com.sun.enterprise.security.ee.auth.login

Class ProgrammaticLogin

java.lang.Object

com.sun.enterprise.security.ee.auth.login.ProgrammaticLogin

@Service
 @PerLookup
public class ProgrammaticLogin
extends Object

Implement programmatic login.

This class allows deployed applications to supply a name and password directly to the security service. This info will be used to attempt to login to the current realm. If authentication succeeds, a security context is established as this user.

This allows applications to programmatically handle authentication. The use of this mechanism is not recommended since it bypasses the standard Java EE mechanisms and places all burden on the application developer.

Invoking this method requires the permission ProgrammaticLoginPermission with the method name being invoked.

There are two forms of the login method, one which includes the HTTP request and response objects for use by servlets and one which can be used by EJBs.

Constructor Summary

Constructors

Constructor and Description
ProgrammaticLogin()

Method Summary

Modifier and Type	Method and Description
Boolean	login(String user, char[] password) Attempt to login for EJB (either client or server)
Boolean	login(String user, char[] password, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Attempt to login.
Boolean	login(String user, char[] password, String realm, boolean errors) Attempt to login.
Boolean	login(String user, char[] password, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, boolean errors) Attempt to login.
Boolean	login(String user, String password) Attempt to login for EJB (either as client to login for a remote server, or on the server itself)
Boolean	login(String user, String password, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Boolean	login(String user, String password, String realm, boolean errors) Password should be used as a char[]
Boolean	login(String user, String password, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, boolean errors) Attempt to login.
Boolean	logout() Attempt to logout for EJB.
Boolean	logout(boolean errors) Attempt to logout for EJB.
Boolean	logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Attempt to logout.
Boolean	logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, boolean errors) Attempt to logout.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ProgrammaticLogin

public ProgrammaticLogin()

Method Detail

login

public Boolean login(String user,
                     String password)

Attempt to login for EJB (either as client to login for a remote server, or on the server itself)

Upon successful return from this method the SecurityContext will be set in the name of the given user as its Subject.

On the client side, the actual login will not occur until we actually access a resource requiring a login. A java.rmi.AccessException with COBRA NO_PERMISSION will occur when actual login is failed.

This method is intented primarily for EJBs wishing to do programmatic login. If servlet code used this method the established identity will be propagated to EJB calls but will not be used for web container manager authorization. In general servlets should use the servlet-specific version of login instead.

Note: Use of the char[] as password is encouraged

Parameters:

user - User name.

password - Password for user.

Returns:

Boolean containing true or false to indicate success or failure of login.

login

public Boolean login(String user,
                     char[] password)

Attempt to login for EJB (either client or server)

Upon successful return from this method the SecurityContext will be set in the name of the given user as its Subject.

On client side, the actual login will not occur until we actually access a resource requiring a login. And a java.rmi.AccessException with COBRA NO_PERMISSION will occur when actual login is failed.

This method is intented primarily for EJBs wishing to do programmatic login. If servlet code used this method the established identity will be propagated to EJB calls but will not be used for web container manager authorization. In general servlets should use the servlet-specific version of login instead.

Parameters:

user - User name.

password - Password for user.

Returns:

Boolean containing true or false to indicate success or failure of login.

login

public Boolean login(String user,
                     String password,
                     String realm,
                     boolean errors)
              throws Exception

Password should be used as a char[]

Throws:

Exception

login

public Boolean login(String user,
                     char[] password,
                     String realm,
                     boolean errors)
              throws Exception

Attempt to login.

Upon successful return from this method the SecurityContext will be set in the name of the given user as its Subject.

On client side, realm and errors parameters will be ignored and the actual login will not occur until we actually access a resource requiring a login. And a java.rmi.AccessException with COBRA NO_PERMISSION will occur when actual login is failed.

This method is intented primarily for EJBs wishing to do programmatic login. If servlet code used this method the established identity will be propagated to EJB calls but will not be used for web container manager authorization. In general servlets should use the servlet-specific version of login instead.

Parameters:

user - User name.

password - Password for user.

realm - the realm name in which the user should be logged in.

errors - errors=true, propagate any exception encountered to the user errors=false, no exceptions are propagated.

Returns:

Boolean containing true or false to indicate success or failure of login.

Throws:

Exception - any exception encountered during Login.

logout

public Boolean logout()

Attempt to logout for EJB.

logout

public Boolean logout(boolean errors)
               throws Exception

Attempt to logout for EJB.

Parameters:

errors, - errors = true, the method will propagate the exceptions encountered while logging out, errors=false will return a Boolean value of false indicating failure of logout

Returns:

Boolean containing true or false to indicate success or failure of logout.

Throws:

Exception - encountered while logging out, if errors==false

login

public Boolean login(String user,
                     String password,
                     String realm,
                     javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response,
                     boolean errors)
              throws Exception

Attempt to login. This method is specific to the Servlet container.

Upon successful return from this method the SecurityContext will be set in the name of the given user as its Subject. In addition, the principal stored in the request is set to the user name. If a session is available, its principal is also set to the user provided.

Note: Use of the char[] as password is encouraged

Parameters:

realm -

errors -

user - User name.

password - Password for user.

request - HTTP request object provided by caller application. It should be an instance of HttpRequestFacade.

response - HTTP response object provided by called application. It should be an instance of HttpServletResponse.

Returns:

Boolean indicating true for successful login and false otherwise

Throws:

Exception - any exceptions encountered during login

login

public Boolean login(String user,
                     String password,
                     javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response)

login

public Boolean login(String user,
                     char[] password,
                     javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response)

Attempt to login. This method is specific to Servlets (and JSPs).

Upon successful return from this method the SecurityContext will be set in the name of the given user as its Subject. In addition, the principal stored in the request is set to the user name. If a session is available, its principal is also set to the user provided.

Parameters:

user - User name.

password - Password for user.

request - HTTP request object provided by caller application. It should be an instance of HttpRequestFacade.

response - HTTP response object provided by called application. It should be an instance of HttpServletResponse.

Returns:

Boolean containing true or false to indicate success or failure of login.

login

public Boolean login(String user,
                     char[] password,
                     String realm,
                     javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response,
                     boolean errors)
              throws Exception

Attempt to login. This method is specific to servlets (and JSPs).

Upon successful return from this method the SecurityContext will be set in the name of the given user as its Subject. In addition, the principal stored in the request is set to the user name. If a session is available, its principal is also set to the user provided.

Parameters:

realm -

errors -

user - User name.

password - Password for user.

request - HTTP request object provided by caller application. It should be an instance of HttpRequestFacade.

response - HTTP response object provided by called application. It should be an instance of HttpServletResponse.

Returns:

Boolean indicating true for successful login and false otherwise

Throws:

Exception - any exceptions encountered during login

logout

public Boolean logout(javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response)

Attempt to logout. Also removes principal from request (and session if available).

logout

public Boolean logout(javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response,
                      boolean errors)
               throws Exception

Attempt to logout. Also removes principal from request (and session if available).

Parameters:

errors, - errors = true, the method will propagate the exceptions encountered while logging out, errors=false will return a Boolean value of false indicating failure of logout

Returns:

Boolean containing true or false to indicate success or failure of logout.

Throws:

Exception, - exception encountered while logging out and if errors == true

Exception