Class DefaultAuthenticationService

All Implemented Interfaces:
AuthenticationService, Serializable, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.InitializingBean

public class DefaultAuthenticationService extends AbstractBusinessService implements AuthenticationService
Implementation backed by a UserManager
See Also:
  • Field Details

    • LOGIN_ANONYMOUS_ALWAYS_DISABLED

      public static final String LOGIN_ANONYMOUS_ALWAYS_DISABLED
      Configuration constant for login.anonymous.always.disabled/ which allows changing the (default) disabling of the anonymous account.
      See Also:
  • Constructor Details

    • DefaultAuthenticationService

      public DefaultAuthenticationService()
  • Method Details

    • login

      public UserModel login(String login, String password) throws InvalidCredentialsException
      Description copied from interface: AuthenticationService
      login the user identified with login and password. login means the credentials are checked and the user is being set as current user on the session (see UserService.setCurrentUser(UserModel)) Implementation note: The default implementation checks against the Jalo user UID and the password.
      Specified by:
      login in interface AuthenticationService
      Parameters:
      login - the login
      password - the password
      Returns:
      the same usermodel that is also set as current user in the session
      Throws:
      InvalidCredentialsException - if username/login does not match
    • checkCredentials

      public UserModel checkCredentials(String login, String password) throws InvalidCredentialsException
      Description copied from interface: AuthenticationService
      check credentials. this method does not set the user on the current session.
      Specified by:
      checkCredentials in interface AuthenticationService
      Parameters:
      login - the login
      password - the password
      Returns:
      the UserModel
      Throws:
      InvalidCredentialsException - if username/login does not match
    • logout

      public void logout()
      Description copied from interface: AuthenticationService
      log out the current user. this closes the underlaying session
      Specified by:
      logout in interface AuthenticationService
    • buildInvalidCredentialsException

      protected InvalidCredentialsException buildInvalidCredentialsException()
      for security reasons we should throw same exception for both cases:
    • user not found
    • password does not match You can overwrite this method and adapt the exception and/or test that should be thrown in this case
    • Returns:
      InvalidCredentialsException
    • buildInvalidCredentialsException

      protected InvalidCredentialsException buildInvalidCredentialsException(String message)
    • setUserService

      public void setUserService(UserService userService)
    • setPasswordEncoderService

      public void setPasswordEncoderService(PasswordEncoderService passwordEncoderService)