winstone.auth
Class BaseAuthenticationHandler

java.lang.Object
  extended by winstone.auth.BaseAuthenticationHandler
All Implemented Interfaces:
AuthenticationHandler
Direct Known Subclasses:
BasicAuthenticationHandler, ClientcertAuthenticationHandler, DigestAuthenticationHandler, FormAuthenticationHandler

public abstract class BaseAuthenticationHandler
extends java.lang.Object
implements AuthenticationHandler

Base class for managers of authentication within Winstone. This class also acts as a factory, loading the appropriate subclass for the requested auth type.

Version:
$Id: BaseAuthenticationHandler.java,v 1.6 2006/02/28 07:32:47 rickknowles Exp $
Author:
mailto: Rick Knowles

Field Summary
static WinstoneResourceBundle AUTH_RESOURCES
           
protected  SecurityConstraint[] constraints
           
protected  AuthenticationRealm realm
           
protected  java.lang.String realmName
           
 
Constructor Summary
protected BaseAuthenticationHandler(org.w3c.dom.Node loginConfigNode, java.util.List constraintNodes, java.util.Set rolesAllowed, AuthenticationRealm realm)
          Factory method - this parses the web.xml nodes and builds the correct subclass for handling that auth type.
 
Method Summary
protected  boolean doRoleCheck(HttpServletRequest request, HttpServletResponse response, java.lang.String pathRequested)
           
 boolean processAuthentication(ServletRequest inRequest, ServletResponse inResponse, java.lang.String pathRequested)
          Evaluates any authentication constraints, intercepting if auth is required.
protected abstract  void requestAuthentication(HttpServletRequest request, HttpServletResponse response, java.lang.String pathRequested)
          The actual auth request implementation.
protected  void setNoCache(HttpServletResponse response)
           
protected abstract  boolean validatePossibleAuthenticationResponse(HttpServletRequest request, HttpServletResponse response, java.lang.String pathRequested)
          Handling the (possible) response
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

constraints

protected SecurityConstraint[] constraints

realm

protected AuthenticationRealm realm

realmName

protected java.lang.String realmName

AUTH_RESOURCES

public static final WinstoneResourceBundle AUTH_RESOURCES
Constructor Detail

BaseAuthenticationHandler

protected BaseAuthenticationHandler(org.w3c.dom.Node loginConfigNode,
                                    java.util.List constraintNodes,
                                    java.util.Set rolesAllowed,
                                    AuthenticationRealm realm)
Factory method - this parses the web.xml nodes and builds the correct subclass for handling that auth type.

Method Detail

processAuthentication

public boolean processAuthentication(ServletRequest inRequest,
                                     ServletResponse inResponse,
                                     java.lang.String pathRequested)
                              throws java.io.IOException,
                                     ServletException
Evaluates any authentication constraints, intercepting if auth is required. The relevant authentication handler subclass's logic is used to actually authenticate.

Specified by:
processAuthentication in interface AuthenticationHandler
Returns:
A boolean indicating whether to continue after this request
Throws:
java.io.IOException
ServletException

doRoleCheck

protected boolean doRoleCheck(HttpServletRequest request,
                              HttpServletResponse response,
                              java.lang.String pathRequested)
                       throws java.io.IOException,
                              ServletException
Throws:
java.io.IOException
ServletException

setNoCache

protected void setNoCache(HttpServletResponse response)

requestAuthentication

protected abstract void requestAuthentication(HttpServletRequest request,
                                              HttpServletResponse response,
                                              java.lang.String pathRequested)
                                       throws java.io.IOException,
                                              ServletException
The actual auth request implementation.

Throws:
java.io.IOException
ServletException

validatePossibleAuthenticationResponse

protected abstract boolean validatePossibleAuthenticationResponse(HttpServletRequest request,
                                                                  HttpServletResponse response,
                                                                  java.lang.String pathRequested)
                                                           throws ServletException,
                                                                  java.io.IOException
Handling the (possible) response

Throws:
ServletException
java.io.IOException


Copyright © 2013. All Rights Reserved.