- Set a central AuthenticationChallengeHandler that will allow your users to authenticate with secured
services
The easiest way to ensure your app allows users to authenticate is to set an instance of the DefaultAuthenticationChallengeHandler onto the Authentication manager:
AuthenticationManager.setAuthenticationChallengeHandler(new DefaultAuthenticationChallengeHandler(context));
Alternatively, implement and set a customAuthenticationChallengeHandler
, to customize the logic or user interface of handling AuthenticationChallenges.The
DefaultAuthenticationChallengeHandler
class can take care of user credential and OAuth challenges. For other challenges you must implement AuthenticationChallengeHandler and pass an instance of your handler tosetAuthenticationChallengeHandler(AuthenticationChallengeHandler)
.The AuthenticationManager's AuthenticationChallengeHandler is null by default; if no handler is set, the request to the secured resource will fail as it cannot be authenticated; for example, a Loadable that uses a secured resource may have a
LoadStatus.FAILED_TO_LOAD
and theLoadable.getLoadError()
will indicate an authorization failure. - Manage an in-memory cache of credentials
When a user is challenged and enters credentials which successfully allow access to the resource, those credentials are automatically added to the
AuthenticationManager.CredentialCache
. When secured resources from the same server and port are accessed subsequently, credentials in this cache are reused automatically, avoiding unnecessary challenges. Certificates are also cached, see below for more details.If your app allows a user to sign out of a portal or server, call
AuthenticationManager.CredentialCache.clear()
to remove all cached credentials when the user signs out, to prevent users accessing resources for which they do not have permission.The credential cache can be serialized to json, enabling it to be stored between app sessions. However, the serialized credential cache should be secured using an appropriate mechanism for your platform to ensure that credentials are not available to other apps or processes.
- Manage the certificates for accessing certificate secured resources
AuthenticationChallenges issued for self-signed server certificates can be handled as follows. Use the
setSelfSignedCertificateListener(SelfSignedCertificateListener)
method to provide a listener that will handle self signed certificates as they are encountered. (Other types of AuthenticationChallenge will continue to be sent to the current AuthenticationChallengeHandler.) This approach is useful when you want to add specific logic for trusting self-signed certificates on a case-by-case basis, but the behaviour of the DefaultAuthenticationChallengeHandler is suitable for all other authentication challenges.For testing purposes,
setTrustAllSigners(boolean)
can be called with a value of true to indicate an app is willing to trust all valid, non-expired, self-signed certificates. This should never be used in production code. - Manage a set of OAuthConfigurations
If your app will connect to OAuth secured resources, and you have set an instance of the DefaultAuthenticationChallengeHandler onto the AuthenticationManager, then add an
OAuthConfiguration
for a specific client ID and portal by callingaddOAuthConfiguration(OAuthConfiguration)
. The set of OAuthConfigurations is stored in-memory only and does not persist between sessions.
See the ArcGIS for Developers website for an overview of ArcGIS Security and Authentication.
- Since:
- 100.0.0
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic final class
Encapsulates a map of server contexts to credentials that may be used to access them. -
Method Summary
Modifier and TypeMethodDescriptionstatic void
addOAuthConfiguration
(OAuthConfiguration oAuthConfiguration) Adds an OAuthConfiguration that will be used to provide the client ID and redirect URI for the portal URL specified in the configuration (or all portals if the portal URL is null).static void
Clears the current OAuthConfigurations.static void
Removes all cached trusted server certificates.Gets the current AuthenticationChallengeHandler.static OAuthConfiguration
getOAuthConfiguration
(String portalUrl) Gets the OAuthConfiguration that was added for the specified portal URL.Returns the user defined SelfSignedCertificateListener.static boolean
Returns true if all signers are trusted.static boolean
removeOAuthConfiguration
(String portalUrl) Removes the OAuthConfiguration with the specified URL if it has previously been added.static void
Sets an authentication challenge handler which will be used to handle any authentication exceptions that arise while executing requests.static void
Sets the SelfSignedCertificateListener to handle self-signed certificates.static void
setTrustAllSigners
(boolean trustAllSigners) Set to true to trust all signers.
