Jive Messenger 2.2.2 Javadoc

org.jivesoftware.messenger.auth
Class AuthFactory

java.lang.Object
  extended by org.jivesoftware.messenger.auth.AuthFactory

public class AuthFactory
extends Object

Authentication service. Users of Jive that wish to change the AuthProvider implementation used to authenticate users can set the AuthProvider.className Jive property. For example, if you have altered Jive to use LDAP for user information, you'd want to send a custom implementation of AuthFactory to make LDAP authToken queries. After changing the AuthProvider.className Jive property, you must restart your application server.

The getAuthToken method that takes servlet request and response objects as arguments can be used to implement single sign-on. Additionally, two helper methods are provided for securely encrypting and decrypting login information so that it can be stored as a cookie value to implement auto-login.

Author:
Matt Tucker

Constructor Summary
AuthFactory()
           
 
Method Summary
static AuthToken authenticate(String username, String password)
          Authenticates a user with a username and plain text password and returns and AuthToken.
static AuthToken authenticate(String username, String token, String digest)
          Authenticates a user with a username, token, and digest and returns an AuthToken.
static String createDigest(String token, String password)
          Returns a digest given a token and password, according to JEP-0078.
static boolean isDigestSupported()
          Returns true if the currently installed AuthProvider supports digest authentication according to JEP-0078.
static boolean isPlainSupported()
          Returns true if the currently installed AuthProvider supports authentication using plain-text passwords according to JEP-0078.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AuthFactory

public AuthFactory()
Method Detail

isPlainSupported

public static boolean isPlainSupported()
Returns true if the currently installed AuthProvider supports authentication using plain-text passwords according to JEP-0078. Plain-text authentication is not secure and should generally only be used over a TLS/SSL connection.

Returns:
true if plain text password authentication is supported.

isDigestSupported

public static boolean isDigestSupported()
Returns true if the currently installed AuthProvider supports digest authentication according to JEP-0078.

Returns:
true if digest authentication is supported.

authenticate

public static AuthToken authenticate(String username,
                                     String password)
                              throws UnauthorizedException
Authenticates a user with a username and plain text password and returns and AuthToken. If the username and password do not match the record of any user in the system, this method throws an UnauthorizedException.

Parameters:
username - the username.
password - the password.
Returns:
an AuthToken token if the username and password are correct.
Throws:
UnauthorizedException - if the username and password do not match any existing user.

authenticate

public static AuthToken authenticate(String username,
                                     String token,
                                     String digest)
                              throws UnauthorizedException
Authenticates a user with a username, token, and digest and returns an AuthToken. The digest should be generated using the createDigest(String, String) method. If the username and digest do not match the record of any user in the system, the method throws an UnauthorizedException.

Parameters:
username - the username.
token - the token that was used with plain-text password to generate the digest.
digest - the digest generated from plain-text password and unique token.
Returns:
an AuthToken token if the username and digest are correct for the user's password and given token.
Throws:
UnauthorizedException - if the username and password do not match any existing user.

createDigest

public static String createDigest(String token,
                                  String password)
Returns a digest given a token and password, according to JEP-0078.

Parameters:
token - the token used in the digest.
password - the plain-text password to be digested.
Returns:
the digested result as a hex string.

Jive Messenger 2.2.2 Javadoc

Copyright © 1999-2004 Jive Software.