Java Doc for ServletAuthenticator.java in  » EJB-Server-resin-3.1.5 » resin » com » caucho » server » security » Java Source Code / Java DocumentationJava Source Code and Java Documentation

Java Source Code / Java Documentation
1. 6.0 JDK Core
2. 6.0 JDK Modules
3. 6.0 JDK Modules com.sun
4. 6.0 JDK Modules com.sun.java
5. 6.0 JDK Modules sun
6. 6.0 JDK Platform
7. Ajax
8. Apache Harmony Java SE
9. Aspect oriented
10. Authentication Authorization
11. Blogger System
12. Build
13. Byte Code
14. Cache
15. Chart
16. Chat
17. Code Analyzer
18. Collaboration
19. Content Management System
20. Database Client
21. Database DBMS
22. Database JDBC Connection Pool
23. Database ORM
24. Development
25. EJB Server geronimo
26. EJB Server GlassFish
27. EJB Server JBoss 4.2.1
28. EJB Server resin 3.1.5
29. ERP CRM Financial
30. ESB
31. Forum
32. GIS
33. Graphic Library
34. Groupware
35. HTML Parser
36. IDE
37. IDE Eclipse
38. IDE Netbeans
39. Installer
40. Internationalization Localization
41. Inversion of Control
42. Issue Tracking
43. J2EE
44. JBoss
45. JMS
46. JMX
47. Library
48. Mail Clients
49. Net
50. Parser
51. PDF
52. Portal
53. Profiler
54. Project Management
55. Report
56. RSS RDF
57. Rule Engine
58. Science
59. Scripting
60. Search Engine
61. Security
62. Sevlet Container
63. Source Control
64. Swing Library
65. Template Engine
66. Test Coverage
67. Testing
68. UML
69. Web Crawler
70. Web Framework
71. Web Mail
72. Web Server
73. Web Services
74. Web Services apache cxf 2.0.1
75. Web Services AXIS2
76. Wiki Engine
77. Workflow Engines
78. XML
79. XML UI
Java
Java Tutorial
Java Open Source
Jar File Download
Java Articles
Java Products
Java by API
Photoshop Tutorials
Maya Tutorials
Flash Tutorials
3ds-Max Tutorials
Illustrator Tutorials
GIMP Tutorials
C# / C Sharp
C# / CSharp Tutorial
C# / CSharp Open Source
ASP.Net
ASP.NET Tutorial
JavaScript DHTML
JavaScript Tutorial
JavaScript Reference
HTML / CSS
HTML CSS Reference
C / ANSI-C
C Tutorial
C++
C++ Tutorial
Ruby
PHP
Python
Python Tutorial
Python Open Source
SQL Server / T-SQL
SQL Server / T-SQL Tutorial
Oracle PL / SQL
Oracle PL/SQL Tutorial
PostgreSQL
SQL / MySQL
MySQL Tutorial
VB.Net
VB.Net Tutorial
Flash / Flex / ActionScript
VBA / Excel / Access / Word
XML
XML Tutorial
Microsoft Office PowerPoint 2007 Tutorial
Microsoft Office Excel 2007 Tutorial
Microsoft Office Word 2007 Tutorial
Java Source Code / Java Documentation » EJB Server resin 3.1.5 » resin » com.caucho.server.security 
Source Cross Reference  Class Diagram Java Document (Java Doc) 


com.caucho.server.security.ServletAuthenticator

All known Subclasses:   com.caucho.server.security.AuthenticatorList,  com.caucho.server.security.AbstractAuthenticator,
ServletAuthenticator
public interface ServletAuthenticator (Code)
Used in conjunction with AbstractLogin to authenticate users in a servlet request. The ServletAuthenticator is typically responsible for the actual authentication and AbstractLogin is responsible for extracting credentials (user and password) from the request and returning any error pages. Since Login classes typically delegate to the Authenticator, the same authenticator can be used for "basic", "form" or a custom login.

In general, applications should extend AbstractAuthenticator instead to protect from API changes in the Authenticator.

The authenticator is configured using init-param in the resin.conf. For example, if test.MyAuthenticator defines a setFoo method, it can be configured with <init-param foo='bar'/>.

 <authenticator url='scheme:param1=value1;param2=value2'>
 <init>
 <param3>value4</param3>
 </init>
 </authenticator>
 

Authenticator instances can be specific to a web-app, host, or server-wide. If the authenticator is configured for the host, it is shared for all web-apps in that host, enabling single-signon.

