File Doc Category Size Date Package
AuthenticationController.java API Doc Apache Lucene 2.1.0 4987 Wed Feb 14 10:46:06 GMT 2007 org.apache.lucene.gdata.server.authentication

AuthenticationController

public interface AuthenticationController implements org.apache.lucene.gdata.server.registry.ServerComponent

Implementations of the AuthenticationController interface contain all the logic for processing token based authentification. A token is an encoded unique String value passed back to the client if successfully authenticated. Clients provide account name, password, the requested service and the name of the application used for accessing the the gdata service.

The algorithmn to create and reauthenticate the token can be choosen by the implementor.
This interface extends {@link org.apache.lucene.gdata.server.registry.ServerComponent} e.g. implementing classes can be registered as a {@link org.apache.lucene.gdata.server.registry.Component} in the {@link org.apache.lucene.gdata.server.registry.GDataServerRegistry} to be accessed via the provided lookup service

see: org.apache.lucene.gdata.server.authentication.BlowfishAuthenticationController
author: Simon Willnauer

Fields Summary
public static final String
AUTHORIZATION_HEADER
The header name containing the authentication token provided by the client
public static final String
ACCOUNT_PARAMETER
Authentication parameter for the account name. Provided by the client to recieve the auth token.
public static final String
PASSWORD_PARAMETER
Authentication parameter for the account password. Provided by the client to recieve the auth token.
public static final String
SERVICE_PARAMETER
Authentication parameter for the requested service. Provided by the client to recieve the auth token.
public static final String
APPLICATION_PARAMETER
Authentication parameter for the application name of the clients application. This is just used for loggin purposes
public static final String
TOKEN_KEY
The key used for respond the auth token to the client. Either as a cookie (key as cookie name) or as plain response (TOKEN_KEY=TOKEN)
Constructors Summary
Methods Summary
public abstract java.lang.String authenticatAccount(org.apache.lucene.gdata.data.GDataAccount account, java.lang.String requestIp)
Creates a authentication token for the given account. The token will be calculated based on a part of the clients ip address, the account role and the account name and the time in millisecond at the point of creation.
param
account - the account to create the token for
param
requestIp - the clients request ip address
return
- a BASE64 encoded authentification token
public abstract boolean authenticateToken(java.lang.String token, java.lang.String requestIp, org.apache.lucene.gdata.data.GDataAccount.AccountRole role, java.lang.String accountName)
Authenticates the given auth token and checks the given parameter for matching the information contained inside the token.
if the given account name is null the authentication will ignore the account name and the decision whether the token is valid or not will be based on the given role compared to the role inside the token
param
token - the token to authenticate
param
requestIp - the client request IP address
param
role - the required role
param
accountName - the name of the account
return
true if the given values match the values inside the token and if the timestamp plus the configured timeout is greater than the current time, if one of the values does not match or the token has timed out it will return false