org.apache.wiki.auth.login
Class CookieAssertionLoginModule

java.lang.Object
  org.apache.wiki.auth.login.AbstractLoginModule
      org.apache.wiki.auth.login.CookieAssertionLoginModule

All Implemented Interfaces:

LoginModule

public class CookieAssertionLoginModule
extends AbstractLoginModule

Logs in a user based on assertion of a name supplied in a cookie. If the cookie is not found, authentication fails.

This module must be used with a CallbackHandler (such as WebContainerCallbackHandler) that supports the following Callback types:

1. HttpRequestCallback- supplies the cookie, which should contain a user name.

After authentication, a generic WikiPrincipal based on the username will be created and associated with the Subject.

Since:

2.3

See Also:

LoginModule.commit(), CookieAuthenticationLoginModule

Field Summary

protected static org.apache.log4j.Logger	log
static String	PREFS_COOKIE_NAME The name of the cookie that gets stored to the user browser.
static String	PROMPT Deprecated.

Fields inherited from class org.apache.wiki.auth.login.AbstractLoginModule

m_handler, m_options, m_previousWikiPrincipals, m_principals, m_principalsToOverwrite, m_principalsToRemove, m_state, m_subject, NULL

Constructor Summary

CookieAssertionLoginModule()

Method Summary

static void	clearUserCookie(javax.servlet.http.HttpServletResponse response) Removes the user cookie from the response.
static String	getUserCookie(javax.servlet.http.HttpServletRequest request) Returns the username cookie value.
boolean	login() Logs in the user by calling back to the registered CallbackHandler with an HttpRequestCallback.
static void	setUserCookie(javax.servlet.http.HttpServletResponse response, String name) Sets the username cookie.

Methods inherited from class org.apache.wiki.auth.login.AbstractLoginModule

abort, commit, initialize, logout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PREFS_COOKIE_NAME

public static final String PREFS_COOKIE_NAME

The name of the cookie that gets stored to the user browser.

See Also:

Constant Field Values

PROMPT

public static final String PROMPT

Deprecated.

Believed to be unused.

See Also:

Constant Field Values

log

protected static final org.apache.log4j.Logger log

Constructor Detail

CookieAssertionLoginModule

public CookieAssertionLoginModule()

Method Detail

login

public boolean login()
              throws LoginException

Logs in the user by calling back to the registered CallbackHandler with an HttpRequestCallback. The CallbackHandler must supply the current servlet HTTP request as its response.

Specified by:

login in interface LoginModule

Specified by:

login in class AbstractLoginModule

Returns:

the result of the login; if a cookie is found, this method returns true. If not found, this method throws a FailedLoginException.

Throws:

{@inheritDoc}

LoginException - if the authentication fails

See Also:

LoginModule.login()

getUserCookie

public static String getUserCookie(javax.servlet.http.HttpServletRequest request)

Returns the username cookie value.

Parameters:

request - The Servlet request, as usual.

Returns:

the username, as retrieved from the cookie

setUserCookie

public static void setUserCookie(javax.servlet.http.HttpServletResponse response,
                                 String name)

Sets the username cookie. The cookie value is URLEncoded in UTF-8.

Parameters:

response - The Servlet response

name - The name to write into the cookie.

clearUserCookie

public static void clearUserCookie(javax.servlet.http.HttpServletResponse response)

Removes the user cookie from the response. This makes the user appear again as an anonymous coward.

Parameters:

response - The servlet response.