Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.caucho.security
Class AbstractAuthenticator

java.lang.Object
  extended by com.caucho.security.AbstractAuthenticator
All Implemented Interfaces:
HandleAware, Authenticator, java.io.Serializable
Direct Known Subclasses:
AbstractAuthenticator, AbstractCookieAuthenticator, AbstractPasswordAuthenticator, AnonymousAuthenticator, JaasAuthenticator, LdapAuthenticator, ManagementAuthenticator, NullAuthenticator, PropertiesAuthenticator, XmlAuthenticator
public class AbstractAuthenticator
extends java.lang.Object
implements Authenticator, HandleAware, java.io.Serializable

All applications should extend AbstractAuthenticator to implement their custom authenticators. While this isn't absolutely required, it protects implementations from API changes.

The AbstractAuthenticator provides a single-signon cache. Users logged into one web-app will share the same principal.

See Also:
Serialized Form

Field Summary
protected  PasswordDigest _passwordDigest
           
protected  java.lang.String _passwordDigestAlgorithm
           
protected  java.lang.String _passwordDigestRealm
           
 
Constructor Summary
AbstractAuthenticator()
           
 
Method Summary
 void addRoleMapping(java.security.Principal principal, java.lang.String role)
          Adds a role mapping.
 java.security.Principal authenticate(java.security.Principal user, Credentials credentials, java.lang.Object details)
          Authenticator main call to login a user.
protected  java.security.Principal authenticate(java.security.Principal principal, DigestCredentials cred, java.lang.Object details)
          Validates the user when HTTP Digest authentication.
protected  java.security.Principal authenticate(java.security.Principal principal, PasswordCredentials cred, java.lang.Object details)
          Main authenticator API.
protected  byte[] digest(java.lang.String value)
           
protected  byte[] getDigestSecret(java.security.Principal principal, java.lang.String realm)
          Returns the digest secret for Digest authentication.
 boolean getLogoutOnSessionTimeout()
          Returns true if the user should be logged out on a session timeout.
 PasswordDigest getPasswordDigest()
          Returns the password digest
protected  char[] getPasswordDigest(java.lang.String user, char[] password)
          Returns the digest view of the password.
 java.lang.String getPasswordDigestAlgorithm()
          Returns the password digest algorithm
 java.lang.String getPasswordDigestRealm()
          Returns the password digest realm
protected  PasswordUser getPasswordUser(java.security.Principal principal)
          Returns the user based on a principal
protected  PasswordUser getPasswordUser(java.lang.String userName)
          Abstract method to return a user based on the name
 SingleSignon getSingleSignon()
          Returns the scoped single-signon
 void init()
          Initialize the authenticator with the application.
 boolean isUserInRole(java.security.Principal user, java.lang.String role)
          Returns true if the user plays the named role.
 void logout(java.security.Principal user)
          Logs the user out from the session.
 void setLogoutOnSessionTimeout(boolean logout)
          Sets true if the principal should logout when the session times out.
 void setPasswordDigest(PasswordDigest digest)
          Sets the password digest.
 void setPasswordDigestAlgorithm(java.lang.String digest)
          Sets the password digest algorithm.
 void setPasswordDigestRealm(java.lang.String realm)
          Sets the password digest realm.
 void setSerializationHandle(java.lang.Object handle)
          Sets the serialization handle
protected  byte[] stringToDigest(java.lang.String digest)
           
 java.lang.String toString()
           
 java.lang.Object writeReplace()
          Serialize to the handle
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

_passwordDigestAlgorithm

protected java.lang.String _passwordDigestAlgorithm

_passwordDigestRealm

protected java.lang.String _passwordDigestRealm

_passwordDigest

protected PasswordDigest _passwordDigest
Constructor Detail

AbstractAuthenticator

public AbstractAuthenticator()
Method Detail

getPasswordDigest

public PasswordDigest getPasswordDigest()
Returns the password digest

setPasswordDigest

public void setPasswordDigest(PasswordDigest digest)
Sets the password digest. The password digest of the form: "algorithm-format", e.g. "MD5-base64".

