

Matt Tucker

Constructor Summary

Constructors

Constructor and Description
HybridAuthProvider()

Method Summary

Modifier and Type	Method and Description
void	authenticate(String username, String password) Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.
int	getIterations(String username)
String	getPassword(String username) Returns the user's password.
String	getSalt(String username)
String	getServerKey(String username)
String	getStoredKey(String username)
boolean	isScramSupported()
void	setPassword(String username, String password) Sets the users's password.
boolean	supportsPasswordRetrieval() Returns true if this UserProvider is able to retrieve user passwords from the backend user store.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HybridAuthProvider

public HybridAuthProvider()

Method Detail

authenticate

public void authenticate(String username,
                         String password)
                  throws UnauthorizedException,
                         ConnectionException,
                         InternalUnauthenticatedException

Description copied from interface: AuthProvider

Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.

Specified by:

authenticate in interface AuthProvider

Parameters:

username - the username or full JID.

password - the password

Throws:

UnauthorizedException - if the username and password do not match any existing user.

ConnectionException - it there is a problem connecting to user and group system

InternalUnauthenticatedException - if there is a problem authentication Openfire itself into the user and group system

getPassword

public String getPassword(String username)
                   throws UserNotFoundException,
                          UnsupportedOperationException

Description copied from interface: AuthProvider

Returns the user's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.

Specified by:

getPassword in interface AuthProvider

Parameters:

username - the username of the user.

Returns:

the user's password.

Throws:

UserNotFoundException - if the given user's password could not be loaded.

UnsupportedOperationException - if the provider does not support the operation (this is an optional operation).

setPassword

public void setPassword(String username,
                        String password)
                 throws UserNotFoundException,
                        UnsupportedOperationException

Description copied from interface: AuthProvider

Sets the users's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.

Specified by:

setPassword in interface AuthProvider

Parameters:

username - the username of the user.

password - the new plaintext password for the user.

Throws:

UserNotFoundException - if the given user could not be loaded.

UnsupportedOperationException - if the provider does not support the operation (this is an optional operation).

supportsPasswordRetrieval

public boolean supportsPasswordRetrieval()

Description copied from interface: AuthProvider

Returns true if this UserProvider is able to retrieve user passwords from the backend user store. If this operation is not supported then AuthProvider.getPassword(String) will throw an UnsupportedOperationException if invoked.

Specified by:

supportsPasswordRetrieval in interface AuthProvider

Returns:

true if this UserProvider is able to retrieve user passwords from the backend user store.

isScramSupported

public boolean isScramSupported()

Specified by:

isScramSupported in interface AuthProvider

getSalt

public String getSalt(String username)
               throws UnsupportedOperationException,
                      UserNotFoundException

Specified by:

getSalt in interface AuthProvider

Throws:

UnsupportedOperationException

UserNotFoundException

getIterations

public int getIterations(String username)
                  throws UnsupportedOperationException,
                         UserNotFoundException

Specified by:

getIterations in interface AuthProvider

Throws:

UnsupportedOperationException

UserNotFoundException

getServerKey

public String getServerKey(String username)
                    throws UnsupportedOperationException,
                           UserNotFoundException

Specified by:

getServerKey in interface AuthProvider

Throws:

UnsupportedOperationException

UserNotFoundException

getStoredKey

public String getStoredKey(String username)
                    throws UnsupportedOperationException,
                           UserNotFoundException

Specified by:

getStoredKey in interface AuthProvider

Throws:

UnsupportedOperationException

UserNotFoundException