Class IdentityServiceAuthenticationComponent
java.lang.Object
org.alfresco.repo.security.authentication.AbstractAuthenticationComponent
org.alfresco.repo.security.authentication.identityservice.IdentityServiceAuthenticationComponent
- All Implemented Interfaces:
ActivateableBean,AuthenticationComponent,AuthenticationContext
public class IdentityServiceAuthenticationComponent
extends AbstractAuthenticationComponent
implements ActivateableBean
Authenticates a user against the Identity Service (Keycloak / OAuth2 Authorization Server).
Delegates the actual credential-validation work to a UserTokenProvider so the component remains agnostic of how the token is obtained: a DirectUserTokenProvider hits the IdP on every call, while a CachingUserTokenProvider transparently caches previously validated tokens. If no provider is wired (e.g., identity-service.authentication.enable-username-password-authentication=false) this authenticator falls through to the next one in the chain by throwing.
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.alfresco.repo.security.authentication.AuthenticationComponent
AuthenticationComponent.UserNameValidationMode -
Field Summary
Fields inherited from class org.alfresco.repo.security.authentication.AbstractAuthenticationComponent
logger -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidauthenticateImpl(String userName, char[] password) Default unsupported authentication implementation - as of 2.1 this is the best way to implement your own authentication component as it will support guest login - prior to this direct over ride for authenticate(String , char[]) was used.protected booleanbooleanisActive()Determines whether this bean is active.voidsetActive(boolean active) voidsetAllowGuestLogin(boolean allowGuestLogin) voidsetUserTokenProvider(UserTokenProvider userTokenProvider) Methods inherited from class org.alfresco.repo.security.authentication.AbstractAuthenticationComponent
authenticate, clearCurrentSecurityContext, getAllowGuestLogin, getCurrentAuthentication, getCurrentUserName, getDefaultAdministratorUserNames, getDefaultGuestUserNames, getGuestUserName, getGuestUserName, getNodeService, getNumberFailedAuthentications, getNumberSuccessfulAuthentications, getPersonService, getSystemUserName, getSystemUserName, getTransactionService, getUserDetails, getUserDomain, guestUserAuthenticationAllowed, isCurrentUserTheSystemUser, isGuestUserName, isSystemUserName, onAuthenticate, onFail, setAllowGuestLogin, setAuthenticationContext, setCurrentAuthentication, setCurrentUser, setCurrentUser, setDefaultAdministratorUserNameList, setDefaultAdministratorUserNames, setDefaultGuestUserNameList, setDefaultGuestUserNames, setGuestUserAsCurrentUser, setNodeService, setPersonService, setSystemUserAsCurrentUser, setSystemUserAsCurrentUser, setTransactionService, setUserDetails, setUserRegistrySynchronizer
-
Constructor Details
-
IdentityServiceAuthenticationComponent
public IdentityServiceAuthenticationComponent()
-
-
Method Details
-
setUserTokenProvider
-
setAllowGuestLogin
public void setAllowGuestLogin(boolean allowGuestLogin) -
authenticateImpl
Description copied from class:AbstractAuthenticationComponentDefault unsupported authentication implementation - as of 2.1 this is the best way to implement your own authentication component as it will support guest login - prior to this direct over ride for authenticate(String , char[]) was used. This will still work.- Overrides:
authenticateImplin classAbstractAuthenticationComponent- Parameters:
userName- Stringpassword- char[]- Throws:
AuthenticationException
-
setActive
public void setActive(boolean active) -
isActive
public boolean isActive()Description copied from interface:ActivateableBeanDetermines whether this bean is active.- Specified by:
isActivein interfaceActivateableBean- Returns:
trueif this bean is active
-
implementationAllowsGuestLogin
protected boolean implementationAllowsGuestLogin()- Specified by:
implementationAllowsGuestLoginin classAbstractAuthenticationComponent
-