|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.wiki.auth.login.AbstractLoginModule org.apache.wiki.auth.login.CookieAuthenticationLoginModule
public class CookieAuthenticationLoginModule
Logs in an user based on a cookie stored in the user's computer. The cookie
information is stored in the jspwiki.workDir
, under the directory
"logincookies". For security purposes it is a very, very good idea
to prevent access to this directory by everyone except the web server process;
otherwise people having read access to this directory may be able to spoof
other users.
The cookie directory is scrubbed of old entries at regular intervals.
This module must be used with a CallbackHandler (such as
WebContainerCallbackHandler
) that supports the following Callback
types:
HttpRequestCallback
- supplies the cookie, which should contain
an unique id for fetching the UID.WikiEngineCallback
- allows access to the WikiEngine itself.
After authentication, a generic WikiPrincipal based on the username will be created and associated with the Subject.
LoginModule.commit()
,
CookieAssertionLoginModule
Field Summary | |
---|---|
protected static String |
COOKIE_DIR
The directory name under which the cookies are stored. |
static String |
PROP_LOGIN_EXPIRY_DAYS
User property for setting how long the cookie is stored on the user's computer. |
Fields inherited from class org.apache.wiki.auth.login.AbstractLoginModule |
---|
m_handler, m_options, m_previousWikiPrincipals, m_principals, m_principalsToOverwrite, m_principalsToRemove, m_state, m_subject, NULL |
Constructor Summary | |
---|---|
CookieAuthenticationLoginModule()
|
Method Summary | |
---|---|
static void |
clearLoginCookie(WikiEngine engine,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Clears away the login cookie, and removes the uid-username mapping file as well. |
boolean |
login()
Logs in the user by calling back to the registered CallbackHandler with a series of callbacks. |
static void |
setLoginCookie(WikiEngine engine,
javax.servlet.http.HttpServletResponse response,
String username)
Sets a login cookie based on properties set by the user. |
Methods inherited from class org.apache.wiki.auth.login.AbstractLoginModule |
---|
abort, commit, initialize, logout |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected static final String COOKIE_DIR
public static final String PROP_LOGIN_EXPIRY_DAYS
Constructor Detail |
---|
public CookieAuthenticationLoginModule()
Method Detail |
---|
public boolean login() throws LoginException
AbstractLoginModule
true
login
in interface LoginModule
login
in class AbstractLoginModule
true
if the commit succeeded, or
false
if this LoginModule should be ignored.
LoginException
- if the authentication fails{@inheritDoc}
public static void setLoginCookie(WikiEngine engine, javax.servlet.http.HttpServletResponse response, String username)
engine
- The WikiEngineresponse
- The HttpServletResponseusername
- The username for whom to create the cookie.public static void clearLoginCookie(WikiEngine engine, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
engine
- WikiEnginerequest
- Servlet requestresponse
- Servlet response
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |