package-info.java

/**
 * The handler package contains the classes used to authenticate a user.  It contains
 * the AuthenticationHandler interface which is used to validate credential.  It also
 * contains the PasswordEncoders which are used by implementations of the AuthenticationHandler
 * to provide conversion from plain text to whatever the password is encoded as in the data
 * store.
 * The package also contains a well-defined exception heirarchy to allow fine-grained error
 * messages to be displayed.
 * Examples of AuthenticationHandlers implementations:
 * <ul>
 * <li>If the credential are a Userid and Password, then it submits them to an
 * external Kerberos, LDAP, or JDBC authority for validation.</li>
 * <li>If the credential are a Certificate, then it verifies the Issuer chain
 * against some list of reliable CAs, checks the date to make sure it hasn't
 * expired, and checks the CRL to make sure it wasn't revoked.</li>
 * <li>If authentication has been done by the Servlet Container or by a Filter, then
 * the Credentials have been extracted from the HttpRequest object. Notably, this
 * will include the REMOTE_USER. Such Credentials are implicitly trusted and self
 * validating, so an AuthenticationHandler recognizing such an object will indicate
 * that it is valid without inspecting its contents.</li>
 * </ul>
 * @since 3.0
 */
package org.apereo.cas.authentication.handler;