public interface HttpLoginService
Modifier and Type | Field and Description |
---|---|
static String |
LOGIN_MECHANISM_KEY
The name of the OSGi property, which defines the login method.
|
Modifier and Type | Method and Description |
---|---|
Principal |
checkLogin(javax.servlet.http.HttpServletRequest request)
Get the principal associated with the HTTP session of the given request.
|
List<? extends Group> |
checkLoginGroups(javax.servlet.http.HttpServletRequest request) |
boolean |
checkPermission(javax.servlet.http.HttpServletRequest request,
String context)
Check, whether the authenticated user of the given HttpServletRequest
has permissions on the given context.
|
Locale |
getLocale(javax.servlet.http.HttpServletRequest request)
This method has been introduce in a later version.
|
String |
getLoginUrl()
Return an URL to web page, which authenticates the user,
usually using a form POST.
|
TimeZone |
getTimeZone(javax.servlet.http.HttpServletRequest request)
This method has been introduce in a later version.
|
void |
logout(javax.servlet.http.HttpServletRequest request)
Remove all attributes generated during a login process from
the HTTP session of the given request.
|
static final String LOGIN_MECHANISM_KEY
String getLoginUrl()
Return an URL to web page, which authenticates the user,
usually using a form POST. The web page is intended to be
embedded by a consuming application inside an HTML
iframe
element.
By convention, the application must have an invisible form named
loginResultForm
in which the login page at least sets the
hidden fields status
and principal
containing
the login status according to the HTTP standard and the user name.
The following status values are supported:
Status | Description |
---|---|
401 | Unauthorized - The default status, if the HTTP session is not authenticated. |
403 | Forbidden - The status, which will be returned by an unsuccessful authentication. |
406 | Not Acceptable - The status, which will be returned after to many unsuccessful authentications. |
200 | OK - The status, which will be returned by a successful authentication,
the principal field will be set. |
All other status values should be interpreted like 401 - Unauthorized
and the user
should try to login again.
A login service is exported as OSGi service using a login.mechnism
service
property, which allows different application to choose among several login service implementations.
<bp:service id="loginServiceService" interface="org.clazzes.util.http.sec.HttpLoginService" ref="loginService"> <bp:service-properties> <bp:entry key="login.mechanism" value="org.clazzes.gwt.login.jaas"/> </bp:service-properties> </bp:service>
iframe
of a consuming application.Principal checkLogin(javax.servlet.http.HttpServletRequest request)
request
- The HTTP request to query for an associated user.null
, if no user
has been validated for the session of this request.List<? extends Group> checkLoginGroups(javax.servlet.http.HttpServletRequest request)
request
- The HTTP request to query for an associated user.null
, if no user
has been validated for the session of this request or the
underlying login system has no concept of group associations.Locale getLocale(javax.servlet.http.HttpServletRequest request)
HttpCheckLoginHelper.getLoginLocale(HttpLoginService, HttpServletRequest)
.ServletRequest.getLocale()
, if no login
locale is known.TimeZone getTimeZone(javax.servlet.http.HttpServletRequest request)
HttpCheckLoginHelper.getLoginTimeZone(HttpLoginService, HttpServletRequest)
.TimeZone.getDefault()
, if no login
timezone is known.boolean checkPermission(javax.servlet.http.HttpServletRequest request, String context)
/app/object?id=862346&action=read
.request
- The HTTP request to check.context
- The context, usually encoded as URL.void logout(javax.servlet.http.HttpServletRequest request)
request
- A HTTP request on which to perform a logout.Copyright © 2018 Clazzes.org. All rights reserved.