com.caucho.server.http
Class AbstractAuthenticator

java.lang.Object
  |
  +--com.caucho.server.http.AbstractAuthenticator
All Implemented Interfaces:
Authenticator
Direct Known Subclasses:
JdbcAuthenticator, NullAuthenticator

public abstract class AbstractAuthenticator
extends java.lang.Object
implements Authenticator

All applications should extend AbstractAuthenticator to implement their custom authenticators. While this isn't absolutely required, it protects implementations from API changes.


Field Summary
protected  ServletContext application
           
protected  RegistryNode params
           
 
Constructor Summary
AbstractAuthenticator()
           
 
Method Summary
 java.security.Principal authenticate(HttpServletRequest request)
          Grab the user from the request, assuming the user has already logged in.
 java.security.Principal authenticate(HttpServletRequest request, java.lang.String user, java.lang.String password)
          Authenticate (login) the user.
 java.security.Principal authenticate(java.lang.String user, java.lang.String password)
           
 java.security.Principal authenticateCookie(HttpServletRequest request, java.lang.String cookieValue)
           
 java.security.Principal authenticateCookie(java.lang.String cookieValue)
           
 ServletContext getServletContext()
          Returns the servlet context owning this authenticator.
 void init()
          Initialize the authenticator with the application.
 void init(CauchoApplication app, RegistryNode params)
          Initialize the authenticator with the application.
 boolean isUserInRole(HttpServletRequest request, java.security.Principal user, java.lang.String role)
          Returns true if the user plays the named role.
 boolean isUserInRole(java.security.Principal user, java.lang.String role)
           
 java.security.Principal login(HttpServletRequest request, HttpServletResponse response, java.lang.String user, java.lang.String password, boolean allowCookie)
          Logs the user in with any appropriate password.
 void logout(HttpServletRequest request)
          Logs the user out from the session.
 boolean updateCookie(HttpServletRequest request, java.security.Principal user, java.lang.String cookieValue)
           
 boolean updateCookie(java.security.Principal user, java.lang.String cookieValue)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

application

protected ServletContext application

params

protected RegistryNode params
Constructor Detail

AbstractAuthenticator

public AbstractAuthenticator()
Method Detail

init

public void init(CauchoApplication app,
                 RegistryNode params)
          throws ServletException
Initialize the authenticator with the application. After calling init(), the setXXX bean methods will be called for any init-param.
Specified by:
init in interface Authenticator
Parameters:
application - the owning application.

init

public void init()
          throws ServletException
Initialize the authenticator with the application.

getServletContext

public ServletContext getServletContext()
Returns the servlet context owning this authenticator.

authenticate

public java.security.Principal authenticate(HttpServletRequest request)
                                     throws ServletException
Grab the user from the request, assuming the user has already logged in. In other words, overriding methods could use cookies or the session to find the logged in principal, but shouldn't try to log the user in with form parameters.
Specified by:
authenticate in interface Authenticator
Parameters:
request - the servlet request.
Returns:
a Principal representing the user or null if none has logged in.

login

public java.security.Principal login(HttpServletRequest request,
                                     HttpServletResponse response,
                                     java.lang.String user,
                                     java.lang.String password,
                                     boolean allowCookie)
Logs the user in with any appropriate password.
Specified by:
login in interface Authenticator
Following copied from interface: com.caucho.server.http.Authenticator
Parameters:
request - servlet request
response - servlet response, in case any cookie need sending.
user - the user name.
password - the user's presented password.
allowCookie - true if the user allows cookies for subsequent requests.
Returns:
the logged in principal on success, null on failure.

isUserInRole

public boolean isUserInRole(HttpServletRequest request,
                            java.security.Principal user,
                            java.lang.String role)
Returns true if the user plays the named role.
Specified by:
isUserInRole in interface Authenticator
Parameters:
request - the servlet request
user - the user to test
role - the role to test

logout

public void logout(HttpServletRequest request)
Logs the user out from the session.
Specified by:
logout in interface Authenticator
Parameters:
request - the servlet request

authenticate

public java.security.Principal authenticate(HttpServletRequest request,
                                            java.lang.String user,
                                            java.lang.String password)
Authenticate (login) the user.

authenticateCookie

public java.security.Principal authenticateCookie(HttpServletRequest request,
                                                  java.lang.String cookieValue)

updateCookie

public boolean updateCookie(HttpServletRequest request,
                            java.security.Principal user,
                            java.lang.String cookieValue)

authenticate

public java.security.Principal authenticate(java.lang.String user,
                                            java.lang.String password)

authenticateCookie

public java.security.Principal authenticateCookie(java.lang.String cookieValue)

updateCookie

public boolean updateCookie(java.security.Principal user,
                            java.lang.String cookieValue)

isUserInRole

public boolean isUserInRole(java.security.Principal user,
                            java.lang.String role)