 <host id='foo'>
 <authenticator id='myauth'>...</authenticator>
 <web-app id='/a'>
 ...
 </web-app>
 <web-app id='/a'>
 ...
 </web-app>
 </host>
 




Method Summary
public  PrincipalgetUserPrincipal(HttpServletRequest request, HttpServletResponse response, ServletContext application)
     Gets the authenticated user for the current request.
public  voidinit()
     Initialize the authenticator.
public  booleanisUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, Principal user, String role)
     Returns true if the user plays the named role.
public  Principallogin(HttpServletRequest request, HttpServletResponse response, ServletContext application, String user, String password)
     Logs a user in with a user name and a password.
public  PrincipalloginDigest(HttpServletRequest request, HttpServletResponse response, ServletContext app, String user, String realm, String nonce, String uri, String qop, String nc, String cnonce, byte[] clientDigset)
     Validates the user when using HTTP Digest authentication. DigestLogin will call this method.
public  voidlogout(ServletContext application, HttpSession session, String sessionId, Principal user)
     Logs the user out from the given request.

Called via the session.logout() method.
Parameters:
  session - for timeout, the session timing out.




Method Detail
getUserPrincipal
public Principal getUserPrincipal(HttpServletRequest request, HttpServletResponse response, ServletContext application) throws ServletException(Code)
Gets the authenticated user for the current request. If the user has not logged in, just returns null.

getUserPrincipal is called in response to an application's call to HttpServletRequest.getUserPrincipal.

The implementation may only use the response to set cookies and headers. It may not write output.
Parameters:
  request - the request trying to authenticate.
Parameters:
  response - the response for setting headers and cookies.
Parameters:
  application - the servlet context the authenticated user or null if none has logged in




init
public void init() throws ServletException(Code)
Initialize the authenticator. init() is called after all the bean parameter have been set.



isUserInRole
public boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, Principal user, String role) throws ServletException(Code)
Returns true if the user plays the named role.

This method is called in response to the HttpServletResponse.isUserInRole call and for security-constraints that check the use role.
Parameters:
  request - the request testing the role.
Parameters:
  application - the owning application
Parameters:
  user - the user's Principal.
Parameters:
  role - role name.




login
public Principal login(HttpServletRequest request, HttpServletResponse response, ServletContext application, String user, String password) throws ServletException(Code)
Logs a user in with a user name and a password. The login method is generally called during servlet security checks. The ServletRequest.getUserPrincipal call will generally call getUserPrincipal.

The implementation may only use the response to set cookies and headers. It may not write output or set the response status. If the application needs to send a custom error reponse, it must implement a custom AbstractLogin instead.
Parameters:
  request - servlet request
Parameters:
  response - servlet response, in case any cookie need sending.
Parameters:
  application - servlet application
Parameters:
  user - the user name.
Parameters:
  password - the users input password. the logged in principal on success, null on failure.




loginDigest
public Principal loginDigest(HttpServletRequest request, HttpServletResponse response, ServletContext app, String user, String realm, String nonce, String uri, String qop, String nc, String cnonce, byte[] clientDigset) throws ServletException(Code)
Validates the user when using HTTP Digest authentication. DigestLogin will call this method. Most other AbstractLogin implementations, like BasicLogin and FormLogin, will use getUserPrincipal instead.

The HTTP Digest authentication uses the following algorithm to calculate the digest. The digest is then compared to the client digest.

 A1 = MD5(username + ':' + realm + ':' + password)
 A2 = MD5(method + ':' + uri)
 digest = MD5(A1 + ':' + nonce + A2)
 

Parameters:
  request - the request trying to authenticate.
Parameters:
  response - the response for setting headers and cookies.
Parameters:
  app - the servlet context
Parameters:
  user - the username
Parameters:
  realm - the authentication realm
Parameters:
  nonce - the nonce passed to the client during the challenge
Parameters:
  uri - te protected uri
Parameters:
  qop -
Parameters:
  nc -
Parameters:
  cnonce - the client nonce
Parameters:
  clientDigest - the client's calculation of the digest the logged in principal if successful



logout
public void logout(ServletContext application, HttpSession session, String sessionId, Principal user) throws ServletException(Code)
Logs the user out from the given request.

Called via the session.logout() method.
Parameters:
  session - for timeout, the session timing out. null if force logout




www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.