Package org.apereo.cas.authentication.handler
The handler package contains the classes used to authenticate a user. It contains
the AuthenticationHandler interface which is used to validate credential. It also
contains the PasswordEncoders which are used by implementations of the AuthenticationHandler
to provide conversion from plain text to whatever the password is encoded as in the data
store.
The package also contains a well-defined exception hierarchy to allow fine-grained error
messages to be displayed.
Examples of AuthenticationHandlers implementations:
- If the credential are a Userid and Password, then it submits them to an external Kerberos, LDAP, or JDBC authority for validation.
- If the credential are a Certificate, then it verifies the Issuer chain against some list of reliable CAs, checks the date to make sure it hasn't expired, and checks the CRL to make sure it wasn't revoked.
- If authentication has been done by the Servlet Container or by a Filter, then the Credentials have been extracted from the HttpRequest object. Notably, this will include the REMOTE_USER. Such Credentials are implicitly trusted and self validating, so an AuthenticationHandler recognizing such an object will indicate that it is valid without inspecting its contents.
- Since:
- 3.0
-
Class Summary Class Description ByCredentialSourceAuthenticationHandlerResolver This isByCredentialSourceAuthenticationHandlerResolver
that attempts to capture the source from the credential and limit the handlers to the matching source.ByCredentialTypeAuthenticationHandlerResolver DefaultAuthenticationHandlerResolver This isDefaultAuthenticationHandlerResolver
.GroovyAuthenticationHandlerResolver This isGroovyAuthenticationHandlerResolver
.RegisteredServiceAuthenticationHandlerResolver This isRegisteredServiceAuthenticationHandlerResolver
that acts on the criteria presented by a registered service to detect which handler(s) should be resolved for authentication.