com.caucho.security
Interface Login

All Known Implementing Classes:
AbstractLogin, AbstractLogin, BasicLogin, BasicLogin, ClientCertLogin, ClientCertLogin, DigestLogin, DigestLogin, FormLogin, FormLogin, LoginList

public interface Login

Used to login and logout users in a servlet request. AbstractLogin handles the different login types like "basic" or "form". Normally, a Login will delegate the actual authentication to a ServletAuthenticator.

Since:
Resin 4.0.0

Field Summary
static java.lang.String LOGIN_PASSWORD
           
static java.lang.String LOGIN_USER
           
static java.lang.String LOGIN_USER_NAME
           
 
Method Summary
 Authenticator getAuthenticator()
          Returns the configured authenticator
 java.lang.String getAuthType()
          Returns the authentication type.
 java.security.Principal getUserPrincipal(HttpServletRequest request)
          Returns the Principal associated with the current request.
 boolean isLoginUsedForRequest(HttpServletRequest request)
          Returns true if the login can be used for this request.
 boolean isPasswordBased()
          Returns true if username and password based authentication is supported.
 boolean isUserInRole(java.security.Principal user, java.lang.String role)
          Returns true if the current user plays the named role.
 java.security.Principal login(HttpServletRequest request, HttpServletResponse response, boolean isFail)
          Logs a user in.
 void logout(java.security.Principal user, HttpServletRequest request, HttpServletResponse response)
          Logs the user out from the given request.
 void sessionInvalidate(HttpSession session, boolean isTimeout)
          Called when the session invalidates.
 

Field Detail

LOGIN_USER_NAME

static final java.lang.String LOGIN_USER_NAME
See Also:
Constant Field Values

LOGIN_USER

static final java.lang.String LOGIN_USER
See Also:
Constant Field Values

LOGIN_PASSWORD

static final java.lang.String LOGIN_PASSWORD
See Also:
Constant Field Values
Method Detail

getAuthType

java.lang.String getAuthType()
Returns the authentication type. getAuthType is called by HttpServletRequest.getAuthType.


getAuthenticator

Authenticator getAuthenticator()
Returns the configured authenticator


isLoginUsedForRequest

boolean isLoginUsedForRequest(HttpServletRequest request)
Returns true if the login can be used for this request. This lets webapps use multiple login methods.


getUserPrincipal

java.security.Principal getUserPrincipal(HttpServletRequest request)
Returns the Principal associated with the current request. getUserPrincipal is called in response to the Request.getUserPrincipal call. Login.getUserPrincipal can't modify the response or return an error page.

Parameters:
request - servlet request
Returns:
the logged in principal on success, null on failure.

login

java.security.Principal login(HttpServletRequest request,
                              HttpServletResponse response,
                              boolean isFail)
Logs a user in. The authenticate method is called during the security check. If the user does not exist, authenticate sets the reponse error page and returns null.

Parameters:
request - servlet request
response - servlet response for a failed authentication.
isFail - true if the authorization has failed
Returns:
the logged in principal on success, null on failure.

isPasswordBased

boolean isPasswordBased()
Returns true if username and password based authentication is supported.

Returns:
See Also:
BasicLogin

isUserInRole

boolean isUserInRole(java.security.Principal user,
                     java.lang.String role)
Returns true if the current user plays the named role. isUserInRole is called in response to the HttpServletRequest.isUserInRole call.

Parameters:
user - the logged in user
role - the role to check
Returns:
true if the user plays the named role

logout

void logout(java.security.Principal user,
            HttpServletRequest request,
            HttpServletResponse response)
Logs the user out from the given request.

Since there is no servlet API for logout, this must be called directly from user code. Resin stores the web-app's login object in the ServletContext attribute "caucho.login".


sessionInvalidate

void sessionInvalidate(HttpSession session,
                       boolean isTimeout)
Called when the session invalidates.