| com.caucho.server.security.ServletAuthenticator
All known Subclasses: com.caucho.server.security.AuthenticatorList, com.caucho.server.security.AbstractAuthenticator,
ServletAuthenticator | public interface ServletAuthenticator (Code) | | Used in conjunction with AbstractLogin to authenticate users in
a servlet request. The ServletAuthenticator is typically responsible for
the actual authentication and AbstractLogin is responsible for extracting
credentials (user and password) from the request and returning any
error pages. Since Login classes typically delegate to the Authenticator,
the same authenticator can be used for "basic", "form" or a custom login.
In general, applications should extend AbstractAuthenticator instead
to protect from API changes in the Authenticator.
The authenticator is configured using init-param in the resin.conf.
For example, if test.MyAuthenticator defines a setFoo method,
it can be configured with <init-param foo='bar'/>.
<authenticator url='scheme:param1=value1;param2=value2'>
<init>
<param3>value4</param3>
</init>
</authenticator>
Authenticator instances can be specific to a web-app, host, or
server-wide. If the authenticator is configured for the host, it
is shared for all web-apps in that host, enabling single-signon.
<host id='foo'>
<authenticator id='myauth'>...</authenticator>
<web-app id='/a'>
...
</web-app>
<web-app id='/a'>
...
</web-app>
</host>
|
Method Summary | |
public Principal | getUserPrincipal(HttpServletRequest request, HttpServletResponse response, ServletContext application) Gets the authenticated user for the current request. | public void | init() Initialize the authenticator. | public boolean | isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, Principal user, String role) Returns true if the user plays the named role. | public Principal | login(HttpServletRequest request, HttpServletResponse response, ServletContext application, String user, String password) Logs a user in with a user name and a password. | public Principal | loginDigest(HttpServletRequest request, HttpServletResponse response, ServletContext app, String user, String realm, String nonce, String uri, String qop, String nc, String cnonce, byte[] clientDigset) Validates the user when using HTTP Digest authentication.
DigestLogin will call this method. | public void | logout(ServletContext application, HttpSession session, String sessionId, Principal user) Logs the user out from the given request.
Called via the session.logout() method.
Parameters: session - for timeout, the session timing out. |
getUserPrincipal | public Principal getUserPrincipal(HttpServletRequest request, HttpServletResponse response, ServletContext application) throws ServletException(Code) | | Gets the authenticated user for the current request. If the user
has not logged in, just returns null.
getUserPrincipal is called in response to an application's call to
HttpServletRequest.getUserPrincipal.
The implementation may only use the response to set cookies
and headers. It may not write output.
Parameters: request - the request trying to authenticate. Parameters: response - the response for setting headers and cookies. Parameters: application - the servlet context the authenticated user or null if none has logged in |
init | public void init() throws ServletException(Code) | | Initialize the authenticator. init() is called after all
the bean parameter have been set.
|
isUserInRole | public boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, Principal user, String role) throws ServletException(Code) | | Returns true if the user plays the named role.
This method is called in response to the
HttpServletResponse.isUserInRole call and for security-constraints
that check the use role.
Parameters: request - the request testing the role. Parameters: application - the owning application Parameters: user - the user's Principal. Parameters: role - role name. |
login | public Principal login(HttpServletRequest request, HttpServletResponse response, ServletContext application, String user, String password) throws ServletException(Code) | | Logs a user in with a user name and a password. The login method
is generally called during servlet security checks. The
ServletRequest.getUserPrincipal call will generally call
getUserPrincipal.
The implementation may only use the response to set cookies
and headers. It may not write output or set the response status.
If the application needs to send a custom error reponse,
it must implement a custom AbstractLogin instead.
Parameters: request - servlet request Parameters: response - servlet response, in case any cookie need sending. Parameters: application - servlet application Parameters: user - the user name. Parameters: password - the users input password. the logged in principal on success, null on failure. |
loginDigest | public Principal loginDigest(HttpServletRequest request, HttpServletResponse response, ServletContext app, String user, String realm, String nonce, String uri, String qop, String nc, String cnonce, byte[] clientDigset) throws ServletException(Code) | | Validates the user when using HTTP Digest authentication.
DigestLogin will call this method. Most other AbstractLogin
implementations, like BasicLogin and FormLogin, will use
getUserPrincipal instead.
The HTTP Digest authentication uses the following algorithm
to calculate the digest. The digest is then compared to
the client digest.
A1 = MD5(username + ':' + realm + ':' + password)
A2 = MD5(method + ':' + uri)
digest = MD5(A1 + ':' + nonce + A2)
Parameters: request - the request trying to authenticate. Parameters: response - the response for setting headers and cookies. Parameters: app - the servlet context Parameters: user - the username Parameters: realm - the authentication realm Parameters: nonce - the nonce passed to the client during the challenge Parameters: uri - te protected uri Parameters: qop - Parameters: nc - Parameters: cnonce - the client nonce Parameters: clientDigest - the client's calculation of the digest the logged in principal if successful |
|
|