org.sakaiproject.component.kerberos.user
Class KerberosUserDirectoryProvider

java.lang.Object
  extended byorg.sakaiproject.component.kerberos.user.KerberosUserDirectoryProvider
All Implemented Interfaces:
UserDirectoryProvider

public class KerberosUserDirectoryProvider
extends Object
implements UserDirectoryProvider

KerberosUserDirectoryProvider is UserDirectoryProvider that authenticates usernames using Kerberos.

For more information on configuration, see the README.txt file

Version:
$Revision: 5804 $
Author:
University of Michigan, Sakai Software Development Team

Nested Class Summary
protected  class KerberosUserDirectoryProvider.SakaiCallbackHandler
          Inner Class SakaiCallbackHandler Get the user id and password information for authentication purpose.
 
Field Summary
protected  int m_cachettl
          Configuration: Cachettl
protected  String m_domain
          Configuration: Domain
protected  String m_knownusermsg
          Configuration: KnownUserMsg
protected  Logger m_logger
          Dependency: logging service
protected  String m_logincontext
          Configuration: LoginContext
protected  boolean m_requirelocalaccount
          Configuration: RequireLocalAccount
 
Constructor Summary
KerberosUserDirectoryProvider()
           
 
Method Summary
protected  boolean authenticateKerberos(String user, String pw)
          Authenticate the user id and pw with Kerberos.
 boolean authenticateUser(String userId, UserEdit edit, String password)
          Authenticate a user / password.
 boolean authenticateWithProviderFirst(String id)
          Whether to check provider or internal data first when authenticating a user
 boolean createUserRecord(String id)
          If user record cannot be found in by UserDirectoryService, can the service create the user record?
 void destroy()
          Returns to uninitialized state.
 void destroyAuthentication()
          Remove any authentication traces for the current user / request
 String encode(String plaintext)
          Hash string for storage in a cache using SHA
 boolean findUserByEmail(UserEdit edit, String email)
          Find a user object who has this email address.
 boolean getUser(UserEdit edit)
          Access a user object.
 void getUsers(Collection users)
          Access a collection of UserEdit objects; if the user is found, update the information, otherwise remove the UserEdit object from the collection.
 void init()
          Final initialization, once all dependencies are set.
 void setCachettl(int cachettl)
          Configuration: Cache TTL
 void setDomain(String domain)
          Configuration: Domain Name (for E-Mail Addresses)
 void setKnownUserMsg(String knownusermsg)
          Configuration: Kerberos Error Message
 void setLogger(Logger service)
          Dependency: logging service.
 void setLoginContext(String logincontext)
          Configuration: Authentication Name
 void setRequireLocalAccount(Boolean requirelocalaccount)
          Configuration: Require Local Account
 boolean updateUserAfterAuthentication()
          Will this provider update user records on successful authentication?
 boolean userExists(String userId)
          See if a user by this id exists.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

m_logger

protected Logger m_logger
Dependency: logging service


m_domain

protected String m_domain
Configuration: Domain


m_logincontext

protected String m_logincontext
Configuration: LoginContext


m_requirelocalaccount

protected boolean m_requirelocalaccount
Configuration: RequireLocalAccount


m_knownusermsg

protected String m_knownusermsg
Configuration: KnownUserMsg


m_cachettl

protected int m_cachettl
Configuration: Cachettl

Constructor Detail

KerberosUserDirectoryProvider

public KerberosUserDirectoryProvider()
Method Detail

setLogger

public void setLogger(Logger service)
Dependency: logging service.

Parameters:
service - The logging service.

setDomain

public void setDomain(String domain)
Configuration: Domain Name (for E-Mail Addresses)

Parameters:
domain - The domain in the form of "domain.tld"

setLoginContext

public void setLoginContext(String logincontext)
Configuration: Authentication Name

Parameters:
logincontext - The context to be used from the login.config file - default "KerberosAuthentication"

setRequireLocalAccount

public void setRequireLocalAccount(Boolean requirelocalaccount)
Configuration: Require Local Account

Parameters:
requirelocalaccount - Determine if a local account is required for user to authenticate - default "true"

setKnownUserMsg

public void setKnownUserMsg(String knownusermsg)
Configuration: Kerberos Error Message

Parameters:
knownusermsg - Start of error returned for bad logins by known users - default is from RFC 1510

setCachettl

public void setCachettl(int cachettl)
Configuration: Cache TTL

Parameters:
cachettl - Time (in milliseconds) to cache authenticated usernames - default is 300000 ms (5 minutes)

init

public void init()
Final initialization, once all dependencies are set.


destroy

public void destroy()
Returns to uninitialized state. You can use this method to release resources thet your Service allocated when Turbine shuts down.


userExists

public boolean userExists(String userId)
See if a user by this id exists.

Specified by:
userExists in interface UserDirectoryProvider
Parameters:
userId - The user id string.
Returns:
true if a user by this id exists, false if not.

getUser

public boolean getUser(UserEdit edit)
Access a user object. Update the object with the information found.

Specified by:
getUser in interface UserDirectoryProvider
Parameters:
edit - The user object (id is set) to fill in.
Returns:
true if the user object was found and information updated, false if not.

getUsers

public void getUsers(Collection users)
Access a collection of UserEdit objects; if the user is found, update the information, otherwise remove the UserEdit object from the collection.

Specified by:
getUsers in interface UserDirectoryProvider
Parameters:
users - The UserEdit objects (with id set) to fill in or remove.

findUserByEmail

public boolean findUserByEmail(UserEdit edit,
                               String email)
Find a user object who has this email address. Update the object with the information found.

Specified by:
findUserByEmail in interface UserDirectoryProvider
Parameters:
email - The email address string.
Returns:
true if the user object was found and information updated, false if not.

authenticateUser

public boolean authenticateUser(String userId,
                                UserEdit edit,
                                String password)
Authenticate a user / password. Check for an "valid, previously authenticated" user in in-memory table.

Specified by:
authenticateUser in interface UserDirectoryProvider
Parameters:
edit - The UserEdit matching the id to be authenticated (and updated) if we have one.
password - The password.
userId - The user id.
Returns:
true if authenticated, false if not.

destroyAuthentication

public void destroyAuthentication()
Remove any authentication traces for the current user / request

Specified by:
destroyAuthentication in interface UserDirectoryProvider

updateUserAfterAuthentication

public boolean updateUserAfterAuthentication()
Will this provider update user records on successful authentication? If so, the UserDirectoryService will cause these updates to be stored.

Specified by:
updateUserAfterAuthentication in interface UserDirectoryProvider
Returns:
true if the user record may be updated after successful authentication, false if not.

authenticateKerberos

protected boolean authenticateKerberos(String user,
                                       String pw)
Authenticate the user id and pw with Kerberos.

Parameters:
user - The user id.
Returns:
true if successful, false if not.

authenticateWithProviderFirst

public boolean authenticateWithProviderFirst(String id)
Whether to check provider or internal data first when authenticating a user

Specified by:
authenticateWithProviderFirst in interface UserDirectoryProvider
Returns:
true if provider data is checked first, false if otherwise

createUserRecord

public boolean createUserRecord(String id)
If user record cannot be found in by UserDirectoryService, can the service create the user record?

Specified by:
createUserRecord in interface UserDirectoryProvider

encode

public String encode(String plaintext)

Hash string for storage in a cache using SHA

Returns:
encoded hash of string