BEA WebLogic Server 9.1 API Reference

weblogic.servlet.security
Class AuthFilter

java.lang.Object
  javax.servlet.GenericServlet
      javax.servlet.http.HttpServlet
          weblogic.servlet.security.AuthFilter

All Implemented Interfaces:

Serializable, Servlet, ServletConfig

public abstract class AuthFilter

extends HttpServlet

An implementation of the AuthFilter interface is called via a RequestDispatcher.include() from inside the servlet engine just before and just after Authentication and Authorization. The use of this class has been deprecated because of the filters specification that is part of servlet 2.3 To register one of these, inside the weblogic.xml, add the following: <auth-filter> classname of implementation </auth-filter>

See Also:

Serialized Form

Copyright © 2005 BEA Systems, Inc. All Rights Reserved.

Field Summary

static String

TARGET_URL Deprecated.

Constructor Summary

AuthFilter()
Deprecated.

Method Summary

void	doFailAuth(ServletRequest request, ServletResponse response) Deprecated.
void	doPreAuth(ServletRequest request, ServletResponse response) Deprecated.
boolean	doSuccessAuth(ServletRequest request, ServletResponse response) Deprecated.
void	service(ServletRequest request, ServletResponse response) Deprecated.

Methods inherited from class javax.servlet.http.HttpServlet

doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service

Methods inherited from class javax.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, init, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TARGET_URL

public static final String TARGET_URL

Deprecated.

WebLogic's Form Authentication implementation stores the target url in the session against the key TARGET_URL. In the past releases the String was j_target_url, which has been deprecated

See Also:

Constant Field Values

Constructor Detail

AuthFilter

public AuthFilter()

Deprecated.

Method Detail

doFailAuth

public void doFailAuth(ServletRequest request,
                       ServletResponse response)

Deprecated.

Called just after Authentication and Authorization occurs in the WebApplication, if the process was a failure. Only called once per auth attempt. If Authentication was successfull but Authorization was not, the getRemoteUser() will return the correct user name. The originally requested URL can be found in the session under the key AuthFilter.TARGET_URL. In the past releases the key was "j_target_url" which has been deprecated.

Parameters:

request - ServletRequest

response - ServletResponse

doPreAuth

public void doPreAuth(ServletRequest request,
                      ServletResponse response)

Deprecated.

Called just before Authentication and Authorization occurs in the WebApplication. In the case of FORM-based auth, this will be called multiple times as the first attempt is made, then the login page is requested, and finally as either the real page or the error page is requested.

Parameters:

request - ServletRequest

response - ServletResponse

doSuccessAuth

public boolean doSuccessAuth(ServletRequest request,
                             ServletResponse response)

Deprecated.

Called just after Authentication and Authorization occurs in the WebApplication, if the process was a success. Only called once per auth attempt.

Parameters:

request - ServletRequest

response - ServletResponse

Returns:

Boolean which, if made to return false, will override the successfull authentication and authorization to a failure. For BASIC and CERT auth, the HTTP 401 Unauthorized response will be given. For FORM-AUTH, the error page is sent.

service

public final void service(ServletRequest request,
                          ServletResponse response)

Deprecated.

Internal service method which delegates off to the correct do method depending on what auth state this Request is in.

Parameters:

request - ServletRequest

response - ServletResponse