winstone.auth
Class FormAuthenticationHandler

java.lang.Object
  extended by winstone.auth.BaseAuthenticationHandler
      extended by winstone.auth.FormAuthenticationHandler
All Implemented Interfaces:
AuthenticationHandler

public class FormAuthenticationHandler
extends BaseAuthenticationHandler

Handles FORM based authentication configurations. Fairly simple ... it just redirects any unauthorized requests to the login page, and any bad logins to the error page. The auth values are stored in the session in a special slot.

Version:
$Id: FormAuthenticationHandler.java,v 1.7 2006/12/13 14:07:43 rickknowles Exp $
Author:
Rick Knowles

Field Summary
 
Fields inherited from class winstone.auth.BaseAuthenticationHandler
AUTH_RESOURCES, constraints, realm, realmName
 
Constructor Summary
FormAuthenticationHandler(org.w3c.dom.Node loginConfigNode, java.util.List constraintNodes, java.util.Set rolesAllowed, AuthenticationRealm realm)
          Constructor for the FORM authenticator
 
Method Summary
 boolean processAuthentication(ServletRequest request, ServletResponse response, java.lang.String pathRequested)
          Evaluates any authentication constraints, intercepting if auth is required.
protected  void requestAuthentication(HttpServletRequest request, HttpServletResponse response, java.lang.String pathRequested)
          Call this once we know that we need to authenticate
protected  boolean validatePossibleAuthenticationResponse(HttpServletRequest request, HttpServletResponse response, java.lang.String pathRequested)
          Check the response - is it a response to the login page ?
 
Methods inherited from class winstone.auth.BaseAuthenticationHandler
doRoleCheck, setNoCache
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

FormAuthenticationHandler

public FormAuthenticationHandler(org.w3c.dom.Node loginConfigNode,
                                 java.util.List constraintNodes,
                                 java.util.Set rolesAllowed,
                                 AuthenticationRealm realm)
Constructor for the FORM authenticator

Parameters:
realm - The realm against which we are authenticating
constraints - The array of security constraints that might apply
resources - The list of resource strings for messages
realmName - The name of the realm this handler claims
Method Detail

processAuthentication

public boolean processAuthentication(ServletRequest request,
                                     ServletResponse response,
                                     java.lang.String pathRequested)
                              throws java.io.IOException,
                                     ServletException
Evaluates any authentication constraints, intercepting if auth is required. The relevant authentication handler subclass's logic is used to actually authenticate.

Specified by:
processAuthentication in interface AuthenticationHandler
Overrides:
processAuthentication in class BaseAuthenticationHandler
Returns:
A boolean indicating whether to continue after this request
Throws:
java.io.IOException
ServletException

requestAuthentication

protected void requestAuthentication(HttpServletRequest request,
                                     HttpServletResponse response,
                                     java.lang.String pathRequested)
                              throws ServletException,
                                     java.io.IOException
Call this once we know that we need to authenticate

Specified by:
requestAuthentication in class BaseAuthenticationHandler
Throws:
ServletException
java.io.IOException

validatePossibleAuthenticationResponse

protected boolean validatePossibleAuthenticationResponse(HttpServletRequest request,
                                                         HttpServletResponse response,
                                                         java.lang.String pathRequested)
                                                  throws ServletException,
                                                         java.io.IOException
Check the response - is it a response to the login page ?

Specified by:
validatePossibleAuthenticationResponse in class BaseAuthenticationHandler
Returns:
A boolean indicating whether to continue with the request or not
Throws:
ServletException
java.io.IOException


Copyright © 2013. All Rights Reserved.