Package org.nuxeo.duoweb.authentication

Class DuoFactorsAuthenticator

java.lang.Object

org.nuxeo.ecm.platform.ui.web.auth.plugins.FormAuthenticator

org.nuxeo.duoweb.authentication.DuoFactorsAuthenticator

All Implemented Interfaces:

NuxeoAuthenticationPlugin

public class DuoFactorsAuthenticator
extends FormAuthenticator

Authentication filter handles two factors authentication via Duo

Since:

5.9.5

Field Summary

Fields

Modifier and Type	Field	Description
protected com.duosecurity.Client	duoClient
protected static final String	KV_NAME
protected static final org.apache.logging.log4j.Logger	log
protected static final String	NX_USER_FIRST_FACTOR_CHECKED
protected static final Random	RANDOM
protected static final long	STATE_TTL_SECONDS

Fields inherited from class org.nuxeo.ecm.platform.ui.web.auth.plugins.FormAuthenticator

loginPage, passwordKey, usernameKey

Constructor Summary

Constructors

Constructor	Description
DuoFactorsAuthenticator()

Method Summary

Modifier and Type	Method	Description
protected boolean	authWasSuccessful(com.duosecurity.model.Token token)
NuxeoPrincipal	createIdentity(String username)
protected com.duosecurity.Client	getClient()
protected KeyValueStoreProvider	getKeyValueStore()
protected String	getRequestedUrl(jakarta.servlet.http.HttpServletRequest httpRequest)
List<String>	getUnAuthenticatedURLPrefix()	Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.
Boolean	handleLoginPrompt(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, String baseURL)	Handles the Login Prompt.
UserIdentificationInfo	handleRetrieveIdentity(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse)	Retrieves user identification information from the request.
void	initPlugin(Map<String,String> parameters)	Initializes the Plugin from parameters set in the XML descriptor.
Boolean	needLoginPrompt(jakarta.servlet.http.HttpServletRequest httpRequest)	Defines if the authentication plugin needs to do a login prompt.
protected NuxeoPrincipal	validateUserIdentity(UserIdentificationInfo userIdentity)

Methods inherited from class org.nuxeo.ecm.platform.ui.web.auth.plugins.FormAuthenticator

getLoginPage

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

log

protected static final org.apache.logging.log4j.Logger log

STATE_TTL_SECONDS

protected static final long STATE_TTL_SECONDS

KV_NAME

protected static final String KV_NAME

See Also:

• Constant Field Values

RANDOM

protected static final Random RANDOM

NX_USER_FIRST_FACTOR_CHECKED

protected static final String NX_USER_FIRST_FACTOR_CHECKED

See Also:

• Constant Field Values

duoClient

protected com.duosecurity.Client duoClient

Constructor Details

DuoFactorsAuthenticator

public DuoFactorsAuthenticator()

Method Details

initPlugin

public void initPlugin(Map<String,String> parameters)

Description copied from interface: NuxeoAuthenticationPlugin

Initializes the Plugin from parameters set in the XML descriptor.

Specified by:

initPlugin in interface NuxeoAuthenticationPlugin

Overrides:

initPlugin in class FormAuthenticator

handleLoginPrompt

public Boolean handleLoginPrompt(jakarta.servlet.http.HttpServletRequest httpRequest,
 jakarta.servlet.http.HttpServletResponse httpResponse,
 String baseURL)

Description copied from interface: NuxeoAuthenticationPlugin

Handles the Login Prompt.

Specified by:

handleLoginPrompt in interface NuxeoAuthenticationPlugin

Overrides:

handleLoginPrompt in class FormAuthenticator

Parameters:

httpRequest - the request

httpResponse - the response

Returns:

true if AuthFilter must stop execution (ie: login prompt generated a redirect), false otherwise

handleRetrieveIdentity

public UserIdentificationInfo handleRetrieveIdentity(jakarta.servlet.http.HttpServletRequest httpRequest,
 jakarta.servlet.http.HttpServletResponse httpResponse)

Description copied from interface: NuxeoAuthenticationPlugin

Retrieves user identification information from the request.

Specified by:

handleRetrieveIdentity in interface NuxeoAuthenticationPlugin

Overrides:

handleRetrieveIdentity in class FormAuthenticator

Parameters:

httpRequest - the request

httpResponse - the response

needLoginPrompt

public Boolean needLoginPrompt(jakarta.servlet.http.HttpServletRequest httpRequest)

Description copied from interface: NuxeoAuthenticationPlugin

Defines if the authentication plugin needs to do a login prompt.

Specified by:

needLoginPrompt in interface NuxeoAuthenticationPlugin

Overrides:

needLoginPrompt in class FormAuthenticator

Returns:

true if LoginPrompt is used

getUnAuthenticatedURLPrefix

public List<String> getUnAuthenticatedURLPrefix()

Description copied from interface: NuxeoAuthenticationPlugin

Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.

Specified by:

getUnAuthenticatedURLPrefix in interface NuxeoAuthenticationPlugin

Overrides:

getUnAuthenticatedURLPrefix in class FormAuthenticator

createIdentity

public NuxeoPrincipal createIdentity(String username)
                              throws LoginException

Throws:

LoginException

authWasSuccessful

protected boolean authWasSuccessful(com.duosecurity.model.Token token)

getClient

protected com.duosecurity.Client getClient()

getKeyValueStore

protected KeyValueStoreProvider getKeyValueStore()

validateUserIdentity

protected NuxeoPrincipal validateUserIdentity(UserIdentificationInfo userIdentity)
                                       throws LoginException

Throws:

LoginException

getRequestedUrl

protected String getRequestedUrl(jakarta.servlet.http.HttpServletRequest httpRequest)