com.caucho.server.http
Interface Authenticator

All Known Implementing Classes:
AbstractAuthenticator

public interface Authenticator

Used to authenticate users in a servlet request. Applications will implement the Authenticator interface with a bean for authentication.

In general, applications should extend AbstractAuthenticator instead to protect from API changes in the Authenticator.


Method Summary
 java.security.Principal authenticate(HttpServletRequest request)
          Authenticate a user for the current request.
 void init(CauchoApplication app, RegistryNode params)
          Initialize the authenticator.
 boolean isUserInRole(HttpServletRequest request, java.security.Principal user, java.lang.String role)
          Returns true if the user plays the named role.
 java.security.Principal login(HttpServletRequest request, HttpServletResponse response, java.lang.String user, java.lang.String password, boolean allowCookie)
          Logs a user in with a user name and a password.
 void logout(HttpServletRequest request)
          Logs the user out from the given request.
 

Method Detail

init

public void init(CauchoApplication app,
                 RegistryNode params)
          throws ServletException
Initialize the authenticator.
Parameters:
app - the owning servlet context.

authenticate

public java.security.Principal authenticate(HttpServletRequest request)
                                     throws ServletException
Authenticate a user for the current request. In general, Authenticators will login a user and store the saved information in the session. As an alternative, an Authenticator can save the state information in a persistent cookie.
Parameters:
request - the request trying to authenticate.

login

public java.security.Principal login(HttpServletRequest request,
                                     HttpServletResponse response,
                                     java.lang.String user,
                                     java.lang.String password,
                                     boolean allowCookie)
                              throws ServletException
Logs a user in with a user name and a password.
Parameters:
request - servlet request
response - servlet response, in case any cookie need sending.
user - the user name.
password - the user's presented password.
allowCookie - true if the user allows cookies for subsequent requests.
Returns:
the logged in principal on success, null on failure.

isUserInRole

public boolean isUserInRole(HttpServletRequest request,
                            java.security.Principal user,
                            java.lang.String role)
                     throws ServletException
Returns true if the user plays the named role.
Parameters:
request - the request testing the role.
user - the user's Principal.
role - role name.

logout

public void logout(HttpServletRequest request)
            throws ServletException
Logs the user out from the given request.

Generally only called from user code.