com.caucho.http.security
Class AbstractAuthenticator

java.lang.Object
  |
  +--com.caucho.http.security.AbstractAuthenticator
All Implemented Interfaces:
ServletAuthenticator
Direct Known Subclasses:
JdbcAuthenticator, NullAuthenticator, XmlAuthenticator

public class AbstractAuthenticator
extends java.lang.Object
implements ServletAuthenticator

All applications should extend AbstractAuthenticator to implement their custom authenticators. While this isn't absolutely required, it protects implementations from API changes.

The AbstractAuthenticator provides a single-signon cache. Users logged into one web-app will share the same principal.


Field Summary
static java.lang.String LOGIN_NAME
           
protected  PasswordDigest passwordDigest
           
protected  java.lang.String passwordDigestName
           
protected  LruCache principalCache
           
protected  int principalCacheSize
           
 
Constructor Summary
AbstractAuthenticator()
           
 
Method Summary
protected  byte[] digest(java.lang.String value)
           
protected  java.lang.String getDigestPassword(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.lang.String username, java.lang.String realm)
          Returns the password for authenticators too lazy to calculate the digest.
protected  byte[] getDigestSecret(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.lang.String username, java.lang.String realm, java.lang.String algorithm)
          Returns the digest secret for Digest authentication.
 java.lang.String getPasswordDigest()
          Returns the password digest
 int getPrincipalCacheSize()
          Returns the size of the principal cache.
 java.security.Principal getUserPrincipal(HttpServletRequest request, HttpServletResponse response, ServletContext application)
          Grab the user from the request, assuming the user has already logged in.
protected  java.security.Principal getUserPrincipalImpl(HttpServletRequest request, ServletContext application)
          Gets the user from a persistent cookie, uaing authenticateCookie to actually look the cookie up.
 void init()
          Initialize the authenticator with the application.
 boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.security.Principal user, java.lang.String role)
          Returns true if the user plays the named role.
 java.security.Principal login(HttpServletRequest request, HttpServletResponse response, ServletContext app, java.lang.String user, java.lang.String password)
          Logs the user in with any appropriate password.
 java.security.Principal loginDigest(HttpServletRequest request, HttpServletResponse response, ServletContext app, java.lang.String user, java.lang.String realm, java.lang.String nonce, java.lang.String uri, java.lang.String qop, java.lang.String nc, java.lang.String cnonce, byte[] clientDigest)
          Returns the digest secret for Digest authentication.
 java.security.Principal loginDigestImpl(HttpServletRequest request, HttpServletResponse response, ServletContext app, java.lang.String user, java.lang.String realm, java.lang.String nonce, java.lang.String uri, java.lang.String qop, java.lang.String nc, java.lang.String cnonce, byte[] clientDigest)
           
protected  java.security.Principal loginImpl(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.lang.String user, java.lang.String password)
          Authenticate (login) the user.
 void logout(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.security.Principal user)
          Logs the user out from the session.
 void setPasswordDigest(java.lang.String digest)
          Sets the password digest.
 void setPrincipalCacheSize(int size)
          Sets the size of the principal cache.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

LOGIN_NAME

public static final java.lang.String LOGIN_NAME

principalCacheSize

protected int principalCacheSize

principalCache

protected LruCache principalCache

passwordDigestName

protected java.lang.String passwordDigestName

passwordDigest

protected PasswordDigest passwordDigest
Constructor Detail

AbstractAuthenticator

public AbstractAuthenticator()
Method Detail

getPrincipalCacheSize

public int getPrincipalCacheSize()
Returns the size of the principal cache.

setPrincipalCacheSize

public void setPrincipalCacheSize(int size)
Sets the size of the principal cache.

getPasswordDigest

public java.lang.String getPasswordDigest()
Returns the password digest

setPasswordDigest

public void setPasswordDigest(java.lang.String digest)
Sets the password digest. The password digest of the form: "algorithm-format", e.g. "MD5-base64".

