org.apache.wiki.auth.login
Class CookieAuthenticationLoginModule

java.lang.Object
  extended by org.apache.wiki.auth.login.AbstractLoginModule
      extended by org.apache.wiki.auth.login.CookieAuthenticationLoginModule
All Implemented Interfaces:
LoginModule

public class CookieAuthenticationLoginModule
extends AbstractLoginModule

Logs in an user based on a cookie stored in the user's computer. The cookie information is stored in the jspwiki.workDir, under the directory "logincookies". For security purposes it is a very, very good idea to prevent access to this directory by everyone except the web server process; otherwise people having read access to this directory may be able to spoof other users.

The cookie directory is scrubbed of old entries at regular intervals.

This module must be used with a CallbackHandler (such as WebContainerCallbackHandler) that supports the following Callback types:

  1. HttpRequestCallback- supplies the cookie, which should contain an unique id for fetching the UID.
  2. WikiEngineCallback - allows access to the WikiEngine itself.

After authentication, a generic WikiPrincipal based on the username will be created and associated with the Subject.

Since:
2.5.62
See Also:
LoginModule.commit(), CookieAssertionLoginModule

Field Summary
protected static String COOKIE_DIR
          The directory name under which the cookies are stored.
static String PROP_LOGIN_EXPIRY_DAYS
          User property for setting how long the cookie is stored on the user's computer.
 
Fields inherited from class org.apache.wiki.auth.login.AbstractLoginModule
m_handler, m_options, m_previousWikiPrincipals, m_principals, m_principalsToOverwrite, m_principalsToRemove, m_state, m_subject, NULL
 
Constructor Summary
CookieAuthenticationLoginModule()
           
 
Method Summary
static void clearLoginCookie(WikiEngine engine, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Clears away the login cookie, and removes the uid-username mapping file as well.
 boolean login()
          Logs in the user by calling back to the registered CallbackHandler with a series of callbacks.
static void setLoginCookie(WikiEngine engine, javax.servlet.http.HttpServletResponse response, String username)
          Sets a login cookie based on properties set by the user.
 
Methods inherited from class org.apache.wiki.auth.login.AbstractLoginModule
abort, commit, initialize, logout
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

COOKIE_DIR

protected static final String COOKIE_DIR
The directory name under which the cookies are stored. The value is "logincookies".

See Also:
Constant Field Values

PROP_LOGIN_EXPIRY_DAYS

public static final String PROP_LOGIN_EXPIRY_DAYS
User property for setting how long the cookie is stored on the user's computer. The value is "jspwiki.cookieAuthentication.expiry". The default expiry time is 14 days.

See Also:
Constant Field Values
Constructor Detail

CookieAuthenticationLoginModule

public CookieAuthenticationLoginModule()
Method Detail

login

public boolean login()
              throws LoginException
Description copied from class: AbstractLoginModule
Logs in the user by calling back to the registered CallbackHandler with a series of callbacks. If the login succeeds, this method returns true

Specified by:
login in interface LoginModule
Specified by:
login in class AbstractLoginModule
Returns:
true if the commit succeeded, or false if this LoginModule should be ignored.
Throws:
LoginException - if the authentication fails
See Also:
{@inheritDoc}

setLoginCookie

public static void setLoginCookie(WikiEngine engine,
                                  javax.servlet.http.HttpServletResponse response,
                                  String username)
Sets a login cookie based on properties set by the user. This method also creates the cookie uid-username mapping in the work directory.

Parameters:
engine - The WikiEngine
response - The HttpServletResponse
username - The username for whom to create the cookie.

clearLoginCookie

public static void clearLoginCookie(WikiEngine engine,
                                    javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response)
Clears away the login cookie, and removes the uid-username mapping file as well.

Parameters:
engine - WikiEngine
request - Servlet request
response - Servlet response


Copyright © {inceptionYear}-2014 The Apache Software Foundation. All rights reserved.