Package org.jivesoftware.openfire.auth

Authentication and Authorization service interfaces and classes. There are three components:

• Authentication. Authentication is the process of verifying a user. Custom authentication implementations can be created by extending the AuthProvider interface.
• Authorization. Authorization is the process of allowing an authenticated identity to choose a username. Default authorization will authorize an authenticated username to the same username only. Custom authorization implementations can be created by extending the AuthorizationPolicy interface.
• Authorization Mapping. Mapping occurs when the client did not request any specific username. This provides a method of giving a default username in these situations. Custom authorization mappings can be created by extending the AuthorizationMapping interface.

Interface Summary

Interface	Description
AuthorizationMapping	This is the interface the used to provide default authorization identity when none was selected by the client.
AuthorizationPolicy	This is the interface the AuthorizationManager uses to conduct authorizations.
AuthProvider	Provider interface for authentication.
AuthProviderMapper	Implementations are used to determine what AuthProvider is to be used for a particular username.

Class Summary

Class	Description
AuthFactory	Pluggable authentication service.
AuthorizationBasedAuthProviderMapper	A AuthProviderMapper that can be used to draw administrative users from another source than the regular, non- administrative users.
AuthorizationManager	Manages the AuthorizationProvider objects.
AuthToken	A token that proves that a user has successfully authenticated.
AuthToken.OneTimeAuthToken	A token that proves that a user uses a one time access token.
DefaultAuthorizationMapping	The default implementation that defines the default authorization identity to be used, when none was selected by the client.
DefaultAuthorizationPolicy	Different clients perform authentication differently, so this policy will authorize any authentication identity, or 'principal' (identity whose password will be used) to a requested authorization identity (identity to act as) that match specific conditions that are considered secure defaults for most installations.
DefaultAuthProvider	Default AuthProvider implementation.
HybridAuthProvider	The hybrid auth provider allows up to three AuthProvider implementations to be strung together to do chained authentication checking.
JDBCAuthProvider	The JDBC auth provider allows you to authenticate users against any database that you can connect to with JDBC.
MappedAuthProvider	A AuthProvider that delegates to a user-specific AuthProvider.
NativeAuthProvider	Authenticates using the native operating system authentication method.
POP3AuthProvider	An AuthProvider that authenticates using a POP3 server.
PropertyBasedAuthProviderMapper	A AuthProviderMapper that can be used to draw some users from another source than the other users.
ScramUtils	A utility class that provides methods that are useful for dealing with Salted Challenge Response Authentication Mechanism (SCRAM).

Enum Summary

Enum	Description
JDBCAuthProvider.PasswordType	Indicates how the password is stored.

Exception Summary

Exception	Description
ConnectionException	Thrown when Openfire is not able to connect to the user and group system.
InternalUnauthenticatedException	Thrown when Openfire is not able to authenticate itself into the user and group system.
UnauthenticatedException	Thrown if a user does not have permission to access a particular method.
UnauthorizedException	Thrown if a user does not have permission to access a particular method.