Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

blackboard.platform.security.authentication
Class BaseAuthenticationModule

java.lang.Object
  |
  +--blackboard.platform.security.authentication.BaseAuthenticationModule
All Implemented Interfaces:
HttpAuthModule
public class BaseAuthenticationModule
extends java.lang.Object
implements HttpAuthModule

Implementation class for the default authentication provider for Blackboard Learning System, also known as RDBMS Authentication. This class can be used as the base class for implementations that will use the Blackboard database as the user directory.

Version:
$Revision: 6 $ $Date: 11/12/03 2:45p $
See Also:
HttpAuthModule

Field Summary
protected static java.lang.String _authTypeDisplayStr
          Used internally by this module.
protected  HttpAuthConfig _config
          Member variable used to access HttpAuthConfig information.
protected  LogService _logger
          Member variable to write log message to the LogService.
protected static java.util.ResourceBundle _resBundle
          Used internally by this module.
static java.lang.String IMPL_CLASS_KEY
          Used internally by this module.
static java.lang.String USE_CHALLENGE_KEY
          Used internally by this module.
 
Constructor Summary
BaseAuthenticationModule()
          Simple default constructor.
 
Method Summary
protected  void assertRequestAuthenticate()
          Wrapper for any assertions that should be made before authentication request.
protected  java.lang.String authenticate(java.lang.String userName, java.lang.String userToken, SessionStub sessionStub, boolean useChallenge)
          Method to support native authentication.
protected  java.lang.String doAuthenticate(java.util.Hashtable authenticateParams, SessionStub sessionStub, boolean useChallenge)
          Implementation specific version of doAuthenticate which does additional checking before calling authenticate.
 java.lang.String doAuthenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Performs the work of authentication.
 void doLogout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Implementation method.
 java.lang.String getAuthType()
          Returns a String identifier for the authentication type for a given implementation of HttpAuthModule
protected  java.lang.String getConfigErrs()
          Collects errors from loading configuration properties for this authentication type.
 boolean getCreateAccountAllowed(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          getCreateAccountAllowed() Determines based on configuration information, whether users may create new accounts.
static java.lang.String getDefaultAuthType()
          Return the default authentication type
protected  java.util.Hashtable getDoAuthenticateParams(javax.servlet.http.HttpServletRequest request)
          Gets the authentication parameters from the request object.
 java.lang.String[] getPropKeys()
          Returns a String array of the keys to this authentication module's configuration properties file.
protected  java.lang.String getRequestAuthenticateUri(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          getRequestAuthenticateURI Indicates the target resource that should receive the current request.
protected  java.lang.String getSubConfigErrs()
          Collects errors from loading nested configuration properties for this authentication type.
 boolean getUseChallenge()
          Determines based on configuration information, whether to use challenge-response authentication.
 void init(ConfigurationService cfg)
          Initializes authentication module.
 boolean isAuthenticated(javax.servlet.http.HttpServletRequest request)
          Deprecated.  
 boolean isExternalAuth()
          Can be used by subclasses to determine whether or not the authentication module is an external authentication module.
 void requestAuthenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Implementation method.
 void setConfig(HttpAuthConfig config)
          Sets the configuration properties for this authentication type.
protected  void setGlobalKeys(javax.servlet.http.HttpServletRequest request)
          Set whatever key-value pairs need to be stored for the current session.
protected  void validateConfig()
          Validates that the configuration properties for this authentication type have been loaded correctly.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

_authTypeDisplayStr

protected static java.lang.String _authTypeDisplayStr
Used internally by this module.

IMPL_CLASS_KEY

public static final java.lang.String IMPL_CLASS_KEY
Used internally by this module.

See Also:
Constant Field Values

USE_CHALLENGE_KEY

public static final java.lang.String USE_CHALLENGE_KEY
Used internally by this module.

See Also:
Constant Field Values

_resBundle

protected static java.util.ResourceBundle _resBundle
Used internally by this module.

