Oracle

weblogic.servlet.security
Class AuthFilter

java.lang.Object
  extended by HttpServlet
      extended by weblogic.servlet.security.AuthFilter

Deprecated.

public abstract class AuthFilter
extends HttpServlet

An implementation of the AuthFilter interface is called via a RequestDispatcher.include() from inside the servlet engine just before and just after Authentication and Authorization. The use of this class has been deprecated because of the filters specification that is part of servlet 2.3 To register one of these, inside the weblogic.xml, add the following: <auth-filter> classname of implementation </auth-filter>


Field Summary
static String TARGET_URL
          Deprecated.  
 
Constructor Summary
AuthFilter()
          Deprecated.  
 
Method Summary
 void doFailAuth(ServletRequest request, ServletResponse response)
          Deprecated.  
 void doPreAuth(ServletRequest request, ServletResponse response)
          Deprecated.  
 boolean doSuccessAuth(ServletRequest request, ServletResponse response)
          Deprecated.  
 void service(ServletRequest request, ServletResponse response)
          Deprecated.  
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

TARGET_URL

public static final String TARGET_URL
Deprecated. 
WebLogic's Form Authentication implementation stores the target url in the session against the key TARGET_URL. In the past releases the String was j_target_url, which has been deprecated

See Also:
Constant Field Values
Constructor Detail

AuthFilter

public AuthFilter()
Deprecated. 
Method Detail

service

public final void service(ServletRequest request,
                          ServletResponse response)
Deprecated. 

Internal service method which delegates off to the correct do method depending on what auth state this Request is in.

Parameters:
request - ServletRequest
response - ServletResponse

doPreAuth

public void doPreAuth(ServletRequest request,
                      ServletResponse response)
Deprecated. 

Called just before Authentication and Authorization occurs in the WebApplication. In the case of FORM-based auth, this will be called multiple times as the first attempt is made, then the login page is requested, and finally as either the real page or the error page is requested.

Parameters:
request - ServletRequest
response - ServletResponse

doSuccessAuth

public boolean doSuccessAuth(ServletRequest request,
                             ServletResponse response)
Deprecated. 

Called just after Authentication and Authorization occurs in the WebApplication, if the process was a success. Only called once per auth attempt.

Parameters:
request - ServletRequest
response - ServletResponse
Returns:
Boolean which, if made to return false, will override the successfull authentication and authorization to a failure. For BASIC and CERT auth, the HTTP 401 Unauthorized response will be given. For FORM-AUTH, the error page is sent.

doFailAuth

public void doFailAuth(ServletRequest request,
                       ServletResponse response)
Deprecated. 

Called just after Authentication and Authorization occurs in the WebApplication, if the process was a failure. Only called once per auth attempt. If Authentication was successfull but Authorization was not, the getRemoteUser() will return the correct user name. The originally requested URL can be found in the session under the key AuthFilter.TARGET_URL. In the past releases the key was "j_target_url" which has been deprecated.

Parameters:
request - ServletRequest
response - ServletResponse

Documentation is available at
http://download.oracle.com/docs/cd/E12839_01/web.1111
Copyright 1996,2009, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Part Number E13941-01
Oracle WebLogic Server 10.3.1 API Reference