org.clazzes.util.http.sec
Class HttpCheckLoginHelper

java.lang.Object
  extended by org.clazzes.util.http.sec.HttpCheckLoginHelper

public abstract class HttpCheckLoginHelper
extends Object

A static helper for serlvets, which perform access checks on behalf of a HttpLoginService.


Field Summary
static String LOGIN_URL_HEADER
           
 
Constructor Summary
HttpCheckLoginHelper()
           
 
Method Summary
static Principal checkLogin(HttpLoginService service, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
          Call HttpLoginService.checkLogin(HttpServletRequest) and write a HTTP unauthorized status (401) with the login URL contained in the response header "X-HTTP-util-login-url", if no user is logged in.
static boolean checkPermission(HttpLoginService service, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
          Call HttpLoginService.checkPermission(HttpServletRequest, String) on a context URL composed from the request URL without server and protocol.
static Locale getLoginLocale(HttpLoginService service, javax.servlet.http.HttpServletRequest req)
          Return the login locale of the given request.
static TimeZone getLoginTimeZone(HttpLoginService service, javax.servlet.http.HttpServletRequest req)
          Return the login time zone of the given request.
static void sendLoginRequired(javax.servlet.http.HttpServletResponse resp, String loginUrl)
          Write a HTTP unauthorized status (401) with the login URL contained in the response header "X-HTTP-util-login-url" as response to the client.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

LOGIN_URL_HEADER

public static final String LOGIN_URL_HEADER
See Also:
Constant Field Values
Constructor Detail

HttpCheckLoginHelper

public HttpCheckLoginHelper()
Method Detail

checkLogin

public static final Principal checkLogin(HttpLoginService service,
                                         javax.servlet.http.HttpServletRequest req,
                                         javax.servlet.http.HttpServletResponse resp)
                                  throws IOException
Call HttpLoginService.checkLogin(HttpServletRequest) and write a HTTP unauthorized status (401) with the login URL contained in the response header "X-HTTP-util-login-url", if no user is logged in.

Parameters:
service - The login service.
req - The servlet request.
resp - The servlet response.
Returns:
The logged in user. If null is returned, a servlet response with status 401 has been written by this method and the servlet has to return immediately.
Throws:
IOException - Upon errors writing a response.
See Also:
sendLoginRequired(HttpServletResponse, String)

getLoginLocale

public static final Locale getLoginLocale(HttpLoginService service,
                                          javax.servlet.http.HttpServletRequest req)
Return the login locale of the given request. This method takes extra care for Implementations of HttpLoginService compiled against http-util-1.5.0 or earlier , where the method HttpLoginService.getLocale(HttpServletRequest) was not contained in the interface.

Parameters:
service - The login service of choice.
req - The servlet request.
Returns:
The locale returned by HttpLoginService.getLocale(HttpServletRequest) or the locale returned by ServletRequest.getLocale(), if HttpLoginService.getLocale(HttpServletRequest) is not implemented by the given service instance.

getLoginTimeZone

public static final TimeZone getLoginTimeZone(HttpLoginService service,
                                              javax.servlet.http.HttpServletRequest req)
Return the login time zone of the given request. This method takes extra care for Implementations of HttpLoginService compiled against http-util-1.6.0 or earlier, where the method HttpLoginService.getTimeZone(HttpServletRequest) was not contained in the interface.

Parameters:
service - The login service of choice.
req - The servlet request.
Returns:
The time zone returned by HttpLoginService.getTimeZone(HttpServletRequest) or the time zone returned by TimeZone.getDefault(), if HttpLoginService.getTimeZone(HttpServletRequest) is not implemented by the given service instance.

sendLoginRequired

public static final void sendLoginRequired(javax.servlet.http.HttpServletResponse resp,
                                           String loginUrl)
                                    throws IOException
Write a HTTP unauthorized status (401) with the login URL contained in the response header "X-HTTP-util-login-url" as response to the client.

Parameters:
resp - The servlet response.
loginUrl - A login URL as returned by HttpLoginService.getLoginUrl().
Throws:
IOException - Upon errors writing to the servlet response.

checkPermission

public static final boolean checkPermission(HttpLoginService service,
                                            javax.servlet.http.HttpServletRequest req,
                                            javax.servlet.http.HttpServletResponse resp)
                                     throws IOException
Call HttpLoginService.checkPermission(HttpServletRequest, String) on a context URL composed from the request URL without server and protocol. If permission is denied a HTTP forbidden response (403) is written to the response.

Parameters:
service - The login service.
req - The servlet request.
resp - The servlet response.
Returns:
Whether permission is granted. If false is returned, a servlet response has written and the servlet has to return immediately.
Throws:
IOException - Upon errors writing a response.


Copyright © 2013. All Rights Reserved.