io.milton.http.http11.auth

Class CookieAuthenticationHandler

java.lang.Object

io.milton.http.http11.auth.CookieAuthenticationHandler

All Implemented Interfaces:

AuthenticationHandler

public class CookieAuthenticationHandler
extends Object
implements AuthenticationHandler

This wraps a bunch of other authentication handlers, so if any of those successfully login the user then this will generate a cookie which can be used subsequently. Note that it is usually not correct to wrap a Digest auth handler because that would then defeat the purpose of digest authentication. However, this can and should wrap Basic and Form authentication handlers

Author:

brad

Field Summary

Fields

Modifier and Type	Field and Description
static int	SECONDS_PER_YEAR

Constructor Summary

Constructors

Constructor and Description
CookieAuthenticationHandler(NonceProvider nonceProvider, List<AuthenticationHandler> handlers, ResourceFactory principalResourceFactory, List<String> keys)

Method Summary

Modifier and Type	Method and Description
void	appendChallenges(Resource resource, Request request, List<String> challenges) Create a challenge for this authentication method.
Object	authenticate(Resource resource, Request request) Authenticate the details in the request for access to the given resource.
boolean	credentialsPresent(Request request) Determine if there are login credentials present.
String	encodeUserUrl(String userUrl)
String	getCookieNameUserUrl()
String	getCookieNameUserUrlHash()
String	getHashFromRequest(Request request)
String	getLoginToken(String userUrl, Request request)
String	getLoginToken(String userUrl, Request request, String host)
String	getLoginToken(String userUrl, String urlSigningHash)
String	getLoginTokenName()
String	getUrlSigningHash(String userUrl, Request request) The hmac signs a message in the form nonce || userUrl, where the nonce is requested from the nonceProvider This method returns a signing token in the form nonce || hmac
String	getUrlSigningHash(String userUrl, Request request, String host)
String	getUserUrl(Request request) Find a previous login token in the request, and if present verify its authenticity via a signing cookie
String	getUserUrlAttName()
String	getUserUrlFromRequest(Request request)
boolean	isCompatible(Resource resource, Request request) Returns true if this authentication handler is compatible with the given resource This is used when authorisation has failed, in generating challenge responses If you don't want to add a challenge response, return false
boolean	isUseLongLivedCookies()
void	setLoginCookies(DiscretePrincipal user, Request request) Sets cookies to make the given user the currently logged in user for any subsequent requests.
void	setLoginCookies(String userUrl, Request request)
void	setUseLongLivedCookies(boolean useLongLivedCookies)
void	setUserUrlAttName(String userUrlAttName)
boolean	supports(Resource r, Request request) Returns true if this supports authenticating with the given Auth data on the given resource.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SECONDS_PER_YEAR

public static final int SECONDS_PER_YEAR

See Also:

Constant Field Values

Constructor Detail

CookieAuthenticationHandler

public CookieAuthenticationHandler(NonceProvider nonceProvider,
                                   List<AuthenticationHandler> handlers,
                                   ResourceFactory principalResourceFactory,
                                   List<String> keys)

Method Detail

credentialsPresent

public boolean credentialsPresent(Request request)

Description copied from interface: AuthenticationHandler

Determine if there are login credentials present. Should not attempt to validate credentials. Should only determine if something has been provided

Specified by:

credentialsPresent in interface AuthenticationHandler

Returns:

supports

public boolean supports(Resource r,
                        Request request)

Description copied from interface: AuthenticationHandler

Returns true if this supports authenticating with the given Auth data on the given resource. Only the first AuthenticationHandler which returns true for supports will be used for authentication. Ie supports implementations should be mutually exclusive

Specified by:

supports in interface AuthenticationHandler

Parameters:

r - - the resource being access

Returns:

authenticate

public Object authenticate(Resource resource,
                           Request request)

Description copied from interface: AuthenticationHandler

Authenticate the details in the request for access to the given resource.

Specified by:

authenticate in interface AuthenticationHandler

Returns:

setLoginCookies

public void setLoginCookies(DiscretePrincipal user,
                            Request request)

Sets cookies to make the given user the currently logged in user for any subsequent requests. And also makes that user the current on-behalf-of user in CurrentUserService

Parameters:

user -

request -

setLoginCookies

public void setLoginCookies(String userUrl,
                            Request request)

appendChallenges

public void appendChallenges(Resource resource,
                             Request request,
                             List<String> challenges)

Description copied from interface: AuthenticationHandler

Create a challenge for this authentication method. This should be completely formatted as per http://tools.ietf.org/html/rfc2617 and appended to the given list of challenges. It is allowable to append more then one challenge if appropriate

Specified by:

appendChallenges in interface AuthenticationHandler

challenges - - the list of challenges to append to, or not, as appropriate

isCompatible

public boolean isCompatible(Resource resource,
                            Request request)

Description copied from interface: AuthenticationHandler

Returns true if this authentication handler is compatible with the given resource This is used when authorisation has failed, in generating challenge responses If you don't want to add a challenge response, return false

Specified by:

isCompatible in interface AuthenticationHandler

Returns:

- true if this can authenticate the resource, and it should issue a http challenge

getUserUrl

public String getUserUrl(Request request)

Find a previous login token in the request, and if present verify its authenticity via a signing cookie

Parameters:

request -

Returns:

getUserUrlFromRequest

public String getUserUrlFromRequest(Request request)

getHashFromRequest

public String getHashFromRequest(Request request)

getUrlSigningHash

public String getUrlSigningHash(String userUrl,
                                Request request)

The hmac signs a message in the form nonce || userUrl, where the nonce is requested from the nonceProvider This method returns a signing token in the form nonce || hmac

Parameters:

userUrl -

request -

Returns:

getUrlSigningHash

public String getUrlSigningHash(String userUrl,
                                Request request,
                                String host)

getLoginToken

public String getLoginToken(String userUrl,
                            Request request)

getLoginToken

public String getLoginToken(String userUrl,
                            Request request,
                            String host)

getLoginToken

public String getLoginToken(String userUrl,
                            String urlSigningHash)

encodeUserUrl

public String encodeUserUrl(String userUrl)

getCookieNameUserUrlHash

public String getCookieNameUserUrlHash()

getCookieNameUserUrl

public String getCookieNameUserUrl()

getUserUrlAttName

public String getUserUrlAttName()

getLoginTokenName

public String getLoginTokenName()

setUserUrlAttName

public void setUserUrlAttName(String userUrlAttName)

setUseLongLivedCookies

public void setUseLongLivedCookies(boolean useLongLivedCookies)

isUseLongLivedCookies

public boolean isUseLongLivedCookies()