com.caucho.security
Class ClientCertLogin

java.lang.Object
  extended by com.caucho.security.AbstractLogin
      extended by com.caucho.security.ClientCertLogin
All Implemented Interfaces:
Login
Direct Known Subclasses:
ClientCertLogin

public class ClientCertLogin
extends AbstractLogin

Implements the "CLIENT-CERT" auth-method. CLIENT-CERT uses the SSL authentication with WWW-Authenticate and SC_UNAUTHORIZE.


Field Summary
 
Fields inherited from class com.caucho.security.AbstractLogin
_auth, _singleSignon
 
Fields inherited from interface com.caucho.security.Login
LOGIN_PASSWORD, LOGIN_USER, LOGIN_USER_NAME
 
Constructor Summary
ClientCertLogin()
           
 
Method Summary
 java.security.Principal authenticate(HttpServletRequest request, HttpServletResponse response, ServletContext application)
          Logs a user in with a user name and a password.
 java.lang.String getAuthType()
          Returns the authentication type.
 java.security.Principal getUserPrincipal(HttpServletRequest request)
          Returns the Principal associated with the current request.
 java.security.Principal getUserPrincipal(HttpServletRequest request, HttpServletResponse response, ServletContext application)
          Returns the current user with the user name and password.
 
Methods inherited from class com.caucho.security.AbstractLogin
findSavedUser, getAuthenticator, getLoginPrincipalImpl, getSingleSignon, getUserPrincipalImpl, init, isLoginUsedForRequest, isLogoutOnSessionTimeout, isPasswordBased, isSavedUserValid, isSessionSaveLogin, isUserInRole, login, login, loginChallenge, loginSuccessResponse, logout, logoutImpl, saveUser, sessionInvalidate, setAuthenticator, setLogoutOnSessionTimeout, setSessionSaveLogin, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

ClientCertLogin

public ClientCertLogin()
Method Detail

getAuthType

public java.lang.String getAuthType()
Returns the authentication type.

Specified by:
getAuthType in interface Login
Overrides:
getAuthType in class AbstractLogin

authenticate

public java.security.Principal authenticate(HttpServletRequest request,
                                            HttpServletResponse response,
                                            ServletContext application)
                                     throws ServletException,
                                            java.io.IOException
Logs a user in with a user name and a password. Basic authentication extracts the user and password from the authorization header. If the user/password is missing, authenticate will send a basic challenge.

Parameters:
request - servlet request
response - servlet response, in case any cookie need sending.
application - servlet application
Returns:
the logged in principal on success, null on failure.
Throws:
ServletException
java.io.IOException

getUserPrincipal

public java.security.Principal getUserPrincipal(HttpServletRequest request)
Description copied from class: AbstractLogin
Returns the Principal associated with the current request. getUserPrincipal is called in response to the Request.getUserPrincipal call. Login.getUserPrincipal can't modify the response or return an error page.

authenticate is used for the security checks.

Specified by:
getUserPrincipal in interface Login
Overrides:
getUserPrincipal in class AbstractLogin
Parameters:
request - servlet request
Returns:
the logged in principal on success, null on failure.

getUserPrincipal

public java.security.Principal getUserPrincipal(HttpServletRequest request,
                                                HttpServletResponse response,
                                                ServletContext application)
Returns the current user with the user name and password.

Parameters:
request - servlet request
response - servlet response, in case any cookie need sending.
application - servlet application
Returns:
the logged in principal on success, null on failure.