Class AuthFactory


  • public class AuthFactory
    extends Object
    Pluggable authentication service. Users of Openfire that wish to change the AuthProvider implementation used to authenticate users can set the AuthProvider.className system property. For example, if you have configured Openfire to use LDAP for user information, you'd want to send a custom implementation of AuthFactory to make LDAP auth queries. After changing the AuthProvider.className system property, you must restart your application server.
    Author:
    Matt Tucker
    • Constructor Detail

      • AuthFactory

        public AuthFactory()
    • Method Detail

      • getAuthProvider

        public static AuthProvider getAuthProvider()
        Deprecated.
        Prefer using the corresponding factory method, rather than invoking methods on the provider directly
        Returns the currently-installed AuthProvider. Warning: in virtually all cases the auth provider should not be used directly. Instead, the appropriate methods in AuthFactory should be called. Direct access to the auth provider is only provided for special-case logic.
        Returns:
        the current UserProvider.
      • isProviderInstanceOf

        public static boolean isProviderInstanceOf​(Class<?> c)
        Returns whether the currently-installed AuthProvider is instance of a specific class.
        Parameters:
        c - the class to compare with
        Returns:
        true - if the currently-installed AuthProvider is instance of c, false otherwise.
      • isProviderHybridInstanceOf

        public static boolean isProviderHybridInstanceOf​(Class<? extends AuthProvider> clazz)
        Indicates if the currently-installed AuthProvider is the HybridAuthProvider supporting a specific class.
        Parameters:
        clazz - the class to check
        Returns:
        true if the currently-installed AuthProvider is a HybridAuthProvider that supports an instance of clazz, otherwise false.
      • supportsPasswordRetrieval

        public static boolean supportsPasswordRetrieval()
        Returns true if the currently installed AuthProvider supports password retrieval. Certain implementation utilize password hashes and other authentication mechanisms that do not require the original password.
        Returns:
        true if plain password retrieval is supported.
      • authenticate

        public static AuthToken authenticate​(String username,
                                             String password)
                                      throws UnauthorizedException,
                                             ConnectionException,
                                             InternalUnauthenticatedException
        Authenticates a user with a username and plain text password and returns and AuthToken. If the username and password do not match the record of any user in the system, this method throws an UnauthorizedException.
        Parameters:
        username - the username.
        password - the password.
        Returns:
        an AuthToken token if the username and password are correct.
        Throws:
        UnauthorizedException - if the username and password do not match any existing user or the account is locked out.
        ConnectionException - if there is a problem connecting to user and group system
        InternalUnauthenticatedException - if there is a problem authentication Openfire itself into the user and group system
      • createDigest

        public static String createDigest​(String token,
                                          String password)
        Returns a digest given a token and password, according to JEP-0078.
        Parameters:
        token - the token used in the digest.
        password - the plain-text password to be digested.
        Returns:
        the digested result as a hex string.
      • encryptPassword

        public static String encryptPassword​(String password)
        Returns an encrypted version of the plain-text password. Encryption is performed using the Blowfish algorithm. The encryption key is stored as the Jive property "passwordKey". If the key is not present, it will be automatically generated.
        Parameters:
        password - the plain-text password.
        Returns:
        the encrypted password.
        Throws:
        UnsupportedOperationException - if encryption/decryption is not possible; for example, during setup mode.
      • decryptPassword

        public static String decryptPassword​(String encryptedPassword)
        Returns a decrypted version of the encrypted password. Encryption is performed using the Blowfish algorithm. The encryption key is stored as the Jive property "passwordKey". If the key is not present, it will be automatically generated.
        Parameters:
        encryptedPassword - the encrypted password.
        Returns:
        the encrypted password.
        Throws:
        UnsupportedOperationException - if encryption/decryption is not possible; for example, during setup mode.
      • supportsScram

        public static boolean supportsScram()
      • isOneTimeAccessTokenEnabled

        public static boolean isOneTimeAccessTokenEnabled()