Package org.apache.jackrabbit.core.security.authentication.token

Class TokenBasedAuthentication

  • All Implemented Interfaces:
    Authentication
    public class TokenBasedAuthentication
extends Object
implements Authentication
    Authentication implementation that compares the tokens stored with a given user node to the token present in the SimpleCredentials attributes. Authentication succeeds if the login token refers to a non-expired token node and if all other credential attributes are equal to the corresponding properties.

    • Field Detail

      • TOKEN_EXPIRATION

        public static final long TOKEN_EXPIRATION
        Default expiration time for login tokens is 2 hours.
        See Also:
        Constant Field Values

      • PARAM_COMPAT

        @Deprecated
public static final String PARAM_COMPAT
        Deprecated.
        This system parameter allows to enable backwards compatible behavior of the TokenBasedAuthentication. Note that as of OAK 1.0 this flag will no be supported.
        See Also:
        Constant Field Values

    • Method Detail

      • canHandle

        public boolean canHandle​(Credentials credentials)
        Description copied from interface: Authentication
        An Authentication may only be able to handle certain types of Credentials as the authentication process is tightly coupled to the semantics of the Credentials. E.g.: A ticket based Authentication is dependant on a Credentials implementation which allows access to this ticket.
        Specified by:
        canHandle in interface Authentication
        Parameters:
        credentials - in questions
        Returns:
        true if the current Authentication handles the given Credentials
        See Also:
        Authentication.canHandle(javax.jcr.Credentials)

      • isTokenBasedLogin

        public static boolean isTokenBasedLogin​(Credentials credentials)
        Returns true if the given credentials object is an instance of TokenCredentials.
        Parameters:
        credentials -
        Returns:
        true if the given credentials object is an instance of TokenCredentials; false otherwise.

      • isMandatoryAttribute

        public static boolean isMandatoryAttribute​(String attributeName)
        Returns true if the specified attributeName starts with or equals TOKEN_ATTRIBUTE.
        Parameters:
        attributeName -
        Returns:
        true if the specified attributeName starts with or equals TOKEN_ATTRIBUTE.

      • doCreateToken

        public static boolean doCreateToken​(Credentials credentials)
        Returns true if the specified credentials should be used to create a new login token.
        Parameters:
        credentials -
        Returns:
        true if upon successful authentication a new login token should be created; false otherwise.

      • createToken

        public static Credentials createToken​(User user,
                                      SimpleCredentials credentials,
                                      long tokenExpiration,
                                      Session session)
                               throws RepositoryException
        Create a new token node for the specified user.
        Parameters:
        user -
        credentials -
        tokenExpiration -
        session -
        Returns:
        A new instance of TokenCredentials to be used for further login actions against this Authentication implementation.
        Throws:
        RepositoryException - If there is no node corresponding to the specified user in the current workspace or if an error occurs while creating the token node.