_logger

protected LogService _logger
Member variable to write log message to the LogService. Can be used by subclasses that need to write log messages.

_config

protected HttpAuthConfig _config
Member variable used to access HttpAuthConfig information. Can be used by subclasses that need information from this object.

Constructor Detail

BaseAuthenticationModule

public BaseAuthenticationModule()
Simple default constructor. This constructor must be public because HttpAuthManager calls Class.newInstance().

Method Detail

init

public void init(ConfigurationService cfg)
Initializes authentication module.

Specified by:
init in interface HttpAuthModule
Parameters:
cfg - The ConfigurationService for this installation.

setConfig

public void setConfig(HttpAuthConfig config)
Sets the configuration properties for this authentication type.

Specified by:
setConfig in interface HttpAuthModule
Parameters:
config - The HttpAuthConfig object containing all authentication properties for this authentication type.

validateConfig

protected void validateConfig()
                       throws BbInsufficientArgs
Validates that the configuration properties for this authentication type have been loaded correctly.

BbInsufficientArgs

getConfigErrs

protected java.lang.String getConfigErrs()
Collects errors from loading configuration properties for this authentication type.

getSubConfigErrs

protected java.lang.String getSubConfigErrs()
Collects errors from loading nested configuration properties for this authentication type.

getPropKeys

public java.lang.String[] getPropKeys()
Returns a String array of the keys to this authentication module's configuration properties file.

Specified by:
getPropKeys in interface HttpAuthModule

isExternalAuth

public boolean isExternalAuth()
Can be used by subclasses to determine whether or not the authentication module is an external authentication module. This implementation returns false.

isAuthenticated

public boolean isAuthenticated(javax.servlet.http.HttpServletRequest request)
                        throws BbSecurityException
Deprecated.  

Stub implementation to satisfy interface. This implementation always returns true. Subclasses should not override this method.

Specified by:
isAuthenticated in interface HttpAuthModule
Parameters:
request - the request to validate
Returns:
true if the session token is present
Throws:
BbSecurityException - never thrown by this implementation. Included here for completeness
BbSecurityException
See Also:
blackboard.platform.session.BbSession.isAuthenticated

doAuthenticate

public java.lang.String doAuthenticate(javax.servlet.http.HttpServletRequest request,
                                       javax.servlet.http.HttpServletResponse response)
                                throws BbSecurityException,
                                       BbAuthenticationFailedException,
                                       BbCredentialsNotFoundException
Performs the work of authentication. Parses the Authorization string out of the request, calls doAuthenticate( Hashtable, SessionStub, boolean) which submits username and password to the authenticate method.

Specified by:
doAuthenticate in interface HttpAuthModule
Parameters:
request - the request containing auth credentials
response - the response object associated with the current HTTP transaction. This object is not used in this implementation
Returns:
Current user key
Throws:
BbSecurityException - thrown if an external error prevents authentication from occurring.
BbCredentialsNotFoundException - thrown if no credentials were found in the request
BbAuthenticationFailedException - thrown if authentication failed (i.e., wrong password)

doAuthenticate

protected java.lang.String doAuthenticate(java.util.Hashtable authenticateParams,
                                          SessionStub sessionStub,
                                          boolean useChallenge)
                                   throws BbSecurityException,
                                          BbAuthenticationFailedException,
                                          BbCredentialsNotFoundException
Implementation specific version of doAuthenticate which does additional checking before calling authenticate.

Parameters:
sessionStub - -- Session information
useChallenge - -- boolean to signify whether or not authentication is configured for challenge-response
BbSecurityException
BbAuthenticationFailedException
BbCredentialsNotFoundException

getDoAuthenticateParams

protected java.util.Hashtable getDoAuthenticateParams(javax.servlet.http.HttpServletRequest request)
Gets the authentication parameters from the request object.

Returns:
Hashtable Returns authenticate parameters, extracted from the request object.

requestAuthenticate

public void requestAuthenticate(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response)
                         throws BbSecurityException
Implementation method. Stores the requested URL in session for the login JSP to forward. The request is typically redirected to the URI /webapps/login/login.jsp.

