Package org.apache.wiki.auth.login

Class CookieAssertionLoginModule

java.lang.Object
org.apache.wiki.auth.login.AbstractLoginModule
org.apache.wiki.auth.login.CookieAssertionLoginModule
All Implemented Interfaces:
javax.security.auth.spi.LoginModule
public class CookieAssertionLoginModule
extends AbstractLoginModule

Logs in a user based on assertion of a name supplied in a cookie. If the cookie is not found, authentication fails.

This module must be used with a CallbackHandler (such as WebContainerCallbackHandler) that supports the following Callback types:

  1. HttpRequestCallback- supplies the cookie, which should contain a user name.

After authentication, a generic WikiPrincipal based on the username will be created and associated with the Subject.

Since:
2.3
See Also:
LoginModule.commit(), CookieAuthenticationLoginModule

  • Field Summary

    Fields
    Modifier and Type Field Description
    protected static org.apache.log4j.Logger log  
    static java.lang.String PREFS_COOKIE_NAME
    The name of the cookie that gets stored to the user browser.

    Fields inherited from class org.apache.wiki.auth.login.AbstractLoginModule

    m_handler, m_options, m_principals, m_state, m_subject, NULL

  • Constructor Summary

    Constructors
    Constructor Description
    CookieAssertionLoginModule()  

  • Method Summary

    Modifier and Type Method Description
    static void clearUserCookie​(javax.servlet.http.HttpServletResponse response)
    Removes the user cookie from the response.
    static java.lang.String getUserCookie​(javax.servlet.http.HttpServletRequest request)
    Returns the username cookie value.
    boolean login()
    Logs in the user by calling back to the registered CallbackHandler with an HttpRequestCallback.
    static void setUserCookie​(javax.servlet.http.HttpServletResponse response, java.lang.String name)
    Sets the username cookie.

    Methods inherited from class org.apache.wiki.auth.login.AbstractLoginModule

    abort, commit, initialize, logout

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • log

      protected static final org.apache.log4j.Logger log

  • Constructor Details

  • Method Details

    • login

      public boolean login() throws javax.security.auth.login.LoginException
      Logs in the user by calling back to the registered CallbackHandler with an HttpRequestCallback. The CallbackHandler must supply the current servlet HTTP request as its response.
      Specified by:
      login in interface javax.security.auth.spi.LoginModule
      Specified by:
      login in class AbstractLoginModule
      Returns:
      the result of the login; if a cookie is found, this method returns true. If not found, this method throws a FailedLoginException.
      Throws:
      javax.security.auth.login.LoginException - if the authentication fails
      See Also:
      LoginModule.login()

    • getUserCookie

      public static java.lang.String getUserCookie​(javax.servlet.http.HttpServletRequest request)
      Returns the username cookie value.
      Parameters:
      request - The Servlet request, as usual.
      Returns:
      the username, as retrieved from the cookie

    • setUserCookie

      public static void setUserCookie​(javax.servlet.http.HttpServletResponse response, java.lang.String name)
      Sets the username cookie. The cookie value is URLEncoded in UTF-8.
      Parameters:
      response - The Servlet response
      name - The name to write into the cookie.

    • clearUserCookie

      public static void clearUserCookie​(javax.servlet.http.HttpServletResponse response)
      Removes the user cookie from the response. This makes the user appear again as an anonymous coward.
      Parameters:
      response - The servlet response.