Class CookieAssertionLoginModule

  • All Implemented Interfaces:
    javax.security.auth.spi.LoginModule

    public class CookieAssertionLoginModule
    extends AbstractLoginModule

    Logs in a user based on assertion of a name supplied in a cookie. If the cookie is not found, authentication fails.

    This module must be used with a CallbackHandler (such as WebContainerCallbackHandler) that supports the following Callback types:

    1. HttpRequestCallback- supplies the cookie, which should contain a user name.

    After authentication, a generic WikiPrincipal based on the username will be created and associated with the Subject.

    Since:
    2.3
    See Also:
    LoginModule.commit(), CookieAuthenticationLoginModule
    • Method Detail

      • login

        public boolean login()
                      throws javax.security.auth.login.LoginException
        Logs in the user by calling back to the registered CallbackHandler with a series of callbacks. If the login succeeds, this method returns true Logs in the user by calling back to the registered CallbackHandler with an HttpRequestCallback. The CallbackHandler must supply the current servlet HTTP request as its response.
        Specified by:
        login in interface javax.security.auth.spi.LoginModule
        Specified by:
        login in class AbstractLoginModule
        Returns:
        the result of the login; if a cookie is found, this method returns true. If not found, this method throws a FailedLoginException.
        Throws:
        javax.security.auth.login.LoginException - if the authentication fails
        See Also:
        LoginModule.login()
      • getUserCookie

        public static java.lang.String getUserCookie​(javax.servlet.http.HttpServletRequest request)
        Returns the username cookie value.
        Parameters:
        request - The Servlet request, as usual.
        Returns:
        the username, as retrieved from the cookie
      • setUserCookie

        public static void setUserCookie​(javax.servlet.http.HttpServletResponse response,
                                         java.lang.String name)
        Sets the username cookie. The cookie value is URLEncoded in UTF-8.
        Parameters:
        response - The Servlet response
        name - The name to write into the cookie.
      • clearUserCookie

        public static void clearUserCookie​(javax.servlet.http.HttpServletResponse response)
        Removes the user cookie from the response. This makes the user appear again as an anonymous coward.
        Parameters:
        response - The servlet response.