|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface LoginHandler
Authentication handlers authenticate a user in an implementation specific manner. Some examples of this might be by
collecting a user name and password and validating it against an LDAP directory, validating a client certificate, or
validating one-time password.
When a login handler is invoked the user's Session
is bound
to the HttpSession
under the attribute with the name
Session.HTTP_SESSION_BINDING_ATTRIBUTE
.
After a successful authentication has been completed the handler MUST either:
Subject
to the attribute identified by SUBJECT_KEY
if one was created
during the authentication process. The principals, public, and private credentials from this subject will be merged
with those in the Subject
within the
Session
.Principal
for the user to the request attribute identified by PRINCIPAL_KEY
. Such a Principal
MUST implement Serializable
. This principal
will be added to the Subject
within the
Session
.PRINCIPAL_NAME_KEY
. In this case the
AuthenticationEngine
will create a Principal
object of type
UsernamePrincipal
and add that to the
Subject
within the Session
.AUTHENTICATION_METHOD_KEY
. This may be used if a handler is capable of performing multiple types of
authentication.AUTHENTICATION_ERROR_KEY
.AuthenticationException
, if an exception occurred during authentication to the request attribute
identified by AUTHENTICATION_EXCEPTION_KEY
.AuthenticationEngine.returnToAuthenticationEngine(HttpServletRequest, HttpServletResponse)
. After which the
authentication handler must immediately return.
Handlers MUST NOT change or add any data to the user's HttpSession
that
persists past the process of authenticating the user, that is no additional session data may be added and no existing
session data may be changed when the handler returns control to the authentication engine.
Field Summary | |
---|---|
static String |
AUTHENTICATION_ERROR_KEY
Request attribute to which an error message may be bound. |
static String |
AUTHENTICATION_EXCEPTION_KEY
Request attribute to which an AuthenticationException may be bound. |
static String |
AUTHENTICATION_METHOD_KEY
Request attribute to which an authentication method URI may be bound. |
static String |
PRINCIPAL_KEY
Request attribute to which user's principal should be bound. |
static String |
PRINCIPAL_NAME_KEY
Request attribute to which user's principal name should be bound. |
static String |
SUBJECT_KEY
Request attribute to which user's subject should be bound. |
Method Summary | |
---|---|
long |
getAuthenticationDuration()
Gets the length of time, in milliseconds, after which a user authenticated by this handler should be re-authenticated. |
List<String> |
getSupportedAuthenticationMethods()
Gets the list of authentication methods this handler supports. |
void |
login(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Authenticate the user making the request. |
boolean |
supportsForceAuthentication()
Returns if this handler supports the ability to force a user to (re-)authenticate. |
boolean |
supportsPassive()
Gets whether this handler supports passive authentication. |
Field Detail |
---|
static final String PRINCIPAL_KEY
static final String PRINCIPAL_NAME_KEY
static final String SUBJECT_KEY
static final String AUTHENTICATION_METHOD_KEY
static final String AUTHENTICATION_ERROR_KEY
static final String AUTHENTICATION_EXCEPTION_KEY
AuthenticationException
may be bound.
Method Detail |
---|
List<String> getSupportedAuthenticationMethods()
long getAuthenticationDuration()
boolean supportsPassive()
boolean supportsForceAuthentication()
void login(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
httpRequest
- user requesthttpResponse
- response to user
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |