/**
* Creates an AuthToken object from token string.
*
* @param encoded
* @return
* @throws AuthTokenException
* @see #authToken(String)
*/
public static AuthToken getAuthToken(String encoded) throws AuthTokenException {
AuthToken at = null;
List<AuthProvider> providers = getProviders();
for (AuthProvider ap : providers) {
try {
at = ap.authToken(encoded);
if (at == null) {
throw new AuthTokenException("auth provider " + ap.getName() + " returned null");
} else {
return at;
}
} catch (AuthProviderException e) {
// if there is no auth data for this provider, log and continue with next provider
if (e.canIgnore()) {
logger().warn(ap.getName() + ":" + e.getMessage());
} else {
throw new AuthTokenException("auth provider error", e);
}
} catch (AuthTokenException e) {
// log and rethrow
logger()
.debug("getAuthToken error: provider=" + ap.getName() + ", err=" + e.getMessage(), e);
throw e;
}
}
// there is no auth data for any of the enabled providers
logger().error("unable to get AuthToken from encoded " + encoded);
return null;
}
/**
* @param req http request
* @return an AuthToken object, or null if auth data is not present for any of the enabled
* providers
* @throws ServiceException
*/
public static AuthToken getAuthToken(HttpServletRequest req, boolean isAdminReq)
throws AuthTokenException {
AuthToken at = null;
List<AuthProvider> providers = getProviders();
for (AuthProvider ap : providers) {
try {
at = ap.authToken(req, isAdminReq);
if (at == null) {
throw new AuthTokenException("auth provider " + ap.getName() + " returned null");
} else {
return at;
}
} catch (AuthProviderException e) {
// if there is no auth data for this provider, log and continue with next provider
if (e.canIgnore()) {
logger().debug(ap.getName() + ":" + e.getMessage());
} else {
throw new AuthTokenException("auth provider error", e);
}
} catch (AuthTokenException e) {
// log and rethrow
logger()
.debug("getAuthToken error: provider=" + ap.getName() + ", err=" + e.getMessage(), e);
throw e;
}
}
// there is no auth data for any of the enabled providers
return null;
}
public static AuthToken getAuthToken(Account acct, long expires) throws AuthProviderException {
List<AuthProvider> providers = getProviders();
for (AuthProvider ap : providers) {
try {
AuthToken at = ap.authToken(acct, expires);
if (at == null) {
throw AuthProviderException.FAILURE("auth provider " + ap.getName() + " returned null");
} else {
return at;
}
} catch (AuthProviderException e) {
if (e.canIgnore()) {
logger().debug(ap.getName() + ":" + e.getMessage());
} else {
throw e;
}
}
}
throw AuthProviderException.FAILURE("cannot get authtoken from account " + acct.getName());
}
public static AuthToken getAuthToken(Account acct, boolean isAdmin, AuthMech authMech)
throws AuthProviderException {
List<AuthProvider> providers = getProviders();
for (AuthProvider ap : providers) {
try {
AuthToken at = ap.authToken(acct, isAdmin, authMech);
if (at == null) {
throw AuthProviderException.FAILURE("auth provider " + ap.getName() + " returned null");
} else {
return at;
}
} catch (AuthProviderException e) {
if (e.canIgnore()) {
logger().debug(ap.getName() + ":" + e.getMessage());
} else {
throw e;
}
}
}
String acctName = acct != null ? acct.getName() : "null";
throw AuthProviderException.FAILURE("cannot get authtoken from account " + acctName);
}
/**
* Returns an AuthToken from the account object. Should never return null.
*
* @param acct
* @param isAdmin
* @param authMech
* @return
* @throws AuthProviderException
*/
protected AuthToken authToken(Account acct, boolean isAdmin, AuthMech authMech)
throws AuthProviderException {
if (acct == null) {
throw AuthProviderException.NOT_SUPPORTED();
}
long lifetime =
isAdmin
? acct.getTimeInterval(
Provisioning.A_zimbraAdminAuthTokenLifetime, AuthToken.DEFAULT_AUTH_LIFETIME * 1000)
: acct.getTimeInterval(
Provisioning.A_zimbraAuthTokenLifetime, AuthToken.DEFAULT_AUTH_LIFETIME * 1000);
return authToken(acct, lifetime);
}
/**
* Returns an AuthToken from the account object with specified expiration. Should never return
* null.
*
* @param acct
* @param expires
* @param isAdmin
* @param adminAcct
* @param acct account authtoken will be valid for
* @param expires when the token expires
* @param isAdmin true if acct is using its admin privileges
* @param adminAcct the admin account accessing acct's information, if this token was created by
* an admin.
* @return
* @throws AuthProviderException
*/
protected AuthToken authToken(Account acct, long expires, boolean isAdmin, Account adminAcct)
throws AuthProviderException {
throw AuthProviderException.NOT_SUPPORTED();
}
/**
* Returns an AuthToken from the account object with specified lifetime. Should never return null.
*
* @param acct
* @param expires
* @return
* @throws AuthProviderException
*/
protected AuthToken authToken(Account acct, long expires) throws AuthProviderException {
throw AuthProviderException.NOT_SUPPORTED();
}
/**
* Returns an AuthToken from an encoded String.
*
* <p>This API is for servlets that support auth from a non-cookie channel, where it honors a
* String token from a specific element in the request, which is neither a cookie nor a SOAP
* context header. e.g. a query param.
*
* <p>By default, an AuthProvider do not need to implement this method. The default implementation
* is throwing AuthProviderException.NOT_SUPPORTED.
*
* <p>Should never return null. Throws AuthProviderException.NO_SUPPORTED if this API is not
* supported by the auth provider Throws AuthProviderException.NO_AUTH_TOKEN if auth data for the
* provider is not present Throws AuthTokenException if auth data for the provider is present but
* cannot be resolved into a valid AuthToken
*
* @param encoded
* @return
* @throws AuthProviderException
* @throws AuthTokenException
*/
protected AuthToken authToken(String encoded) throws AuthProviderException, AuthTokenException {
throw AuthProviderException.NOT_SUPPORTED();
}
