Package io.goobi.viewer.model.security.authentication

Class LitteraProvider

java.lang.Object
io.goobi.viewer.model.security.authentication.HttpAuthenticationProvider
io.goobi.viewer.model.security.authentication.LitteraProvider
All Implemented Interfaces:
IAuthenticationProvider
public class LitteraProvider extends HttpAuthenticationProvider
External authentication provider for the LITTERA reader authentication api (www.littera.eu). This provider requests requests authentication from the configured url and an 'id' and 'pw' provided as query parameters. The response is a text/xml document containing a root element with an attribute "authenticationSuccessful" which is either true or false depending on the validity of the passed query params. If the authentication is successful, an existing viewer user is newly created is required with the nickname of the login id and an email of {id}@nomail.com. The user may still be suspended, given admin rights ect. as any other viewer user
Author:
Florian Alpers

  • Field Details

    • DEFAULT_EMAIL

      protected static final String DEFAULT_EMAIL
      Constant DEFAULT_EMAIL="{username}@nomail.com".
      See Also:

    • TYPE_USER_PASSWORD

      protected static final String TYPE_USER_PASSWORD
      Constant TYPE_USER_PASSWORD="userPassword".
      See Also:

  • Constructor Details

    • LitteraProvider

      public LitteraProvider(String name, String label, String url, String image, long timeoutMillis)
      Creates a new LitteraProvider instance.
      Parameters:
      name - unique provider name identifier
      label - display label shown to users
      url - base URL of the Littera authentication endpoint
      image - path to the provider logo image
      timeoutMillis - HTTP request timeout in milliseconds

  • Method Details

    • logout

      public void logout() throws AuthenticationProviderException
      Logs the user out.
      Throws:
      AuthenticationProviderException - if any.

    • login

      public CompletableFuture<LoginResult> login(String loginName, String password) throws AuthenticationProviderException
      Returns a future containing the login result upon completion. The result optionally contains the logged in User as well as the HttpServletRequest and HttpServletResponse to be used to complete the login and possible request forwarding If an error occurs and the request can not be processed, an AuthenticationException must be thrown. If a login has been refused, the exact reasons can be determined using the methods User.isActive(), User.isSuspended() and LoginResult.isRefused()
      Parameters:
      loginName - login name or identifier supplied by the user
      password - A string to be used as a password or similar for login. If the provider does not require such a string, this can be left empty or null
      Returns:
      A CompletableFuture which is resolved once login is completed and contains a LoginResult
      Throws:
      AuthenticationProviderException - if any.

    • get

      protected LitteraAuthenticationResponse get(URI url, String username, String password) throws IOException
      get.
      Parameters:
      url - base URI of the Littera authentication endpoint
      username - login name submitted by the user
      password - password submitted by the user
      Returns:
      the deserialized authentication response from the Littera service
      Throws:
      IOException - if any.

    • allowsPasswordChange

      public boolean allowsPasswordChange()
      Checks whether this authentication service allows user to edit their password or to reset it.
      Returns:
      true if the authentication service provides means to change or reset the user password

    • allowsNicknameChange

      public boolean allowsNicknameChange()
      allowsNicknameChange.
      Returns:
      true if the nickname may be changed and is not essential for user identification

    • allowsEmailChange

      public boolean allowsEmailChange()
      allowsEmailChange.
      Returns:
      true if the email may be changed and is not essential for user identification