org.jivesoftware.wildfire.auth
Class HybridAuthProvider

java.lang.Object
  org.jivesoftware.wildfire.auth.HybridAuthProvider

All Implemented Interfaces:

AuthProvider

public class HybridAuthProvider
extends Object
implements AuthProvider

The hybrid auth provider allows up to three AuthProvider implementations to be strung together to do chained authentication checking. The algorithm is as follows:

1. Attempt authentication using the primary provider. If that fails:
2. If the secondary provider is defined, attempt authentication (otherwise return). If that fails:
3. If the tertiary provider is defined, attempt authentication.

To enable this provider, set the following in the XML configuration file:

 <provider>
     <auth>
         <className>org.jivesoftware.wildfire.auth.HybridAuthProvider</className>
     </auth>
 </provider>
 

The primary, secondary, and tertiary providers are configured as in the following example:

 <hybridAuthProvider>
      <primaryProvider>
          <className>org.jivesoftware.wildfire.auth.DefaultAuthProvider<className>
      </primaryProvider>
      <secondaryProvider>
          <className>org.jivesoftware.wildfire.auth.NativeAuthProvider</className>
      </secondaryProvider>
 </hybridAuthProvider>
 

Each of the chained providers can have a list of override users. If a user is in an override list, authentication will only be attempted with the associated provider (bypassing the chaining logic).

The full list of properties:

• hybridAuthProvider.primaryProvider.className (required) -- the class name of the auth provider.
• hybridAuthProvider.primaryProvider.overrideList -- a comma-delimitted list of usernames for which authentication will only be tried with this provider.
• hybridAuthProvider.secondaryProvider.className -- the class name of the auth provider.
• hybridAuthProvider.secondaryProvider.overrideList -- a comma-delimitted list of usernames for which authentication will only be tried with this provider.
• hybridAuthProvider.tertiaryProvider.className -- the class name of the auth provider.
• hybridAuthProvider.tertiaryProvider.overrideList -- a comma-delimitted list of usernames for which authentication will only be tried with this provider.

The primary provider is required, but all other properties are optional. Each provider should be configured as it is normally, using whatever XML configuration options it specifies.

Author:

Matt Tucker

Constructor Summary

HybridAuthProvider()

Method Summary

void	authenticate(String username, String password) Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.
void	authenticate(String username, String token, String digest) Returns if the username, token, and digest are valid; otherwise this method throws an UnauthorizedException.
String	getPassword(String username) Returns the user's password.
boolean	isDigestSupported() Returns true if this AuthProvider supports digest authentication according to JEP-0078.
boolean	isPlainSupported() Returns true if this AuthProvider supports authentication using plain-text passwords according to JEP--0078.
void	setPassword(String username, String password) Sets the users's password.
boolean	supportsPasswordRetrieval() Returns true if this UserProvider is able to retrieve user passwords from the backend user store.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HybridAuthProvider

public HybridAuthProvider()

Method Detail

isPlainSupported

public boolean isPlainSupported()

Description copied from interface: AuthProvider

Returns true if this AuthProvider supports authentication using plain-text passwords according to JEP--0078. Plain text authentication is not secure and should generally only be used for a TLS/SSL connection.

Specified by:

isPlainSupported in interface AuthProvider

Returns:

true if plain text password authentication is supported by this AuthProvider.

isDigestSupported

public boolean isDigestSupported()

Description copied from interface: AuthProvider

Returns true if this AuthProvider supports digest authentication according to JEP-0078.

Specified by:

isDigestSupported in interface AuthProvider

Returns:

true if digest authentication is supported by this AuthProvider.

authenticate

public void authenticate(String username,
                         String password)
                  throws UnauthorizedException

Description copied from interface: AuthProvider

Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.

If AuthProvider.isPlainSupported() returns false, this method should throw an UnsupportedOperationException.

Specified by:

authenticate in interface AuthProvider

Parameters:

username - the username.

password - the passwordl

Throws:

UnauthorizedException - if the username and password do not match any existing user.

authenticate

public void authenticate(String username,
                         String token,
                         String digest)
                  throws UnauthorizedException

Description copied from interface: AuthProvider

Returns if the username, token, and digest are valid; otherwise this method throws an UnauthorizedException.

If AuthProvider.isDigestSupported() returns false, this method should throw an UnsupportedOperationException.

Specified by:

authenticate in interface AuthProvider

Parameters:

username - the username.

token - the token that was used with plain-text password to generate the digest.

digest - the digest generated from plain-text password and unique token.

Throws:

UnauthorizedException - if the username and password do not match any existing user.

getPassword

public String getPassword(String username)
                   throws UserNotFoundException,
                          UnsupportedOperationException

Description copied from interface: AuthProvider

Returns the user's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.

Specified by:

getPassword in interface AuthProvider

Parameters:

username - the username of the user.

Returns:

the user's password.

Throws:

UserNotFoundException - if the given user's password could not be loaded.

UnsupportedOperationException - if the provider does not support the operation (this is an optional operation).

setPassword

public void setPassword(String username,
                        String password)
                 throws UserNotFoundException,
                        UnsupportedOperationException

Description copied from interface: AuthProvider

Sets the users's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.

Specified by:

setPassword in interface AuthProvider

Parameters:

username - the username of the user.

password - the new plaintext password for the user.

Throws:

UserNotFoundException - if the given user could not be loaded.

UnsupportedOperationException - if the provider does not support the operation (this is an optional operation).

supportsPasswordRetrieval

public boolean supportsPasswordRetrieval()

Description copied from interface: AuthProvider

Returns true if this UserProvider is able to retrieve user passwords from the backend user store. If this operation is not supported then AuthProvider.getPassword(String) will throw an UnsupportedOperationException if invoked.

Specified by:

supportsPasswordRetrieval in interface AuthProvider

Returns:

true if this UserProvider is able to retrieve user passwords from the backend user store.