Authentication Architecture Overview

For authentication, Jetspeed 2 leverages Java LoginModule architecture. It provides a DefaultLoginModule implementation and a flexible architecture to be able to authenticate user against multiple user repositories and provide user management capabilities across those repository. A UserManager provides a set of coarsed services for authenticating and managing users. The class diagram below illustrates how the UserManager provides authentication to the DefaultLoginModule and leverages the Authentication SPI to interact with various implementation and user stores.

The various components described above fulfill the following functions:

Component Description
DefaultLoginModule Jetspeed 2 default LoginModule implementation which leverages the authenticate() method of the UserManager to provide authentication against the various AuthenticationProvider implementation currently configured.
UserManager Coarsed service providing authentication and user management. The UserManagercode> leverages the various AuthenticationProvider implementations exposed to it through the AuthenticationProviderProxy through the SecurityProvider.
SecurityProvider Provides access to the security providers exposing SPI implementation to the coarsed security services.
AuthenticationProviderProxy A proxy to the various AuthenticationProvider implementations. The AuthenticationProviderProxy is responsible of invoking the correct AuthenticationProvider to authenticate or manage a specific user against a specific data store.