|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.caucho.http.security.AbstractAuthenticator
All applications should extend AbstractAuthenticator to implement their custom authenticators. While this isn't absolutely required, it protects implementations from API changes.
The AbstractAuthenticator provides a single-signon cache. Users logged into one web-app will share the same principal.
Field Summary | |
static java.lang.String |
LOGIN_NAME
|
protected PasswordDigest |
passwordDigest
|
protected java.lang.String |
passwordDigestName
|
protected LruCache |
principalCache
|
protected int |
principalCacheSize
|
Constructor Summary | |
AbstractAuthenticator()
|
Method Summary | |
protected byte[] |
digest(java.lang.String value)
|
protected java.lang.String |
getDigestPassword(HttpServletRequest request,
HttpServletResponse response,
ServletContext application,
java.lang.String username,
java.lang.String realm)
Returns the password for authenticators too lazy to calculate the digest. |
protected byte[] |
getDigestSecret(HttpServletRequest request,
HttpServletResponse response,
ServletContext application,
java.lang.String username,
java.lang.String realm,
java.lang.String algorithm)
Returns the digest secret for Digest authentication. |
java.lang.String |
getPasswordDigest()
Returns the password digest |
int |
getPrincipalCacheSize()
Returns the size of the principal cache. |
java.security.Principal |
getUserPrincipal(HttpServletRequest request,
HttpServletResponse response,
ServletContext application)
Grab the user from the request, assuming the user has already logged in. |
protected java.security.Principal |
getUserPrincipalImpl(HttpServletRequest request,
ServletContext application)
Gets the user from a persistent cookie, uaing authenticateCookie to actually look the cookie up. |
void |
init()
Initialize the authenticator with the application. |
boolean |
isUserInRole(HttpServletRequest request,
HttpServletResponse response,
ServletContext application,
java.security.Principal user,
java.lang.String role)
Returns true if the user plays the named role. |
java.security.Principal |
login(HttpServletRequest request,
HttpServletResponse response,
ServletContext app,
java.lang.String user,
java.lang.String password)
Logs the user in with any appropriate password. |
java.security.Principal |
loginDigest(HttpServletRequest request,
HttpServletResponse response,
ServletContext app,
java.lang.String user,
java.lang.String realm,
java.lang.String nonce,
java.lang.String uri,
java.lang.String qop,
java.lang.String nc,
java.lang.String cnonce,
byte[] clientDigest)
Returns the digest secret for Digest authentication. |
java.security.Principal |
loginDigestImpl(HttpServletRequest request,
HttpServletResponse response,
ServletContext app,
java.lang.String user,
java.lang.String realm,
java.lang.String nonce,
java.lang.String uri,
java.lang.String qop,
java.lang.String nc,
java.lang.String cnonce,
byte[] clientDigest)
|
protected java.security.Principal |
loginImpl(HttpServletRequest request,
HttpServletResponse response,
ServletContext application,
java.lang.String user,
java.lang.String password)
Authenticate (login) the user. |
void |
logout(HttpServletRequest request,
HttpServletResponse response,
ServletContext application,
java.security.Principal user)
Logs the user out from the session. |
void |
setPasswordDigest(java.lang.String digest)
Sets the password digest. |
void |
setPrincipalCacheSize(int size)
Sets the size of the principal cache. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final java.lang.String LOGIN_NAME
protected int principalCacheSize
protected LruCache principalCache
protected java.lang.String passwordDigestName
protected PasswordDigest passwordDigest
Constructor Detail |
public AbstractAuthenticator()
Method Detail |
public int getPrincipalCacheSize()
public void setPrincipalCacheSize(int size)
public java.lang.String getPasswordDigest()
public void setPasswordDigest(java.lang.String digest)
public void init() throws ServletException
init
in interface ServletAuthenticator
public java.security.Principal login(HttpServletRequest request, HttpServletResponse response, ServletContext app, java.lang.String user, java.lang.String password) throws ServletException
login
in interface ServletAuthenticator
com.caucho.http.security.ServletAuthenticator
request
- servlet requestresponse
- servlet response, in case any cookie need sending.application
- servlet applicationuser
- the user name.password
- the users input password.protected java.security.Principal loginImpl(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.lang.String user, java.lang.String password) throws ServletException
public java.security.Principal loginDigest(HttpServletRequest request, HttpServletResponse response, ServletContext app, java.lang.String user, java.lang.String realm, java.lang.String nonce, java.lang.String uri, java.lang.String qop, java.lang.String nc, java.lang.String cnonce, byte[] clientDigest) throws ServletException
ServletAuthenticator
A1 = MD5(username + ':' + realm + ':' + password)
A2 = MD5(method + ':' + uri)
digest = MD5(A1 + ':' + nonce + A2)
loginDigest
in interface ServletAuthenticator
com.caucho.http.security.ServletAuthenticator
request
- the request trying to authenticate.response
- the response for setting headers and cookies.application
- the servlet contextusername
- the usernamerealm
- the realmpublic java.security.Principal loginDigestImpl(HttpServletRequest request, HttpServletResponse response, ServletContext app, java.lang.String user, java.lang.String realm, java.lang.String nonce, java.lang.String uri, java.lang.String qop, java.lang.String nc, java.lang.String cnonce, byte[] clientDigest) throws ServletException
protected byte[] getDigestSecret(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.lang.String username, java.lang.String realm, java.lang.String algorithm) throws ServletException
protected byte[] digest(java.lang.String value) throws ServletException
protected java.lang.String getDigestPassword(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.lang.String username, java.lang.String realm) throws ServletException
public java.security.Principal getUserPrincipal(HttpServletRequest request, HttpServletResponse response, ServletContext application) throws ServletException
getUserPrincipal
in interface ServletAuthenticator
request
- the servlet request.protected java.security.Principal getUserPrincipalImpl(HttpServletRequest request, ServletContext application) throws ServletException
public boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.security.Principal user, java.lang.String role) throws ServletException
isUserInRole
in interface ServletAuthenticator
request
- the servlet requestuser
- the user to testrole
- the role to testpublic void logout(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.security.Principal user) throws ServletException
logout
in interface ServletAuthenticator
request
- the servlet request
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |