Package org.apache.wiki.auth.login
Class CookieAuthenticationLoginModule
java.lang.Object
org.apache.wiki.auth.login.AbstractLoginModule
org.apache.wiki.auth.login.CookieAuthenticationLoginModule
- All Implemented Interfaces:
LoginModule
public class CookieAuthenticationLoginModule extends AbstractLoginModule
Logs in an user based on a cookie stored in the user's computer. The cookie
information is stored in the
jspwiki.workDir, under the directory
"logincookies". For security purposes it is a very, very good idea
to prevent access to this directory by everyone except the web server process;
otherwise people having read access to this directory may be able to spoof
other users.
The cookie directory is scrubbed of old entries at regular intervals.
This module must be used with a CallbackHandler (such as
WebContainerCallbackHandler) that supports the following Callback
types:
HttpRequestCallback- supplies the cookie, which should contain an unique id for fetching the UID.WikiEngineCallback- allows access to the Engine itself.
After authentication, a generic WikiPrincipal based on the username will be created and associated with the Subject.
- Since:
- 2.5.62
- See Also:
LoginModule.commit(),CookieAssertionLoginModule
-
Field Summary
Fields Modifier and Type Field Description protected static StringCOOKIE_DIRThe directory name under which the cookies are stored.static StringPROP_LOGIN_EXPIRY_DAYSUser property for setting how long the cookie is stored on the user's computer.Fields inherited from class org.apache.wiki.auth.login.AbstractLoginModule
m_handler, m_options, m_principals, m_state, m_subject, NULL -
Constructor Summary
Constructors Constructor Description CookieAuthenticationLoginModule() -
Method Summary
Modifier and Type Method Description static voidclearLoginCookie(Engine engine, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Clears away the login cookie, and removes the uid-username mapping file as well.booleanlogin()Logs in the user by calling back to the registered CallbackHandler with a series of callbacks.static voidsetLoginCookie(Engine engine, javax.servlet.http.HttpServletResponse response, String username)Sets a login cookie based on properties set by the user.Methods inherited from class org.apache.wiki.auth.login.AbstractLoginModule
abort, commit, initialize, logout
-
Field Details
-
COOKIE_DIR
The directory name under which the cookies are stored. The value is "logincookies".- See Also:
- Constant Field Values
-
PROP_LOGIN_EXPIRY_DAYS
User property for setting how long the cookie is stored on the user's computer. The value is "jspwiki.cookieAuthentication.expiry". The default expiry time is 14 days.- See Also:
- Constant Field Values
-
-
Constructor Details
-
CookieAuthenticationLoginModule
public CookieAuthenticationLoginModule()
-
-
Method Details
-
login
Description copied from class:AbstractLoginModuleLogs in the user by calling back to the registered CallbackHandler with a series of callbacks. If the login succeeds, this method returnstrue- Specified by:
loginin interfaceLoginModule- Specified by:
loginin classAbstractLoginModule- Returns:
trueif the commit succeeded, orfalseif this LoginModule should be ignored.- Throws:
LoginException- if the authentication fails- See Also:
LoginModule.login()
-
setLoginCookie
public static void setLoginCookie(Engine engine, javax.servlet.http.HttpServletResponse response, String username)Sets a login cookie based on properties set by the user. This method also creates the cookie uid-username mapping in the work directory.- Parameters:
engine- The Engineresponse- The HttpServletResponseusername- The username for whom to create the cookie.
-
clearLoginCookie
public static void clearLoginCookie(Engine engine, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Clears away the login cookie, and removes the uid-username mapping file as well.- Parameters:
engine- Enginerequest- Servlet requestresponse- Servlet response
-