com.caucho.server.security
Class AbstractAuthenticator

java.lang.Object
  extended by com.caucho.security.AbstractAuthenticator
      extended by com.caucho.server.security.AbstractAuthenticator
All Implemented Interfaces:
HandleAware, Authenticator, java.io.Serializable
Direct Known Subclasses:
AbstractAuthenticator

public class AbstractAuthenticator
extends AbstractAuthenticator

All applications should extend AbstractAuthenticator to implement their custom authenticators. While this isn't absolutely required, it protects implementations from API changes.

The AbstractAuthenticator provides a single-signon cache. Users logged into one web-app will share the same principal.

See Also:
Serialized Form

Field Summary
 
Fields inherited from class com.caucho.security.AbstractAuthenticator
_passwordDigest, _passwordDigestAlgorithm, _passwordDigestRealm, NULL_USER
 
Constructor Summary
AbstractAuthenticator()
           
 
Method Summary
 java.security.Principal authenticate(java.security.Principal principal, PasswordCredentials cred, java.lang.Object details)
          Main authenticator API.
protected  java.security.Principal getUserPrincipal(HttpServletRequest request, HttpServletResponse response, ServletContext app)
          Backward compatiblity call
 boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.security.Principal user, java.lang.String role)
           
 boolean isUserInRole(java.security.Principal user, java.lang.String role)
          Returns true if the user plays the named role.
protected  java.security.Principal login(HttpServletRequest request, HttpServletResponse response, ServletContext app)
          Backward compatiblity call
protected  java.security.Principal login(HttpServletRequest request, HttpServletResponse response, ServletContext app, java.lang.String userName, java.lang.String password)
          Backward compatiblity call
protected  java.security.Principal loginImpl(HttpServletRequest request, HttpServletResponse response, ServletContext app, java.lang.String userName, java.lang.String password)
          Backward compatiblity call
 
Methods inherited from class com.caucho.security.AbstractAuthenticator
addRoleMapping, authenticate, authenticate, authenticate, authenticate, digest, getAlgorithm, getDigest, getDigestSecret, getDigestSecret, getLogoutOnSessionTimeout, getPasswordDigest, getPasswordDigest, getPasswordDigestAlgorithm, getPasswordDigestRealm, getPasswordUser, getPasswordUser, getSingleSignon, init, logout, setLogoutOnSessionTimeout, setPasswordDigest, setPasswordDigestAlgorithm, setPasswordDigestRealm, setSerializationHandle, stringToDigest, toString, writeReplace
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

AbstractAuthenticator

public AbstractAuthenticator()
Method Detail

authenticate

public java.security.Principal authenticate(java.security.Principal principal,
                                            PasswordCredentials cred,
                                            java.lang.Object details)
Main authenticator API.

Overrides:
authenticate in class AbstractAuthenticator

login

protected java.security.Principal login(HttpServletRequest request,
                                        HttpServletResponse response,
                                        ServletContext app,
                                        java.lang.String userName,
                                        java.lang.String password)
                                 throws ServletException
Backward compatiblity call

Throws:
ServletException

loginImpl

protected java.security.Principal loginImpl(HttpServletRequest request,
                                            HttpServletResponse response,
                                            ServletContext app,
                                            java.lang.String userName,
                                            java.lang.String password)
                                     throws ServletException
Backward compatiblity call

Throws:
ServletException

getUserPrincipal

protected java.security.Principal getUserPrincipal(HttpServletRequest request,
                                                   HttpServletResponse response,
                                                   ServletContext app)
                                            throws ServletException
Backward compatiblity call

Throws:
ServletException

login

protected java.security.Principal login(HttpServletRequest request,
                                        HttpServletResponse response,
                                        ServletContext app)
                                 throws ServletException
Backward compatiblity call

Throws:
ServletException

isUserInRole

public boolean isUserInRole(java.security.Principal user,
                            java.lang.String role)
Returns true if the user plays the named role.

Specified by:
isUserInRole in interface Authenticator
Overrides:
isUserInRole in class AbstractAuthenticator
Parameters:
request - the servlet request
user - the user to test
role - the role to test

isUserInRole

public boolean isUserInRole(HttpServletRequest request,
                            HttpServletResponse response,
                            ServletContext application,
                            java.security.Principal user,
                            java.lang.String role)
                     throws ServletException
Throws:
ServletException