Authentication modules provide the logic and the user interface for a single stage in an Authentication Scheme that a user must complete to be able to logon on use Adito's services.
Each module must have an {@link com.adito.security.AuthenticationModuleDefinition}that must be registed with the {@link com.adito.security.AuthenticationModuleManager}.
When authentication is required by the module, the first thing that happens is all of the modules in the scheme are initialised by called their {@link #init(AuthenticationScheme)}methods.
When it is this schemes turn, the {@link #authenticate(HttpServletRequest,RequestParameterMap)}method will be called expecting either a {@link com.adito.security.Credentials}object or any exception to be thrown if the authentication failed.
If applicable, each module must return the page to a JSP page that provides the web based user interface for the module.
A module may be capable of supporting the entering of a username, in which case it is known as a Primary Authentication Modules. If this capability is not available, the module is a Secondary Authentication Module and may only be used after a primary has already been used.
There is a third type called a System Authentication Module which is used interally by the Adito or its plugins but never presented to user directly. These are currently used for Webdav and Embedded client logons. @see com.adito.security.AuthenticationScheme @see com.adito.security.AuthenticationModuleDefinition @see com.adito.security.AuthenticationModuleManager
|
|
|
|
|
|