pl.edu.icm.unity.engine.api.authn.local

Interface LocalCredentialVerificator

All Superinterfaces:

CredentialExchange, CredentialVerificator, pl.edu.icm.unity.types.DescribedObject, pl.edu.icm.unity.types.NamedObject, StringConfigurable

All Known Implementing Classes:

AbstractLocalVerificator

public interface LocalCredentialVerificator
extends CredentialVerificator

Verificator of local credentials. Such verificators must have local credential name set. Additionally local verificators are responsible for credential handling, i.e. storing the raw credential or its configuration in DB and verification of the credential state.

Those two aspects are merged into one implementation on purpose: both local credential verification and storage of credential data in database is tightly bound together. E.g. password hashed and salted in the DB must be verified using the same hashing and salting.

The information about the supported CredentialType is created automatically from the name and description of this object implementation.

Author:

K. Benedyczak

Method Summary

Modifier and Type	Method and Description
pl.edu.icm.unity.types.authn.CredentialPublicInformation	checkCredentialState(String currentCredential)
String	getCredentialName()
String	invalidate(String currentCredential) This method is called only for credentials supporting invalidation.
boolean	isSupportingInvalidation()
String	prepareCredential(String rawCredential, String currentCredential) As prepareCredential(String, String, String) but called whenever verification of the existing password is not required.
String	prepareCredential(String rawCredential, String previousCredential, String currentCredential) Prepares the credential for DB insertion.
void	setCredentialName(String credential) Sets credential definition name for this verificator.

Methods inherited from interface pl.edu.icm.unity.engine.api.authn.CredentialVerificator

setIdentityResolver, setInstanceName

Methods inherited from interface pl.edu.icm.unity.engine.api.authn.CredentialExchange

getExchangeId

Methods inherited from interface pl.edu.icm.unity.types.DescribedObject

getDescription

Methods inherited from interface pl.edu.icm.unity.types.NamedObject

getName

Methods inherited from interface pl.edu.icm.unity.engine.api.utils.StringConfigurable

getSerializedConfiguration, setSerializedConfiguration

Method Detail

getCredentialName

String getCredentialName()

Returns:

the name of the credential definition associated with this verificator

setCredentialName

void setCredentialName(String credential)

Sets credential definition name for this verificator. This is only required to perform resolving of the client's identity, to get a proper credential. It is irrelevant for credential's storage.

Parameters:

credential -

prepareCredential

String prepareCredential(String rawCredential,
                         String previousCredential,
                         String currentCredential)
                  throws pl.edu.icm.unity.exceptions.IllegalCredentialException,
                         pl.edu.icm.unity.exceptions.InternalException

Prepares the credential for DB insertion. The credential value can be arbitrary, typically in JSON. Output also. For instance the input can be a password, output a hashed and salted version

Parameters:

rawCredential - the new credential value

previousCredential - the existing credential value. It is only used to recheck the credential before the sensitive credential check operation. In some cases it can be not needed, then is ignored.

currentCredential - the existing credential, encoded in the database specific way. May be empty or null, when there is no existing credential recorded in DB.

Returns:

string which will be persisted in the database and will be used for verification

Throws:

pl.edu.icm.unity.exceptions.IllegalCredentialException - if the new credential is not valid

pl.edu.icm.unity.exceptions.InternalException

prepareCredential

String prepareCredential(String rawCredential,
                         String currentCredential)
                  throws pl.edu.icm.unity.exceptions.IllegalCredentialException,
                         pl.edu.icm.unity.exceptions.InternalException

As prepareCredential(String, String, String) but called whenever verification of the existing password is not required.

Parameters:

rawCredential -

currentCredential -

Returns:

Throws:

pl.edu.icm.unity.exceptions.IllegalCredentialException

pl.edu.icm.unity.exceptions.InternalException

checkCredentialState

pl.edu.icm.unity.types.authn.CredentialPublicInformation checkCredentialState(String currentCredential)
                                                                       throws pl.edu.icm.unity.exceptions.InternalException

Parameters:

currentCredential - current credential as recorded in database

Returns:

the current state of the credential, wrt the configuration of the verificator

Throws:

pl.edu.icm.unity.exceptions.InternalException

isSupportingInvalidation

boolean isSupportingInvalidation()

Returns:

If the instances can be put into the LocalCredentialState.outdated state.

invalidate

String invalidate(String currentCredential)

This method is called only for credentials supporting invalidation.

Parameters:

currentCredential - the current credential value as stored in DB.

Returns:

the invalidated credential value, to be stored in database.