Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.bea.p13n.security
Class Authentication

java.lang.Object
  extended by com.bea.p13n.security.Authentication

public final class Authentication
extends Object

Central place to handle authentication issues. Use this class to handle login, logout, and authentication of users. Can also do some basic tests on Subjects and Principals. In many cases, the methods in this class are thin wrappers over similar functionality available in other WebLogic classes. This class centralizes these functions and allows some convenience groupings for particular usages.

Field Summary
static com.bea.p13n.i18n.AuthenticationExceptionTextFormatter formatter
          Text formatter for i18n.
 
Method Summary
static Subject authenticate(String username, String password)
          Authenticate a user and return the authenticated Subject.
static void generateNewSessionIDIfRequired(javax.servlet.http.HttpServletRequest request)
           
static Subject getAnonymousSubject()
          Get a Subject representing an Anonymous user
static Subject getCurrentSubject()
          Get the current logged in user.
static Principal getUserPrincipal(Subject subject)
          Get the Principal representing the given Subject.
static boolean isAdministrator(Subject subject)
          Test if the given Subject represents a server Administrator
static boolean isAnonymous(Principal principal)
          Test if the given Principal represents the Anonymous user
static boolean isAnonymous(Subject subject)
          Test if the given Subject represents an Anonymous user
static void login(String username, String password, javax.servlet.http.HttpServletRequest request)
          Deprecated in favor of login(String, String, HttpServletRequest, HttpServletResponse)
static void login(String username, String password, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Log in the user to a webapp.
static void logout(javax.servlet.http.HttpServletRequest request)
          Same as logout( request, true )
static void logout(javax.servlet.http.HttpServletRequest request, boolean invalidateSessions)
          Logout the user.
static Object runAs(Subject subject, PrivilegedAction action)
          Execute a PrivilegedAction as a particular user.
static Object runAs(Subject subject, PrivilegedExceptionAction action)
          Execute a PrivilegedExceptionAction as a particular user.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

formatter

public static final com.bea.p13n.i18n.AuthenticationExceptionTextFormatter formatter
Text formatter for i18n.

Method Detail

login

@Deprecated
public static void login(String username,
                                    String password,
                                    javax.servlet.http.HttpServletRequest request)
                  throws LoginException
Deprecated in favor of login(String, String, HttpServletRequest, HttpServletResponse)

Log in the user to a webapp. This authenticates the user and sets the authentication information in the user's Servlet Session so the server knows who they are when they come back on the next request. The user is pushed onto this thread so that further operations invoked by this thread are executed as this user. Note that this only does authentication and does not check authorization (that is, if the user is in a particular role or group). The Principal for the newly logged in user can be obtained by calling request.getUserPrincipal().

Parameters
username - The username of the user to login
password - The password for that user (as cleartext)
request - The HttpServletRequest containing the session to be logged in
Throws
LoginException - if the authentication failed

login

public static void login(String username,
                         String password,
                         javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response)
                  throws LoginException
Log in the user to a webapp. This authenticates the user and sets the authentication information in the user's Servlet Session so the server knows who they are when they come back on the next request. The user is pushed onto this thread so that further operations invoked by this thread are executed as this user. Note that this only does authentication and does not check authorization (that is, if the user is in a particular role or group). The Principal for the newly logged in user can be obtained by calling request.getUserPrincipal().

Parameters
username - The username of the user to login
password - The password for that user (as cleartext)
request - The HttpServletRequest containing the session to be logged in
response - The HttpServletResponse containing data sent back to client
Throws
LoginException - if the authentication failed

generateNewSessionIDIfRequired

public static void generateNewSessionIDIfRequired(javax.servlet.http.HttpServletRequest request)

logout

public static void logout(javax.servlet.http.HttpServletRequest request,
                          boolean invalidateSessions)
Logout the user. This causes the user to be removed from Servlet Session (on all single-signon webapps) as well as from the thread. If the invalidateSession flag is true, then the user's sessions (on all single-signon webapps) are invalidated. Otherwise, only the authentication information is removed from the sessions but other session data is left intact. Note that if you want to logout and invalidate only this webapp's session (not other single-signon webapps), you can call logout(request,false), then call request.getSession().invalidate().

Parameters
request - the HttpServletRequest that contains the session to be logged out.
invalidateSessions - if true, the session is invalidated (on all single-signon webapps). Otherwise the session and its data are left intact (except for authentication information used internally by the server).

logout

public static void logout(javax.servlet.http.HttpServletRequest request)
Same as logout( request, true )

See Also
logout(HttpServletRequest,boolean)

authenticate

public static Subject authenticate(String username,
                                   String password)
                            throws LoginException
Authenticate a user and return the authenticated Subject.

Parameters
username - The username of the user to authenticate
password - The password for that user (as cleartext)
Returns
the Subject representing the authenticated user
Throws
LoginException - if the user is not valid

runAs

public static Object runAs(Subject subject,
                           PrivilegedAction action)
Execute a PrivilegedAction as a particular user. Subject.doAs() changes the Java 2 identity as described in Java 2 spec. This runAs method sets the WebLogic identity. The two identities are not related except that they both use a Subject to specify the user.

runAs

public static Object runAs(Subject subject,
                           PrivilegedExceptionAction action)
                    throws PrivilegedActionException
Execute a PrivilegedExceptionAction as a particular user. Subject.doAs() changes the Java 2 identity as described in Java 2 spec. This runAs method sets the WebLogic identity. The two identities are not related except that they both use a Subject to specify the user.

Throws
PrivilegedActionException

getCurrentSubject

public static Subject getCurrentSubject()
Get the current logged in user. You should use HttpServletRequest.getUserPrincipal or EJBContext.getCallerPrincipal where possible. But if you need a Subject or can not access the ServletRequest or EJBContext, you can use this method. To see if a user is logged in, test isAnonymous( getCurrentSubject ).

getAnonymousSubject

public static Subject getAnonymousSubject()
Get a Subject representing an Anonymous user

getUserPrincipal

public static Principal getUserPrincipal(Subject subject)
Get the Principal representing the given Subject.

isAnonymous

public static boolean isAnonymous(Subject subject)
Test if the given Subject represents an Anonymous user

isAnonymous

public static boolean isAnonymous(Principal principal)
Test if the given Principal represents the Anonymous user

isAdministrator

public static boolean isAdministrator(Subject subject)
Test if the given Subject represents a server Administrator

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2011, Oracle. All rights reserved.