Package org.apache.wiki.auth.login

Class CookieAuthenticationLoginModule

  • All Implemented Interfaces:
    javax.security.auth.spi.LoginModule
    public class CookieAuthenticationLoginModule
extends AbstractLoginModule
    Logs in a user based on a cookie stored in the user's computer. The cookie information is stored in the jspwiki.workDir, under the directory "logincookies". For security purposes it is a very, very good idea to prevent access to this directory by everyone except the web server process; otherwise people having read access to this directory may be able to spoof other users.

    The cookie directory is scrubbed of old entries at regular intervals.

    This module must be used with a CallbackHandler (such as WebContainerCallbackHandler) that supports the following Callback types:

    1. HttpRequestCallback- supplies the cookie, which should contain an unique id for fetching the UID.
    2. WikiEngineCallback - allows access to the Engine itself.

    After authentication, a generic WikiPrincipal based on the username will be created and associated with the Subject.

    Since:
    2.5.62
    See Also:
    LoginModule.commit(), CookieAssertionLoginModule

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static void clearLoginCookie​(Engine engine, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Clears away the login cookie, and removes the uid-username mapping file as well.
      boolean login()
      Logs in the user by calling back to the registered CallbackHandler with a series of callbacks.
      static void setLoginCookie​(Engine engine, javax.servlet.http.HttpServletResponse response, java.lang.String username)
      Sets a login cookie based on properties set by the user.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • COOKIE_DIR

        protected static final java.lang.String COOKIE_DIR
        The directory name under which the cookies are stored. The value is "logincookies".
        See Also:
        Constant Field Values

      • PROP_LOGIN_EXPIRY_DAYS

        public static final java.lang.String PROP_LOGIN_EXPIRY_DAYS
        User property for setting how long the cookie is stored on the user's computer. The value is "jspwiki.cookieAuthentication.expiry". The default expiry time is 14 days.
        See Also:
        Constant Field Values

    • Method Detail

      • login

        public boolean login()
              throws javax.security.auth.login.LoginException
        Logs in the user by calling back to the registered CallbackHandler with a series of callbacks. If the login succeeds, this method returns true
        Specified by:
        login in interface javax.security.auth.spi.LoginModule
        Specified by:
        login in class AbstractLoginModule
        Returns:
        true if the commit succeeded, or false if this LoginModule should be ignored.
        Throws:
        javax.security.auth.login.LoginException - if the authentication fails
        See Also:
        LoginModule.login()

      • setLoginCookie

        public static void setLoginCookie​(Engine engine,
                                  javax.servlet.http.HttpServletResponse response,
                                  java.lang.String username)
        Sets a login cookie based on properties set by the user. This method also creates the cookie uid-username mapping in the work directory.
        Parameters:
        engine - The Engine
        response - The HttpServletResponse
        username - The username for whom to create the cookie.

      • clearLoginCookie

        public static void clearLoginCookie​(Engine engine,
                                    javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response)
        Clears away the login cookie, and removes the uid-username mapping file as well.
        Parameters:
        engine - Engine
        request - Servlet request
        response - Servlet response