S
- The type of SessionContext
being provided to the instance creatorM
- The authentication method factory typepublic interface UserAuthMethodFactory<S extends SessionContext,M extends UserAuthInstance<S>> extends NamedResource
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
ALLOW_INSECURE_AUTH
If set to
true then isSecureAuthenticationTransport(SessionContext) returns true even if
transport is insecure. |
static java.lang.String |
ALLOW_NON_INTEGRITY_AUTH
If set to
true then isDataIntegrityAuthenticationTransport(SessionContext) returns true
even if transport has no MAC(s) to verify message integrity |
static boolean |
DEFAULT_ALLOW_INSECURE_AUTH |
static boolean |
DEFAULT_ALLOW_NON_INTEGRITY_AUTH |
static java.lang.String |
HOST_BASED
Host-based authentication method
|
static java.lang.String |
KB_INTERACTIVE
Keyboard interactive authentication method
|
static java.lang.String |
PASSWORD
Password authentication method name
|
static java.lang.String |
PUBLIC_KEY
Public key authentication method name
|
BY_NAME_COMPARATOR, NAME_EXTRACTOR
Modifier and Type | Method and Description |
---|---|
M |
createUserAuth(S session) |
static <S extends SessionContext,M extends UserAuthInstance<S>> |
createUserAuth(S session,
java.util.Collection<? extends UserAuthMethodFactory<S,M>> factories,
java.lang.String name) |
static boolean |
isDataIntegrityAuthenticationTransport(SessionContext session) |
static boolean |
isSecureAuthenticationTransport(SessionContext session)
According to RFC 4252 - section 8:
|
findByName, getName, getNameList, getNames, ofName, removeByName
static final java.lang.String PASSWORD
static final java.lang.String PUBLIC_KEY
static final java.lang.String KB_INTERACTIVE
static final java.lang.String HOST_BASED
static final java.lang.String ALLOW_INSECURE_AUTH
true
then isSecureAuthenticationTransport(SessionContext)
returns true
even if
transport is insecure.static final boolean DEFAULT_ALLOW_INSECURE_AUTH
static final java.lang.String ALLOW_NON_INTEGRITY_AUTH
true
then isDataIntegrityAuthenticationTransport(SessionContext)
returns true
even if transport has no MAC(s) to verify message integritystatic final boolean DEFAULT_ALLOW_NON_INTEGRITY_AUTH
M createUserAuth(S session) throws java.io.IOException
session
- The session for which authentication is requiredjava.io.IOException
- If failed to create the instancestatic <S extends SessionContext,M extends UserAuthInstance<S>> M createUserAuth(S session, java.util.Collection<? extends UserAuthMethodFactory<S,M>> factories, java.lang.String name) throws java.io.IOException
S
- The type of SessionContext
being provided to the instance creatorM
- The authentication method factory typesession
- The session through which the request is being madefactories
- The available factoriesname
- The requested factory namenull
if no matching factoryjava.io.IOException
- If failed to create the instancestatic boolean isSecureAuthenticationTransport(SessionContext session)
Both the server and the client should check whether the underlying transport layer provides confidentiality (i.e., if encryption is being used). If no confidentiality is provided ("none" cipher), password authentication SHOULD be disabled. If there is no confidentiality or no MAC, password change SHOULD be disabled.
session
- The SessionContext
being used for authenticationtrue
if the context is not null
and the ciphers have been established to anything
other than "none".ALLOW_INSECURE_AUTH
,
SessionContext.isSecureSessionTransport(SessionContext)
static boolean isDataIntegrityAuthenticationTransport(SessionContext session)
session
- The SessionContext
being used for authenticationtrue
if the context is not null
and the MAC(s) used to verify packet integrity
have been established.ALLOW_NON_INTEGRITY_AUTH
,
SessionContext.isDataIntegrityTransport(SessionContext)