|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Used in conjunction with AbstractLogin to authenticate users in a servlet request. The ServletAuthenticator is typically responsible for the actual authentication and AbstractLogin is responsible for extracting credentials (user and password) from the request and returning any error pages. Since Login classes typically delegate to the Authenticator, the same authenticator can be used for "basic", "form" or a custom login.
In general, applications should extend AbstractAuthenticator instead to protect from API changes in the Authenticator.
The authenticator is configured using init-param in the resin.conf.
For example, if test.MyAuthenticator defines a setFoo
method,
it can be configured with <init-param foo='bar'/>.
<authenticator id='name'>
<class-name>test.MyAuthenticator</class-name>
<init-param foo='bar'/>
</authenticator>
Authenticator instances can be specific to a web-app, host, or
server-wide. If the authenticator is configured for the host, it
is shared for all web-apps in that host, enabling single-signon.
<host id='foo'>
<authenticator id='myauth'>...</authenticator>
<web-app id='/a'>
...
</web-app>
<web-app id='/a'>
...
</web-app>
</host>
Method Summary | |
java.security.Principal |
getUserPrincipal(HttpServletRequest request,
HttpServletResponse response,
ServletContext application)
Gets the authenticated user for the current request. |
void |
init()
Initialize the authenticator. |
boolean |
isUserInRole(HttpServletRequest request,
HttpServletResponse response,
ServletContext application,
java.security.Principal user,
java.lang.String role)
Returns true if the user plays the named role. |
java.security.Principal |
login(HttpServletRequest request,
HttpServletResponse response,
ServletContext application,
java.lang.String user,
java.lang.String password)
Logs a user in with a user name and a password. |
java.security.Principal |
loginDigest(HttpServletRequest request,
HttpServletResponse response,
ServletContext app,
java.lang.String user,
java.lang.String realm,
java.lang.String nonce,
java.lang.String uri,
java.lang.String qop,
java.lang.String nc,
java.lang.String cnonce,
byte[] clientDigset)
Returns the digest secret for Digest authentication. |
void |
logout(HttpServletRequest request,
HttpServletResponse response,
ServletContext application,
java.security.Principal user)
Logs the user out from the given request. |
Method Detail |
public void init() throws ServletException
init()
is called after all
the bean parameter have been set.public java.security.Principal login(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.lang.String user, java.lang.String password) throws ServletException
The implementation may only use the response to set cookies and headers. It may not write output or set the response status. If the application needs to send a custom error reponse, it must implement a custom AbstractLogin instead.
request
- servlet requestresponse
- servlet response, in case any cookie need sending.application
- servlet applicationuser
- the user name.password
- the users input password.public java.security.Principal getUserPrincipal(HttpServletRequest request, HttpServletResponse response, ServletContext application) throws ServletException
getUserPrincipal is called in response to an application's call to HttpServletRequest.getUserPrincipal.
The implementation may only use the response to set cookies and headers. It may not write output.
request
- the request trying to authenticate.response
- the response for setting headers and cookies.application
- the servlet contextpublic java.security.Principal loginDigest(HttpServletRequest request, HttpServletResponse response, ServletContext app, java.lang.String user, java.lang.String realm, java.lang.String nonce, java.lang.String uri, java.lang.String qop, java.lang.String nc, java.lang.String cnonce, byte[] clientDigset) throws ServletException
A1 = MD5(username + ':' + realm + ':' + password)
A2 = MD5(method + ':' + uri)
digest = MD5(A1 + ':' + nonce + A2)
request
- the request trying to authenticate.response
- the response for setting headers and cookies.application
- the servlet contextusername
- the usernamerealm
- the realmpublic boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.security.Principal user, java.lang.String role) throws ServletException
This method is called in response to the HttpServletResponse.isUserInRole call and for security-constraints that check the use role.
request
- the request testing the role.application
- the owning applicationuser
- the user's Principal.role
- role name.public void logout(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.security.Principal user) throws ServletException
Generally only called from user code. Resin makes the current authenticator available as "caucho.authenticator" in the ServletContext attributes.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |