This service provides an API to allow authentication of users using various methods, such as username and password and authentication tickets. Authentication is required at various access points into the repository. For example web scripts, CMIS, FTP, WebDAV, and web clients represent access points where authentication needs to take place.
Authentication can be via a ticket, a username and password pair, or some other mechanism. The AuthenticationService provides an API to:
- Authenticate using a username and password
- Authenticate using a ticket
- Create, update and delete authentication information
- Clear the current authentication
- Invalidate a ticket
- Get the username for who is currently authenticated
- Get a ticket for subsequent re-authentication
- Determine if the current user is “the system user”
Not all implementations will support creating, updating and deleting authentication information.
The authenticated username is used as the key to obtain other security information such as group membership, the details about the person, to record a user as the owner of an object. It is one of the identifiers against which permissions may be assigned.
The AuthenticationService does not provide any details about a user other than authentication. It stores authentication information on the calling thread. Application developers should ensure that this information is cleared.
The AuthenticationService brings together three components:
- The authentication component
- The authentication DAO
- The ticket component
The authentication component supports authentication only. The authentication DAO provides an API to create, delete and update authentication information. The ticket component is responsible for managing and storing tickets that may be obtained after authentication and used in place of authentication.
// Get services AuthenticationService authService = (AuthenticationService)serviceRegistry.getAuthenticationService(); PersonService personService = (PersonService)serviceRegistry.getPersonService(); // Get current user NodeRef person = personService.getPerson(authService.getCurrentUserName());
See also: