Package org.jivesoftware.openfire.auth

Class AuthFactory

java.lang.Object
org.jivesoftware.openfire.auth.AuthFactory
public class AuthFactory extends Object
Pluggable authentication service. Users of Openfire that wish to change the AuthProvider implementation used to authenticate users can set the AuthProvider.className system property. For example, if you have configured Openfire to use LDAP for user information, you'd want to send a custom implementation of AuthFactory to make LDAP auth queries. After changing the AuthProvider.className system property, you must restart your application server.
Author:
Matt Tucker

  • Field Details

  • Constructor Details

    • AuthFactory

      public AuthFactory()

  • Method Details

    • getAuthProvider

      public static AuthProvider getAuthProvider()
      Deprecated.
      Prefer using the corresponding factory method, rather than invoking methods on the provider directly
      Returns the currently-installed AuthProvider. Warning: in virtually all cases the auth provider should not be used directly. Instead, the appropriate methods in AuthFactory should be called. Direct access to the auth provider is only provided for special-case logic.
      Returns:
      the current UserProvider.

    • isProviderInstanceOf

      public static boolean isProviderInstanceOf(Class<?> c)
      Returns whether the currently-installed AuthProvider is instance of a specific class.
      Parameters:
      c - the class to compare with
      Returns:
      true - if the currently-installed AuthProvider is instance of c, false otherwise.

    • isProviderHybridInstanceOf

      public static boolean isProviderHybridInstanceOf(Class<? extends AuthProvider> clazz)
      Indicates if the currently-installed AuthProvider is the HybridAuthProvider supporting a specific class.
      Parameters:
      clazz - the class to check
      Returns:
      true if the currently-installed AuthProvider is a HybridAuthProvider that supports an instance of clazz, otherwise false.

    • supportsPasswordRetrieval

      public static boolean supportsPasswordRetrieval()
      Returns true if the currently installed AuthProvider supports password retrieval. Certain implementation utilize password hashes and other authentication mechanisms that do not require the original password.
      Returns:
      true if plain password retrieval is supported.

    • getPassword

      public static String getPassword(String username) throws UserNotFoundException, UnsupportedOperationException
      Returns the user's password. This method will throw an UnsupportedOperationException if this operation is not supported by the backend user store.
      Parameters:
      username - the username of the user.
      Returns:
      the user's password.
      Throws:
      UserNotFoundException - if the given user could not be found.
      UnsupportedOperationException - if the provider does not support the operation (this is an optional operation).

    • setPassword

      public static void setPassword(String username, String password) throws UserNotFoundException, UnsupportedOperationException, ConnectionException, InternalUnauthenticatedException
      Sets the users's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.
      Parameters:
      username - the username of the user.
      password - the new plaintext password for the user.
      Throws:
      UserNotFoundException - if the given user could not be loaded.
      UnsupportedOperationException - if the provider does not support the operation (this is an optional operation).
      ConnectionException - if there is a problem connecting to user and group system
      InternalUnauthenticatedException - if there is a problem authentication Openfire itself into the user and group system

    • authenticate

      public static AuthToken authenticate(String username, String password) throws UnauthorizedException, ConnectionException, InternalUnauthenticatedException
      Authenticates a user with a username and plain text password and returns and AuthToken. If the username and password do not match the record of any user in the system, this method throws an UnauthorizedException.
      Parameters:
      username - the username.
      password - the password.
      Returns:
      an AuthToken token if the username and password are correct.
      Throws:
      UnauthorizedException - if the username and password do not match any existing user or the account is locked out.
      ConnectionException - if there is a problem connecting to user and group system
      InternalUnauthenticatedException - if there is a problem authentication Openfire itself into the user and group system

    • createDigest

      public static String createDigest(String token, String password)
      Returns a digest given a token and password, according to JEP-0078.
      Parameters:
      token - the token used in the digest.
      password - the plain-text password to be digested.
      Returns:
      the digested result as a hex string.

    • encryptPassword

      public static String encryptPassword(String password)
      Returns an encrypted version of the plain-text password. Encryption is performed using the Blowfish algorithm. The encryption key is stored as the Jive property "passwordKey". If the key is not present, it will be automatically generated.
      Parameters:
      password - the plain-text password.
      Returns:
      the encrypted password.
      Throws:
      UnsupportedOperationException - if encryption/decryption is not possible; for example, during setup mode.

    • decryptPassword

      public static String decryptPassword(String encryptedPassword)
      Returns a decrypted version of the encrypted password. Encryption is performed using the Blowfish algorithm. The encryption key is stored as the Jive property "passwordKey". If the key is not present, it will be automatically generated.
      Parameters:
      encryptedPassword - the encrypted password.
      Returns:
      the encrypted password.
      Throws:
      UnsupportedOperationException - if encryption/decryption is not possible; for example, during setup mode.

    • supportsScram

      public static boolean supportsScram()

    • getSalt

      public static String getSalt(String username) throws UnsupportedOperationException, UserNotFoundException
      Throws:
      UnsupportedOperationException
      UserNotFoundException

    • getIterations

      public static int getIterations(String username) throws UnsupportedOperationException, UserNotFoundException
      Throws:
      UnsupportedOperationException
      UserNotFoundException

    • getServerKey

      public static String getServerKey(String username) throws UnsupportedOperationException, UserNotFoundException
      Throws:
      UnsupportedOperationException
      UserNotFoundException

    • getStoredKey

      public static String getStoredKey(String username) throws UnsupportedOperationException, UserNotFoundException
      Throws:
      UnsupportedOperationException
      UserNotFoundException

    • isOneTimeAccessTokenEnabled

      public static boolean isOneTimeAccessTokenEnabled()

    • checkOneTimeAccessToken

      public static AuthToken checkOneTimeAccessToken(String userToken) throws UnauthorizedException
      Throws:
      UnauthorizedException