getPasswordDigestAlgorithm

public java.lang.String getPasswordDigestAlgorithm()
Returns the password digest algorithm

setPasswordDigestAlgorithm

public void setPasswordDigestAlgorithm(java.lang.String digest)
Sets the password digest algorithm. The password digest of the form: "algorithm-format", e.g. "MD5-base64".

getPasswordDigestRealm

public java.lang.String getPasswordDigestRealm()
Returns the password digest realm

setPasswordDigestRealm

public void setPasswordDigestRealm(java.lang.String realm)
Sets the password digest realm.

getLogoutOnSessionTimeout

public boolean getLogoutOnSessionTimeout()
Returns true if the user should be logged out on a session timeout.

setLogoutOnSessionTimeout

public void setLogoutOnSessionTimeout(boolean logout)
Sets true if the principal should logout when the session times out.

addRoleMapping

public void addRoleMapping(java.security.Principal principal,
                           java.lang.String role)
Adds a role mapping.

init

@PostConstruct
public void init()
          throws ServletException
Initialize the authenticator with the application.

Throws:
ServletException

authenticate

public java.security.Principal authenticate(java.security.Principal user,
                                            Credentials credentials,
                                            java.lang.Object details)
Authenticator main call to login a user.

Specified by:
authenticate in interface Authenticator
Parameters:
user - the Login's user, generally a BasicPrincipal just containing the name, but may contain an X.509 certificate
credentials - the login credentials
details - extra information, e.g. HttpServletRequest

isUserInRole

public boolean isUserInRole(java.security.Principal user,
                            java.lang.String role)
Returns true if the user plays the named role.

Specified by:
isUserInRole in interface Authenticator
Parameters:
user - the user to test
role - the role to test

logout

public void logout(java.security.Principal user)
Logs the user out from the session.

Specified by:
logout in interface Authenticator
Parameters:
user - the logged in user

authenticate

protected java.security.Principal authenticate(java.security.Principal principal,
                                               PasswordCredentials cred,
                                               java.lang.Object details)
Main authenticator API.

getPasswordDigest

protected char[] getPasswordDigest(java.lang.String user,
                                   char[] password)
Returns the digest view of the password. The default uses the PasswordDigest class if available, and returns the plaintext password if not.

authenticate

protected java.security.Principal authenticate(java.security.Principal principal,
                                               DigestCredentials cred,
                                               java.lang.Object details)
Validates the user when HTTP Digest authentication. The HTTP Digest authentication uses the following algorithm to calculate the digest. The digest is then compared to the client digest. 
 A1 = MD5(username + ':' + realm + ':' + password)
 A2 = MD5(method + ':' + uri)
 digest = MD5(A1 + ':' + nonce + A2)

Parameters:
principal - the user trying to authenticate.
cred - the digest credentials
Returns:
the logged in principal if successful

getDigestSecret

protected byte[] getDigestSecret(java.security.Principal principal,
                                 java.lang.String realm)
Returns the digest secret for Digest authentication.

getPasswordUser

protected PasswordUser getPasswordUser(java.lang.String userName)
Abstract method to return a user based on the name

Parameters:
userName - the string user name
Returns:
the populated PasswordUser value

getPasswordUser

protected PasswordUser getPasswordUser(java.security.Principal principal)
Returns the user based on a principal

getSingleSignon

public SingleSignon getSingleSignon()
Returns the scoped single-signon

stringToDigest

protected byte[] stringToDigest(java.lang.String digest)

digest

protected byte[] digest(java.lang.String value)
                 throws ServletException
Throws:
ServletException

setSerializationHandle

public void setSerializationHandle(java.lang.Object handle)
Sets the serialization handle

Specified by:
setSerializationHandle in interface HandleAware

writeReplace

public java.lang.Object writeReplace()
Serialize to the handle

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD