org.eclipse.jetty.security.authentication

类 FormAuthenticator

java.lang.Object

org.eclipse.jetty.security.authentication.LoginAuthenticator

org.eclipse.jetty.security.authentication.FormAuthenticator

所有已实现的接口:

Authenticator

public class FormAuthenticator
extends LoginAuthenticator

FORM Authenticator.

This authenticator implements form authentication will use dispatchers to the login page if the __FORM_DISPATCH init parameter is set to true. Otherwise it will redirect.

The form authenticator redirects unauthenticated requests to a log page which should use a form to gather username/password from the user and send them to the /j_security_check URI within the context. FormAuthentication uses SessionAuthentication to wrap Authentication results so that they are associated with the session.

嵌套类概要

嵌套类

限定符和类型	类和说明
static class	FormAuthenticator.FormAuthentication This Authentication represents a just completed Form authentication.
protected static class	FormAuthenticator.FormRequest
protected static class	FormAuthenticator.FormResponse

从接口继承的嵌套类/接口 org.eclipse.jetty.security.Authenticator

Authenticator.AuthConfiguration, Authenticator.Factory

字段概要

字段

限定符和类型	字段和说明
static String	__FORM_DISPATCH
static String	__FORM_ERROR_PAGE
static String	__FORM_LOGIN_PAGE
static String	__J_METHOD
static String	__J_PASSWORD
static String	__J_POST
static String	__J_SECURITY_CHECK
static String	__J_URI
static String	__J_USERNAME

从类继承的字段 org.eclipse.jetty.security.authentication.LoginAuthenticator

_identityService, _loginService

构造器概要

构造器

构造器和说明
FormAuthenticator()
FormAuthenticator(String login, String error, boolean dispatch)

方法概要

限定符和类型	方法和说明
boolean	getAlwaysSaveUri()
String	getAuthMethod()
boolean	isJSecurityCheck(String uri)
boolean	isLoginOrErrorPage(String pathInContext)
org.eclipse.jetty.server.UserIdentity	login(String username, Object password, javax.servlet.ServletRequest request)
void	prepareRequest(javax.servlet.ServletRequest request) Called prior to validateRequest.
boolean	secureResponse(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory, org.eclipse.jetty.server.Authentication.User validatedUser) is response secure
void	setAlwaysSaveUri(boolean alwaysSave) If true, uris that cause a redirect to a login page will always be remembered.
void	setConfiguration(Authenticator.AuthConfiguration configuration) Configure the Authenticator
org.eclipse.jetty.server.Authentication	validateRequest(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory) Validate a request

从类继承的方法 org.eclipse.jetty.security.authentication.LoginAuthenticator

getLoginService, renewSession

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

字段详细资料

__FORM_LOGIN_PAGE

public static final String __FORM_LOGIN_PAGE

另请参阅:

常量字段值

__FORM_ERROR_PAGE

public static final String __FORM_ERROR_PAGE

另请参阅:

常量字段值

__FORM_DISPATCH

public static final String __FORM_DISPATCH

另请参阅:

常量字段值

__J_URI

public static final String __J_URI

另请参阅:

常量字段值

__J_POST

public static final String __J_POST

另请参阅:

常量字段值

__J_METHOD

public static final String __J_METHOD

另请参阅:

常量字段值

__J_SECURITY_CHECK

public static final String __J_SECURITY_CHECK

另请参阅:

常量字段值

__J_USERNAME

public static final String __J_USERNAME

另请参阅:

常量字段值

__J_PASSWORD

public static final String __J_PASSWORD

另请参阅:

常量字段值

构造器详细资料

FormAuthenticator

public FormAuthenticator()

FormAuthenticator

public FormAuthenticator(String login,
                         String error,
                         boolean dispatch)

方法详细资料

setAlwaysSaveUri

public void setAlwaysSaveUri(boolean alwaysSave)

If true, uris that cause a redirect to a login page will always be remembered. If false, only the first uri that leads to a login page redirect is remembered. See https://bugs.eclipse.org/bugs/show_bug.cgi?id=379909

参数:

alwaysSave - true to always save the uri

getAlwaysSaveUri

public boolean getAlwaysSaveUri()

setConfiguration

public void setConfiguration(Authenticator.AuthConfiguration configuration)

从接口复制的说明: Authenticator

Configure the Authenticator

指定者:

setConfiguration 在接口中 Authenticator

覆盖:

setConfiguration 在类中 LoginAuthenticator

参数:

configuration - the configuration

另请参阅:

Authenticator.setConfiguration(AuthConfiguration)

getAuthMethod

public String getAuthMethod()

返回:

The name of the authentication method

login

public org.eclipse.jetty.server.UserIdentity login(String username,
                                                   Object password,
                                                   javax.servlet.ServletRequest request)

覆盖:

login 在类中 LoginAuthenticator

prepareRequest

public void prepareRequest(javax.servlet.ServletRequest request)

从接口复制的说明: Authenticator

Called prior to validateRequest. The authenticator can manipulate the request to update it with information that can be inspected prior to validateRequest being called. The primary purpose of this method is to satisfy the Servlet Spec 3.1 section 13.6.3 on handling Form authentication where the http method of the original request causing authentication is not the same as the http method resulting from the redirect after authentication.

指定者:

prepareRequest 在接口中 Authenticator

覆盖:

prepareRequest 在类中 LoginAuthenticator

参数:

request - the request to manipulate

validateRequest

public org.eclipse.jetty.server.Authentication validateRequest(javax.servlet.ServletRequest req,
                                                               javax.servlet.ServletResponse res,
                                                               boolean mandatory)
                                                        throws ServerAuthException

从接口复制的说明: Authenticator

Validate a request

参数:

req - The request

res - The response

mandatory - True if authentication is mandatory.

返回:

An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not manditory, then a Authentication.Deferred may be returned.

抛出:

ServerAuthException - if unable to validate request

isJSecurityCheck

public boolean isJSecurityCheck(String uri)

isLoginOrErrorPage

public boolean isLoginOrErrorPage(String pathInContext)

secureResponse

public boolean secureResponse(javax.servlet.ServletRequest req,
                              javax.servlet.ServletResponse res,
                              boolean mandatory,
                              org.eclipse.jetty.server.Authentication.User validatedUser)
                       throws ServerAuthException

从接口复制的说明: Authenticator

is response secure

参数:

req - the request

res - the response

mandatory - if security is mandator

validatedUser - the user that was validated

返回:

true if response is secure

抛出:

ServerAuthException - if unable to test response