Package no.polaric.core.auth

Class HmacAuthenticator

java.lang.Object

no.polaric.core.auth.HmacAuthenticator

All Implemented Interfaces:

org.pac4j.core.credentials.authenticator.Authenticator

public class HmacAuthenticator
extends Object
implements org.pac4j.core.credentials.authenticator.Authenticator

Authenticator using a SHA-256 HMAC. Implements Arctic-HMAC authentication.

Field Summary

Fields inherited from interface org.pac4j.core.credentials.authenticator.Authenticator

ALWAYS_VALIDATE, NEVER_VALIDATE

Constructor Summary

Constructors

Constructor	Description
HmacAuthenticator(ServerConfig conf, String dfile, String ufile, UserDb lu)

Method Summary

Modifier and Type	Method	Description
final HttpRequest.Builder	addAuth(HttpRequest.Builder bld, String body, String userid)	Add 'Authorization' header to http request
final String	authString(String body, String userid)	Generate an authentication string to use in a URL.
final User	checkAuth(String userid, String nonce, String rmac, String data)	Check authentication fields: userid, nonce, hmac and data)
final void	expireUserKey(String userid)	Expire session-key for a user if older than MAX_SESSION_LENGTH.
Group	getRole(User u, String rname)
final String	getUserKey(String userid)	Get session-key for a user
Set<String>	getUserLogins()
void	saveLogins()	Save keys to file.
final void	setUserKey(String userid, String key)	Set session-key for a user.
protected void	throwsException(String message)
Optional<org.pac4j.core.credentials.Credentials>	validate(org.pac4j.core.context.CallContext ctx, org.pac4j.core.credentials.Credentials cred)	Validate credentials (do authentication).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

HmacAuthenticator

public HmacAuthenticator(ServerConfig conf,
 String dfile,
 String ufile,
 UserDb lu)

Method Details

getUserKey

public final String getUserKey(String userid)

Get session-key for a user

setUserKey

public final void setUserKey(String userid,
 String key)

Set session-key for a user. This is done when user successfully logs in. A timestamp is also set to be able to expire the session.

expireUserKey

public final void expireUserKey(String userid)

Expire session-key for a user if older than MAX_SESSION_LENGTH. If expired, remove the session-key and the user-login.

saveLogins

public void saveLogins()

Save keys to file. Assume that these are personal user-logins.

getUserLogins

public Set<String> getUserLogins()

validate

public Optional<org.pac4j.core.credentials.Credentials> validate(org.pac4j.core.context.CallContext ctx,
 org.pac4j.core.credentials.Credentials cred)
                                                          throws org.pac4j.core.exception.CredentialsException

Validate credentials (do authentication).

Specified by:

validate in interface org.pac4j.core.credentials.authenticator.Authenticator

Throws:

org.pac4j.core.exception.CredentialsException

getRole

public Group getRole(User u,
 String rname)

checkAuth

public final User checkAuth(String userid,
 String nonce,
 String rmac,
 String data)
                     throws org.pac4j.core.exception.CredentialsException

Check authentication fields: userid, nonce, hmac and data)

Throws:

org.pac4j.core.exception.CredentialsException

authString

public final String authString(String body,
 String userid)

Generate an authentication string to use in a URL. Consists of: - userid - nonce: Base64 encoded 8 byte random number. - hmac: Base64 encoded hmac-digest based on nonce+data and a secret key. Truncated to 44 characters.

addAuth

public final HttpRequest.Builder addAuth(HttpRequest.Builder bld,
 String body,
 String userid)

Add 'Authorization' header to http request

throwsException

protected void throwsException(String message)
                        throws org.pac4j.core.exception.CredentialsException

Throws:

org.pac4j.core.exception.CredentialsException