Specified by:
requestAuthenticate in interface HttpAuthModule
Parameters:
request - The current HTTP request object. Used to get the session object
response - The response on which to set SC_UNAUTHORIZED
Throws:
BbSecurityException - thrown if a run-time error prevents the method from completing.
BbSecurityException
See Also:
HttpServletResponse.SC_UNAUTHORIZED

assertRequestAuthenticate

protected void assertRequestAuthenticate()
                                  throws BbSecurityException
Wrapper for any assertions that should be made before authentication request. Checks to make sure the configuration has been set.

Throws:
BbSecurityException - if the configuration has not been set

getRequestAuthenticateUri

protected java.lang.String getRequestAuthenticateUri(javax.servlet.http.HttpServletRequest request,
                                                     javax.servlet.http.HttpServletResponse response)
                                              throws java.io.IOException,
                                                     java.lang.SecurityException,
                                                     java.io.FileNotFoundException,
                                                     PersistenceException
getRequestAuthenticateURI Indicates the target resource that should receive the current request. This implementation returns the default login URI for the installation.

java.io.IOException
java.lang.SecurityException
java.io.FileNotFoundException
PersistenceException

doLogout

public void doLogout(javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response)
              throws BbSecurityException
Implementation method. Clears the authentication token from the session.

Specified by:
doLogout in interface HttpAuthModule
Parameters:
request - the current HTTP request. Used to obtain a session handle.
response - the current HTTP response. Passed for completeness, not used.
Throws:
blackboard.platform.security.authentication.BbSecurityExceptionincluded - for completeness. --This implementation will never throw this exception
BbSecurityException - thrown if an error occurs performing the implementation-specific invalidation

authenticate

protected java.lang.String authenticate(java.lang.String userName,
                                        java.lang.String userToken,
                                        SessionStub sessionStub,
                                        boolean useChallenge)
                                 throws BbAuthenticationFailedException,
                                        BbSecurityException
Method to support native authentication. Uses credentials to look up a user's key in the database. If the system is configured to use the challenge-response protocol, the password provided by the caller is expected to be a hexadecimal string representing the message digest of the string M(M(password) + server token) where M is the hashing algorithm (MD5), password is the clear text password entered by the user, and server token is a digested string generated as a pseudo-random server variable. The comparison is done by taking all of the corresponding values stored on the server and re-generating the string. If the hashed version from the client matches the version calcualated by the server, the login is successful. If challenge-response is not used, the processing is greatly simplified: the password is in clear text. The method digests it and compares it against the hashed value stored in the database.

Parameters:
userName - User name
userToken - this should be either clear text password or hash, depending on the result from RDBMSAuthUtil.useChallenge().
Returns:
User key used to load user.
Throws:
blackboard.platform.security.BbAuthenticationFailedException
BbAuthenticationFailedException
BbSecurityException

getCreateAccountAllowed

public boolean getCreateAccountAllowed(javax.servlet.http.HttpServletRequest request,
                                       javax.servlet.http.HttpServletResponse response)
getCreateAccountAllowed() Determines based on configuration information, whether users may create new accounts.

getUseChallenge

public boolean getUseChallenge()
Determines based on configuration information, whether to use challenge-response authentication.

getAuthType

public java.lang.String getAuthType()
Returns a String identifier for the authentication type for a given implementation of HttpAuthModule

Specified by:
getAuthType in interface HttpAuthModule

getDefaultAuthType

public static java.lang.String getDefaultAuthType()
Return the default authentication type

setGlobalKeys

protected void setGlobalKeys(javax.servlet.http.HttpServletRequest request)
                      throws PersistenceException
Set whatever key-value pairs need to be stored for the current session. Subclasses should override this method only if needed. This module provides a null implementation of this method.

PersistenceException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2003 Blackboard, Inc. All Rights Reserved.