com.ecyrd.jspwiki.auth.login

Class CookieAssertionLoginModule

java.lang.Object

com.ecyrd.jspwiki.auth.login.AbstractLoginModule

com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule

All Implemented Interfaces:

javax.security.auth.spi.LoginModule

public class CookieAssertionLoginModule
extends AbstractLoginModule

Logs in a user based on assertion of a name supplied in a cookie. If the cookie is not found, authentication fails.

This module must be used with a CallbackHandler (such as WebContainerCallbackHandler) that supports the following Callback types:

1. HttpRequestCallback- supplies the cookie, which should contain a user name.

After authentication, a generic WikiPrincipal based on the username will be created and associated with the Subject.

Since:

2.3

Author:

Andrew Jaquith

See Also:

LoginModule.commit(), CookieAuthenticationLoginModule

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	PREFS_COOKIE_NAME The name of the cookie that gets stored to the user browser.
static java.lang.String	PROMPT Deprecated.

Fields inherited from class com.ecyrd.jspwiki.auth.login.AbstractLoginModule

m_handler, m_options, m_previousWikiPrincipals, m_principals, m_principalsToOverwrite, m_principalsToRemove, m_state, m_subject, NULL

Constructor Summary

Constructors

Constructor and Description
CookieAssertionLoginModule()

Method Summary

Modifier and Type	Method and Description
static void	clearUserCookie(HttpServletResponse response) Removes the user cookie from the response.
static java.lang.String	getUserCookie(HttpServletRequest request) Returns the username cookie value.
boolean	login() Logs in the user by calling back to the registered CallbackHandler with an HttpRequestCallback.
static void	setUserCookie(HttpServletResponse response, java.lang.String name) Sets the username cookie.

Methods inherited from class com.ecyrd.jspwiki.auth.login.AbstractLoginModule

abort, commit, initialize, logout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PREFS_COOKIE_NAME

public static final java.lang.String PREFS_COOKIE_NAME

The name of the cookie that gets stored to the user browser.

See Also:

Constant Field Values

PROMPT

public static final java.lang.String PROMPT

Deprecated.

Believed to be unused.

See Also:

Constant Field Values

Constructor Detail

CookieAssertionLoginModule

public CookieAssertionLoginModule()

Method Detail

login

public boolean login()
              throws javax.security.auth.login.LoginException

Logs in the user by calling back to the registered CallbackHandler with an HttpRequestCallback. The CallbackHandler must supply the current servlet HTTP request as its response.

Specified by:

login in interface javax.security.auth.spi.LoginModule

Specified by:

login in class AbstractLoginModule

Returns:

the result of the login; if a cookie is found, this method returns true. If not found, this method throws a FailedLoginException.

Throws:

{@inheritDoc}

javax.security.auth.login.LoginException - if the authentication fails

See Also:

LoginModule.login()

getUserCookie

public static java.lang.String getUserCookie(HttpServletRequest request)

Returns the username cookie value.

Parameters:

request - The Servlet request, as usual.

Returns:

the username, as retrieved from the cookie

setUserCookie

public static void setUserCookie(HttpServletResponse response,
                                 java.lang.String name)

Sets the username cookie. The cookie value is URLEncoded in UTF-8.

Parameters:

response - The Servlet response

name - The name to write into the cookie.

clearUserCookie

public static void clearUserCookie(HttpServletResponse response)

Removes the user cookie from the response. This makes the user appear again as an anonymous coward.

Parameters:

response - The servlet response.