com.caucho.http.security
Class XmlAuthenticator

java.lang.Object
  |
  +--com.caucho.http.security.AbstractAuthenticator
        |
        +--com.caucho.http.security.XmlAuthenticator
All Implemented Interfaces:
ServletAuthenticator

public class XmlAuthenticator
extends AbstractAuthenticator

The XML authenticator reads a static file for authentication.

The format of the static file is as follows:

 <authenticator>
 <user name='Harry Potter' password='quidditch'>
   <role>user</role>
   <role>gryffindor</role>
 </user>
 ...
 </authenticator>
 

The authenticator can also be configured in the web.xml:

 <authenticator class-name='com.caucho.http.security.XmlAuthenticator'>
   <init-param user='Harry Potter:quidditch:user,gryffindor'/>
 </authenticator>
 


Fields inherited from class com.caucho.http.security.AbstractAuthenticator
LOGIN_NAME, passwordDigest, passwordDigestName, principalCache, principalCacheSize
 
Constructor Summary
XmlAuthenticator()
           
 
Method Summary
 void addUser(java.lang.String userParam)
          Adds a user from the configuration.
protected  java.lang.String getDigestPassword(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.lang.String userName, java.lang.String realm)
          Returns the password for authenticators too lazy to calculate the digest.
 Path getPath()
          Gets the path to the XML file.
 void init()
          Initialize the XML authenticator.
 boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.security.Principal principal, java.lang.String role)
          Returns true if the user plays the named role.
protected  java.security.Principal loginImpl(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.lang.String userName, java.lang.String password)
          Authenticate (login) the user.
 void setPath(Path path)
          Sets the path to the XML file.
 
Methods inherited from class com.caucho.http.security.AbstractAuthenticator
digest, getDigestSecret, getPasswordDigest, getPrincipalCacheSize, getUserPrincipal, getUserPrincipalImpl, login, loginDigest, loginDigestImpl, logout, setPasswordDigest, setPrincipalCacheSize
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

XmlAuthenticator

public XmlAuthenticator()
Method Detail

setPath

public void setPath(Path path)
Sets the path to the XML file.

getPath

public Path getPath()
Gets the path to the XML file.

addUser

public void addUser(java.lang.String userParam)
Adds a user from the configuration.
 <init-param user='Harry Potter:quidditch:user,webdav'/>
 

init

public void init()
          throws ServletException
Initialize the XML authenticator.
Overrides:
init in class AbstractAuthenticator

loginImpl

protected java.security.Principal loginImpl(HttpServletRequest request,
                                            HttpServletResponse response,
                                            ServletContext application,
                                            java.lang.String userName,
                                            java.lang.String password)
                                     throws ServletException
Authenticate (login) the user.
Overrides:
loginImpl in class AbstractAuthenticator

getDigestPassword

protected java.lang.String getDigestPassword(HttpServletRequest request,
                                             HttpServletResponse response,
                                             ServletContext application,
                                             java.lang.String userName,
                                             java.lang.String realm)
                                      throws ServletException
Description copied from class: AbstractAuthenticator
Returns the password for authenticators too lazy to calculate the digest.
Overrides:
getDigestPassword in class AbstractAuthenticator

isUserInRole

public boolean isUserInRole(HttpServletRequest request,
                            HttpServletResponse response,
                            ServletContext application,
                            java.security.Principal principal,
                            java.lang.String role)
                     throws ServletException
Returns true if the user plays the named role.
Overrides:
isUserInRole in class AbstractAuthenticator
Parameters:
request - the servlet request
user - the user to test
role - the role to test