Interface LocalCredentialVerificator
- All Superinterfaces:
CredentialExchange
,CredentialVerificator
,DescribedObject
,NamedObject
,StringConfigurable
- All Known Implementing Classes:
AbstractLocalVerificator
Verificator of local credentials. Such verificators must have
local credential name set. Additionally local verificators are responsible for credential
handling, i.e. storing the raw credential or its configuration in DB and verification of the credential state.
Those two aspects are merged into one implementation on purpose: both local credential verification and storage of credential data in database is tightly bound together. E.g. password hashed and salted in the DB must be verified using the same hashing and salting.
The information about the supported CredentialType
is created automatically from the name and description
of this object implementation.
- Author:
- K. Benedyczak
-
Nested Class Summary
Nested classes/interfaces inherited from interface pl.edu.icm.unity.engine.api.authn.CredentialVerificator
CredentialVerificator.VerificatorType
-
Method Summary
Modifier and TypeMethodDescriptioncheckCredentialState
(String currentCredential) invalidate
(String currentCredential) This method is called only for credentials supporting invalidation.boolean
isCredentialDefinitionChagneOutdatingCredentials
(String newCredentialDefinition) Should check if change of credential definition (config) from the currently set to the given as argument may render credential instances invalid or not.boolean
isCredentialSet
(EntityParam entity) Check if credential is setboolean
prepareCredential
(String rawCredential, String currentCredential, boolean verifyNew) Prepares the credential for DB insertion.void
setCredentialName
(String credential) Sets credential definition name for this verificator.updateCredentialAfterConfigurationChange
(String currentCredential) Returns optionally changed argument credential, which can be transformed after the change of configuration.Methods inherited from interface pl.edu.icm.unity.engine.api.authn.CredentialExchange
getExchangeId
Methods inherited from interface pl.edu.icm.unity.engine.api.authn.CredentialVerificator
getType, setIdentityResolver, setInstanceName
Methods inherited from interface pl.edu.icm.unity.types.DescribedObject
getDescription
Methods inherited from interface pl.edu.icm.unity.types.NamedObject
getName
Methods inherited from interface pl.edu.icm.unity.engine.api.utils.StringConfigurable
getSerializedConfiguration, setSerializedConfiguration
-
Method Details
-
getCredentialName
String getCredentialName()- Returns:
- the name of the credential definition associated with this verificator
-
setCredentialName
Sets credential definition name for this verificator. This is only required to perform resolving of the client's identity, to get a proper credential. It is irrelevant for credential's storage. -
prepareCredential
String prepareCredential(String rawCredential, String currentCredential, boolean verifyNew) throws IllegalCredentialException, InternalException Prepares the credential for DB insertion. The credential value can be arbitrary, typically in JSON. Output also. For instance the input can be a password, output a hashed and salted version- Parameters:
rawCredential
- the new credential valuecurrentCredential
- the existing credential, encoded in the database specific way. May be empty or null, when there is no existing credential recorded in DB.verifyNew
- we can set new credential without its verification- Returns:
- string which will be persisted in the database and will be used for verification
- Throws:
IllegalCredentialException
- if the new credential is not validInternalException
-
checkCredentialState
- Parameters:
currentCredential
- current credential as recorded in database- Returns:
- the current state of the credential, wrt the configuration of the verificator
- Throws:
InternalException
-
updateCredentialAfterConfigurationChange
Returns optionally changed argument credential, which can be transformed after the change of configuration. It can be assumed that argument credential was created with some old configuration and that the current object is configured with the new one. -
isSupportingInvalidation
boolean isSupportingInvalidation()- Returns:
- If the instances can be put into the
LocalCredentialState.outdated
state.
-
invalidate
This method is called only for credentials supporting invalidation.- Parameters:
currentCredential
- the current credential value as stored in DB.- Returns:
- the invalidated credential value, to be stored in database.
-
isCredentialSet
Check if credential is set- Throws:
EngineException
-
isCredentialDefinitionChagneOutdatingCredentials
Should check if change of credential definition (config) from the currently set to the given as argument may render credential instances invalid or not.
-