org.apache.catalina.authenticator

Class FormAuthenticator

java.lang.Object

org.apache.catalina.valves.ValveBase

org.apache.catalina.authenticator.AuthenticatorBase

org.apache.catalina.authenticator.FormAuthenticator

All Implemented Interfaces:

Authenticator, Contained, Lifecycle, Valve, GlassFishValve

public class FormAuthenticator
extends AuthenticatorBase

An Authenticator and Valve implementation of FORM BASED Authentication, as described in the Servlet API Specification, Version 2.2.

Version:

$Revision: 1.8.2.2 $ $Date: 2008/04/17 18:37:04 $

Author:

Craig R. McClanahan, Remy Maucherat

Field Summary

Fields

Modifier and Type	Field and Description
protected static String	info Descriptive information about this implementation.
protected static Logger	log
protected static ResourceBundle	rb

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, entropy, random, randomClass, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sso

Fields inherited from class org.apache.catalina.valves.ValveBase

container, controller, debug, domain, lifecycle, next, oname, started

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, INIT_EVENT, START_EVENT, STOP_EVENT

Fields inherited from interface org.glassfish.web.valve.GlassFishValve

END_PIPELINE, INVOKE_NEXT

Constructor Summary

Constructors

Constructor and Description
FormAuthenticator()

Method Summary

Modifier and Type	Method and Description
boolean	authenticate(HttpRequest request, HttpResponse response, LoginConfig config) Authenticate the user making this request, based on the specified login configuration.
protected void	forwardToErrorPage(HttpRequest request, HttpResponse response, LoginConfig config) Called to forward to the error page.
protected void	forwardToLoginPage(HttpRequest request, HttpResponse response, LoginConfig config) Called to forward to the login page.
protected String	getAuthMethod()
String	getInfo() Return descriptive information about this Valve implementation.
protected boolean	matchRequest(HttpRequest request) Does this request match the saved one (so that it must be the redirect we signaled after successful authentication?
protected boolean	restoreRequest(HttpRequest request, Session session) Restore the original request from information stored in our session.
protected String	savedRequestURL(Session session) Return the request URI (with the corresponding query string, if any) from the saved request so that we can redirect to it.
protected void	saveRequest(HttpRequest request, Session session) Save the original request information into our session.

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

associate, doLogin, generateSessionId, getAlwaysUseSession, getCache, getContainer, getDebug, getDisableProxyCaching, getEntropy, getRandom, getRandomClass, getRealmName, getSession, getSession, getSingleSignOn, invoke, isChangeSessionIdOnAuthentication, isSecurePagesWithPragma, log, log, login, logout, postInvoke, register, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDebug, setDisableProxyCaching, setEntropy, setRandomClass, setRealmName, setSecurePagesWithPragma, setSingleSignOn, start, stop

Methods inherited from class org.apache.catalina.valves.ValveBase

addLifecycleListener, backgroundProcess, createObjectName, event, findLifecycleListeners, getController, getDomain, getNext, getObjectName, getParentName, invoke, isStarted, removeLifecycleListener, setController, setNext, setObjectName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

info

protected static final String info

Descriptive information about this implementation.

See Also:

Constant Field Values

log

protected static final Logger log

rb

protected static final ResourceBundle rb

Constructor Detail

FormAuthenticator

public FormAuthenticator()

Method Detail

getInfo

public String getInfo()

Return descriptive information about this Valve implementation.

Specified by:

getInfo in interface Valve

Specified by:

getInfo in interface GlassFishValve

Overrides:

getInfo in class AuthenticatorBase

authenticate

public boolean authenticate(HttpRequest request,
                            HttpResponse response,
                            LoginConfig config)
                     throws IOException

Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.

Specified by:

authenticate in class AuthenticatorBase

Parameters:

request - Request we are processing

response - Response we are creating

config - Login configuration describing how authentication should be performed

Throws:

IOException - if an input/output error occurs

getAuthMethod

protected String getAuthMethod()

Specified by:

getAuthMethod in class AuthenticatorBase

matchRequest

protected boolean matchRequest(HttpRequest request)

Does this request match the saved one (so that it must be the redirect we signaled after successful authentication?

Parameters:

request - The request to be verified

restoreRequest

protected boolean restoreRequest(HttpRequest request,
                                 Session session)
                          throws IOException

Restore the original request from information stored in our session. If the original request is no longer present (because the session timed out), return false; otherwise, return true.

Parameters:

request - The request to be restored

session - The session containing the saved information

Throws:

IOException

forwardToLoginPage

protected void forwardToLoginPage(HttpRequest request,
                                  HttpResponse response,
                                  LoginConfig config)

Called to forward to the login page. may redirect current request to HTTPS

Parameters:

request - HttpRequest we are processing

response - HttpResponse we are creating

config - Login configuration describing how authentication should be performed

forwardToErrorPage

protected void forwardToErrorPage(HttpRequest request,
                                  HttpResponse response,
                                  LoginConfig config)

Called to forward to the error page. may redirect current request to HTTPS

Parameters:

request - HttpRequest we are processing

response - HttpResponse we are creating

config - Login configuration describing how authentication should be performed

saveRequest

protected void saveRequest(HttpRequest request,
                           Session session)
                    throws IOException

Save the original request information into our session.

Parameters:

request - The request to be saved

session - The session to contain the saved information

Throws:

IOException

savedRequestURL

protected String savedRequestURL(Session session)

Return the request URI (with the corresponding query string, if any) from the saved request so that we can redirect to it.

Parameters:

session - Our current session