| java.lang.Object com.caucho.server.security.AbstractLogin
All known Subclasses: com.caucho.server.security.FormLogin, com.caucho.server.security.ClientCertLogin, com.caucho.server.security.DigestLogin, com.caucho.server.security.BasicLogin,
AbstractLogin | abstract public class AbstractLogin implements LoginFilter(Code) | | Used to authenticate users in a servlet request. AbstractLogin handles
the different login types like "basic" or "form". Normally, a Login
will delegate the actual authentication to a ServletAuthenticator.
The Login is primarily responsible for extracting the credentials
from the request (typically username and password) and passing those
to the ServletAuthenticator.
The Servlet API calls the Login in two contexts: directly from
ServletRequest.getUserPrincipal() , and during
security checking. When called from the Servlet API, the login class
can't change the response. In other words, if an application
calls getUserPrincipal(), the Login class can't return a forbidden
error page. When the servlet engine calls authenticate(), the login class
can return an error page (or forward internally.)
Normally, Login implementations will defer the actual authentication
to a ServletAuthenticator class. That way, both "basic" and "form" login
can use the same JdbcAuthenticator. Some applications, like SSL
client certificate login, may want to combine the Login and authentication
into one class.
Login instances are configured through bean introspection. Adding
a public setFoo(String foo) method will be configured with
the following login-config:
<login-config>
<class-name>test.CustomLogin</class-name>
<foo>bar</bar>
</login-config>
since: Resin 2.0.2 |
Method Summary | |
public Principal | authenticate(HttpServletRequest request, HttpServletResponse response, ServletContext application) Logs a user in. | public String | getAuthType() Returns the authentication type. | public ServletAuthenticator | getAuthenticator() Gets the authenticator. | public Principal | getUserPrincipal(HttpServletRequest request, HttpServletResponse response, ServletContext application) Returns the Principal associated with the current request.
getUserPrincipal is called in response to the Request.getUserPrincipal
call. | public void | init() Initialize the login. | public boolean | isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, Principal user, String role) Returns true if the current user plays the named role. | public void | logout(HttpServletRequest request, HttpServletResponse response, ServletContext application) Logs the user out from the given request.
Since there is no servlet API for logout, this must be called
directly from user code. | public void | setAuthenticator(ServletAuthenticator auth) Sets the authenticator. | public String | toString() |
_auth | protected ServletAuthenticator _auth(Code) | | The configured authenticator for the login. Implementing classes will
typically delegate calls to the authenticator after extracting the
username and password.
|
authenticate | public Principal authenticate(HttpServletRequest request, HttpServletResponse response, ServletContext application) throws ServletException, IOException(Code) | | Logs a user in. The authenticate method is called during the
security check. If the user does not exist, authenticate
sets the reponse error page and returns null.
Parameters: request - servlet request Parameters: response - servlet response for a failed authentication. Parameters: application - servlet application the logged in principal on success, null on failure. |
getAuthType | public String getAuthType()(Code) | | Returns the authentication type. getAuthType is called
by HttpServletRequest.getAuthType .
|
getUserPrincipal | public Principal getUserPrincipal(HttpServletRequest request, HttpServletResponse response, ServletContext application) throws ServletException(Code) | | Returns the Principal associated with the current request.
getUserPrincipal is called in response to the Request.getUserPrincipal
call. Login.getUserPrincipal can't modify the response or return
an error page.
authenticate is used for the security checks.
Parameters: request - servlet request Parameters: application - servlet application the logged in principal on success, null on failure. |
init | public void init() throws ServletException(Code) | | Initialize the login. init() will be called after all
the bean parameters have been set.
|
isUserInRole | public boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, Principal user, String role) throws ServletException(Code) | | Returns true if the current user plays the named role.
isUserInRole is called in response to the
HttpServletRequest.isUserInRole call.
Parameters: request - servlet request Parameters: application - servlet application the logged in principal on success, null on failure. |
|
|