-
Method Details
-
setAuthenticationChallengeHandler
Sets an authentication challenge handler which will be used to handle any authentication exceptions that arise while executing requests. This handler should use the challenge provided to determine what went wrong, and then provide some way for the user to indicate how to proceed. Challenges are handled one at a time.- Parameters:
handler
- the AuthenticationChallengeHandler that should be used to handle authentication exceptions- Since:
- 100.0.0
-
getAuthenticationChallengeHandler
Gets the current AuthenticationChallengeHandler. SeesetAuthenticationChallengeHandler(AuthenticationChallengeHandler)
for more details.- Returns:
- the AuthenticationChallengeHandler currently used to handle authentication exceptions
- Since:
- 100.0.0
-
addOAuthConfiguration
Adds an OAuthConfiguration that will be used to provide the client ID and redirect URI for the portal URL specified in the configuration (or all portals if the portal URL is null).- Parameters:
oAuthConfiguration
- the OAuthConfiguration to add- Throws:
IllegalArgumentException
- if oAuthConfiguration is null- Since:
- 100.0.0
-
removeOAuthConfiguration
Removes the OAuthConfiguration with the specified URL if it has previously been added.- Parameters:
portalUrl
- the portal URL of the OAuthConfiguration to remove, or null to remove the global configuration- Returns:
- true if the OAuthConfiguration was removed; otherwise false (for example, if it was never actually added)
- Throws:
MalformedURLException
- if the portal URL is malformed- Since:
- 100.0.0
-
getOAuthConfiguration
public static OAuthConfiguration getOAuthConfiguration(String portalUrl) throws MalformedURLException Gets the OAuthConfiguration that was added for the specified portal URL. If there is an OAuthConfiguration that was added with a null portal URL, that will be returned regardless of the portal URL that was passed.- Parameters:
portalUrl
- the portal URL for which to get an OAuthConfiguration- Returns:
- the OAuthConfiguration
- Throws:
MalformedURLException
- if the portal URL is malformed- Since:
- 100.0.0
-
clearOAuthConfigurations
public static void clearOAuthConfigurations()Clears the current OAuthConfigurations.- Since:
- 100.0.0
-
getSelfSignedCertificateListener
Returns the user defined SelfSignedCertificateListener.- Returns:
- the SelfSignedCertificateListener
- Since:
- 100.0.0
-
setSelfSignedCertificateListener
Sets the SelfSignedCertificateListener to handle self-signed certificates. With the listener, users have full control over all certificates. This should not be confused withisTrustAllSigners()
. The trusted certificates will be cached in the session. You can clear the cache by callingclearTrustedCertificates()
.- Parameters:
listener
- the SelfSignedCertificateListener to set- Since:
- 100.0.0
-
isTrustAllSigners
public static boolean isTrustAllSigners()Returns true if all signers are trusted. SeesetTrustAllSigners(boolean)
for more information.- Returns:
- true if all signers should be trusted, otherwise false
- Since:
- 100.0.0
-
setTrustAllSigners
public static void setTrustAllSigners(boolean trustAllSigners) Set to true to trust all signers. This will not allow trusting of expired or not yet valid certificates; it simply disregards the issuer of the certificate. To accept expired or not yet valid certificates, aSelfSignedCertificateListener
must be implemented and set usingsetSelfSignedCertificateListener(SelfSignedCertificateListener)
. Setting this to false will cause all previously trusted server certificates to become untrusted again.- Parameters:
trustAllSigners
- whether to trust all certificate signers- Since:
- 100.0.0
-
clearTrustedCertificates
public static void clearTrustedCertificates()Removes all cached trusted server certificates. This does not affect client certificates. This will cause all previously trusted server certificates to become untrusted again.- Since:
- 100.0.0
-