public class FormAuthenticator extends LoginAuthenticator
This authenticator implements form authentication will use dispatchers to
the login page if the __FORM_DISPATCH
init parameter is set to true.
Otherwise it will redirect.
The form authenticator redirects unauthenticated requests to a log page
which should use a form to gather username/password from the user and send them
to the /j_security_check URI within the context. FormAuthentication uses
SessionAuthentication
to wrap Authentication results so that they
are associated with the session.
Modifier and Type | Class and Description |
---|---|
static class |
FormAuthenticator.FormAuthentication
This Authentication represents a just completed Form authentication.
|
protected static class |
FormAuthenticator.FormRequest |
protected static class |
FormAuthenticator.FormResponse |
Authenticator.AuthConfiguration, Authenticator.Factory
Modifier and Type | Field and Description |
---|---|
static String |
__FORM_DISPATCH |
static String |
__FORM_ERROR_PAGE |
static String |
__FORM_LOGIN_PAGE |
static String |
__J_METHOD |
static String |
__J_PASSWORD |
static String |
__J_POST |
static String |
__J_SECURITY_CHECK |
static String |
__J_URI |
static String |
__J_USERNAME |
_identityService, _loginService
Constructor and Description |
---|
FormAuthenticator() |
FormAuthenticator(String login,
String error,
boolean dispatch) |
Modifier and Type | Method and Description |
---|---|
boolean |
getAlwaysSaveUri() |
String |
getAuthMethod() |
boolean |
isJSecurityCheck(String uri) |
boolean |
isLoginOrErrorPage(String pathInContext) |
UserIdentity |
login(String username,
Object password,
ServletRequest request) |
void |
prepareRequest(ServletRequest request)
Called prior to validateRequest.
|
boolean |
secureResponse(ServletRequest req,
ServletResponse res,
boolean mandatory,
Authentication.User validatedUser)
is response secure
|
void |
setAlwaysSaveUri(boolean alwaysSave)
If true, uris that cause a redirect to a login page will always
be remembered.
|
void |
setConfiguration(Authenticator.AuthConfiguration configuration)
Configure the Authenticator
|
Authentication |
validateRequest(ServletRequest req,
ServletResponse res,
boolean mandatory)
Validate a request
|
getLoginService, renewSession
public static final String __FORM_LOGIN_PAGE
public static final String __FORM_ERROR_PAGE
public static final String __FORM_DISPATCH
public static final String __J_URI
public static final String __J_POST
public static final String __J_METHOD
public static final String __J_SECURITY_CHECK
public static final String __J_USERNAME
public static final String __J_PASSWORD
public void setAlwaysSaveUri(boolean alwaysSave)
alwaysSave
- true to always save the uripublic boolean getAlwaysSaveUri()
public void setConfiguration(Authenticator.AuthConfiguration configuration)
Authenticator
setConfiguration
in interface Authenticator
setConfiguration
in class LoginAuthenticator
configuration
- the configurationLoginAuthenticator.setConfiguration(org.eclipse.jetty.security.Authenticator.AuthConfiguration)
public String getAuthMethod()
public UserIdentity login(String username, Object password, ServletRequest request)
login
in class LoginAuthenticator
public void prepareRequest(ServletRequest request)
Authenticator
prepareRequest
in interface Authenticator
prepareRequest
in class LoginAuthenticator
request
- the request to manipulatepublic Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
Authenticator
req
- The requestres
- The responsemandatory
- True if authentication is mandatory.Authentication.User
. If a response has
been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will
implement Authentication.ResponseSent
. If Authentication is not manditory, then a
Authentication.Deferred
may be returned.ServerAuthException
- if unable to validate requestpublic boolean isJSecurityCheck(String uri)
public boolean isLoginOrErrorPage(String pathInContext)
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException
Authenticator
req
- the requestres
- the responsemandatory
- if security is mandatorvalidatedUser
- the user that was validatedServerAuthException
- if unable to test responseCopyright © 1995-2016 Webtide. All Rights Reserved.