init

public void init()
          throws ServletException
Initialize the authenticator with the application.
Specified by:
init in interface ServletAuthenticator

login

public java.security.Principal login(HttpServletRequest request,
                                     HttpServletResponse response,
                                     ServletContext app,
                                     java.lang.String user,
                                     java.lang.String password)
                              throws ServletException
Logs the user in with any appropriate password.
Specified by:
login in interface ServletAuthenticator
Following copied from interface: com.caucho.http.security.ServletAuthenticator
Parameters:
request - servlet request
response - servlet response, in case any cookie need sending.
application - servlet application
user - the user name.
password - the users input password.
Returns:
the logged in principal on success, null on failure.

loginImpl

protected java.security.Principal loginImpl(HttpServletRequest request,
                                            HttpServletResponse response,
                                            ServletContext application,
                                            java.lang.String user,
                                            java.lang.String password)
                                     throws ServletException
Authenticate (login) the user.

loginDigest

public java.security.Principal loginDigest(HttpServletRequest request,
                                           HttpServletResponse response,
                                           ServletContext app,
                                           java.lang.String user,
                                           java.lang.String realm,
                                           java.lang.String nonce,
                                           java.lang.String uri,
                                           java.lang.String qop,
                                           java.lang.String nc,
                                           java.lang.String cnonce,
                                           byte[] clientDigest)
                                    throws ServletException
Description copied from interface: ServletAuthenticator
Returns the digest secret for Digest authentication. Some authenticators will store digest itself instead of storing the password.
 A1 = MD5(username + ':' + realm + ':' + password)
 A2 = MD5(method + ':' + uri)
 digest = MD5(A1 + ':' + nonce + A2)
 
Specified by:
loginDigest in interface ServletAuthenticator
Following copied from interface: com.caucho.http.security.ServletAuthenticator
Parameters:
request - the request trying to authenticate.
response - the response for setting headers and cookies.
application - the servlet context
username - the username
realm - the realm
Returns:
the digest

loginDigestImpl

public java.security.Principal loginDigestImpl(HttpServletRequest request,
                                               HttpServletResponse response,
                                               ServletContext app,
                                               java.lang.String user,
                                               java.lang.String realm,
                                               java.lang.String nonce,
                                               java.lang.String uri,
                                               java.lang.String qop,
                                               java.lang.String nc,
                                               java.lang.String cnonce,
                                               byte[] clientDigest)
                                        throws ServletException

getDigestSecret

protected byte[] getDigestSecret(HttpServletRequest request,
                                 HttpServletResponse response,
                                 ServletContext application,
                                 java.lang.String username,
                                 java.lang.String realm,
                                 java.lang.String algorithm)
                          throws ServletException
Returns the digest secret for Digest authentication.

digest

protected byte[] digest(java.lang.String value)
                 throws ServletException

getDigestPassword

protected java.lang.String getDigestPassword(HttpServletRequest request,
                                             HttpServletResponse response,
                                             ServletContext application,
                                             java.lang.String username,
                                             java.lang.String realm)
                                      throws ServletException
Returns the password for authenticators too lazy to calculate the digest.

getUserPrincipal

public java.security.Principal getUserPrincipal(HttpServletRequest request,
                                                HttpServletResponse response,
                                                ServletContext application)
                                         throws ServletException
Grab the user from the request, assuming the user has already logged in. In other words, overriding methods could use cookies or the session to find the logged in principal, but shouldn't try to log the user in with form parameters.
Specified by:
getUserPrincipal in interface ServletAuthenticator
Parameters:
request - the servlet request.
Returns:
a Principal representing the user or null if none has logged in.

getUserPrincipalImpl

protected java.security.Principal getUserPrincipalImpl(HttpServletRequest request,
                                                       ServletContext application)
                                                throws ServletException
Gets the user from a persistent cookie, uaing authenticateCookie to actually look the cookie up.

isUserInRole

public boolean isUserInRole(HttpServletRequest request,
                            HttpServletResponse response,
                            ServletContext application,
                            java.security.Principal user,
                            java.lang.String role)
                     throws ServletException
Returns true if the user plays the named role.
Specified by:
isUserInRole in interface ServletAuthenticator
Parameters:
request - the servlet request
user - the user to test
role - the role to test

logout

public void logout(HttpServletRequest request,
                   HttpServletResponse response,
                   ServletContext application,
                   java.security.Principal user)
            throws ServletException
Logs the user out from the session.
Specified by:
logout in interface ServletAuthenticator
Parameters:
request - the servlet request