public class HttpLoginServiceSupport extends Object implements HttpLoginService
A login service, which delegates to a configured delegate login service.
The main purpose of this class is to use it as a base class
for project-specific login service which intend to override the
checkPermission(HttpServletRequest, String)
method.
LOGIN_MECHANISM_KEY
Constructor and Description |
---|
HttpLoginServiceSupport() |
Modifier and Type | Method and Description |
---|---|
Principal |
checkLogin(javax.servlet.http.HttpServletRequest request)
Get the principal associated with the HTTP session of the given request.
|
List<? extends Group> |
checkLoginGroups(javax.servlet.http.HttpServletRequest request) |
boolean |
checkPermission(javax.servlet.http.HttpServletRequest request,
String context)
Check, whether the authenticated user of the given HttpServletRequest
has permissions on the given context.
|
HttpLoginService |
getDelegate() |
Locale |
getLocale(javax.servlet.http.HttpServletRequest request)
This method has been introduce in a later version.
|
String |
getLoginUrl()
Return an URL to web page, which authenticates the user,
usually using a form POST.
|
TimeZone |
getTimeZone(javax.servlet.http.HttpServletRequest request)
This method has been introduce in a later version.
|
void |
logout(javax.servlet.http.HttpServletRequest request)
Remove all attributes generated during a login process from
the HTTP session of the given request.
|
void |
setDelegate(HttpLoginService delegate) |
public String getLoginUrl()
HttpLoginService
Return an URL to web page, which authenticates the user,
usually using a form POST. The web page is intended to be
embedded by a consuming application inside an HTML
iframe
element.
By convention, the application must have an invisible form named
loginResultForm
in which the login page at least sets the
hidden fields status
and principal
containing
the login status according to the HTTP standard and the user name.
The following status values are supported:
Status | Description |
---|---|
401 | Unauthorized - The default status, if the HTTP session is not authenticated. |
403 | Forbidden - The status, which will be returned by an unsuccessful authentication. |
406 | Not Acceptable - The status, which will be returned after to many unsuccessful authentications. |
200 | OK - The status, which will be returned by a successful authentication,
the principal field will be set. |
All other status values should be interpreted like 401 - Unauthorized
and the user
should try to login again.
A login service is exported as OSGi service using a login.mechnism
service
property, which allows different application to choose among several login service implementations.
<bp:service id="loginServiceService" interface="org.clazzes.util.http.sec.HttpLoginService" ref="loginService"> <bp:service-properties> <bp:entry key="login.mechanism" value="org.clazzes.gwt.login.jaas"/> </bp:service-properties> </bp:service>
getLoginUrl
in interface HttpLoginService
iframe
of a consuming application.public Principal checkLogin(javax.servlet.http.HttpServletRequest request)
HttpLoginService
checkLogin
in interface HttpLoginService
request
- The HTTP request to query for an associated user.null
, if no user
has been validated for the session of this request.public List<? extends Group> checkLoginGroups(javax.servlet.http.HttpServletRequest request)
checkLoginGroups
in interface HttpLoginService
request
- The HTTP request to query for an associated user.null
, if no user
has been validated for the session of this request or the
underlying login system has no concept of group associations.public Locale getLocale(javax.servlet.http.HttpServletRequest request)
HttpLoginService
HttpCheckLoginHelper.getLoginLocale(HttpLoginService, HttpServletRequest)
.getLocale
in interface HttpLoginService
ServletRequest.getLocale()
, if no login
locale is known.public TimeZone getTimeZone(javax.servlet.http.HttpServletRequest request)
HttpLoginService
HttpCheckLoginHelper.getLoginTimeZone(HttpLoginService, HttpServletRequest)
.getTimeZone
in interface HttpLoginService
TimeZone.getDefault()
, if no login
timezone is known.public boolean checkPermission(javax.servlet.http.HttpServletRequest request, String context)
HttpLoginService
/app/object?id=862346&action=read
.checkPermission
in interface HttpLoginService
request
- The HTTP request to check.context
- The context, usually encoded as URL.public void logout(javax.servlet.http.HttpServletRequest request)
HttpLoginService
logout
in interface HttpLoginService
request
- A HTTP request on which to perform a logout.public HttpLoginService getDelegate()
public void setDelegate(HttpLoginService delegate)
delegate
- The login service to delegate the default
implementations to.Copyright © 2018 Clazzes.org. All rights reserved.