|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.caucho.http.security.AbstractLogin
Used to authenticate users in a servlet request. AbstractLogin handles the different login types like "basic" or "form". Normally, a Login will delegate the actual authentication to a ServletAuthenticator.
The Login is primarily responsible for extracting the credentials from the request (typically username and password) and passing those to the ServletAuthenticator.
The Servlet API calls the Login in two contexts: directly from
ServletRequest.getUserPrincipal()
, and during
security checking. When called from the Servlet API, the login class
can't change the response. In other words, if an application
calls getUserPrincipal(), the Login class can't return a forbidden
error page. When the servlet engine calls authenticate(), the login class
can return an error page (or forward internally.)
Normally, Login implementations will defer the actual authentication to a ServletAuthenticator class. That way, both "basic" and "form" login can use the same JdbcAuthenticator. Some applications, like SSL client certificate login, may want to combine the Login and authentication into one class.
Login instances are configured through bean introspection. Adding
a public setFoo(String foo)
method will be configured with
the following login-config:
<login-config>
<class-name>test.CustomLogin</class-name>
<foo>bar</bar>
</login-config>
Field Summary | |
protected ServletAuthenticator |
auth
The configured authenticator for the login. |
protected static WriteStream |
dbg
|
Constructor Summary | |
AbstractLogin()
|
Method Summary | |
java.security.Principal |
authenticate(HttpServletRequest request,
HttpServletResponse response,
ServletContext application)
Logs a user in. |
ServletAuthenticator |
getAuthenticator()
Gets the authenticator. |
java.lang.String |
getAuthType()
Returns the authentication type. |
java.security.Principal |
getUserPrincipal(HttpServletRequest request,
HttpServletResponse response,
ServletContext application)
Returns the Principal associated with the current request. |
void |
init()
Initialize the login. |
boolean |
isUserInRole(HttpServletRequest request,
HttpServletResponse response,
ServletContext application,
java.security.Principal user,
java.lang.String role)
Returns true if the current user plays the named role. |
void |
logout(HttpServletRequest request,
HttpServletResponse response,
ServletContext application)
Logs the user out from the given request. |
void |
setAuthenticator(ServletAuthenticator auth)
Sets the authenticator. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
protected static WriteStream dbg
protected ServletAuthenticator auth
Constructor Detail |
public AbstractLogin()
Method Detail |
public void setAuthenticator(ServletAuthenticator auth)
public ServletAuthenticator getAuthenticator()
public void init() throws ServletException
init()
will be called after all
the bean parameters have been set.public java.lang.String getAuthType()
getAuthType
is called
by HttpServletRequest.getAuthType
.public java.security.Principal authenticate(HttpServletRequest request, HttpServletResponse response, ServletContext application) throws ServletException, java.io.IOException
authenticate
sets the reponse error page and returns null.request
- servlet requestresponse
- servlet response for a failed authentication.application
- servlet applicationpublic java.security.Principal getUserPrincipal(HttpServletRequest request, HttpServletResponse response, ServletContext application) throws ServletException
request
- servlet requestapplication
- servlet applicationpublic boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.security.Principal user, java.lang.String role) throws ServletException
isUserInRole
is called in response to the
HttpServletRequest.isUserInRole
call.request
- servlet requestapplication
- servlet applicationpublic void logout(HttpServletRequest request, HttpServletResponse response, ServletContext application) throws ServletException
Since there is no servlet API for logout, this must be called directly from user code. Resin stores the web-app's login object in the ServletContext attribute "caucho.login".
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |