WebLogic Server 6.0sp2 API Reference: Class AuthFilter

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

BEA Systems, Inc.

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

WebLogic Server 6.0sp2 API Reference

weblogic.servlet.security
Class AuthFilter

java.lang.Object
  |
  +--javax.servlet.GenericServlet
        |
        +--javax.servlet.http.HttpServlet
              |
              +--weblogic.servlet.security.AuthFilter

public abstract class AuthFilter
extends javax.servlet.http.HttpServlet

An implementation of the AuthFilter interface is called via a RequestDispatcher.include() from inside the servlet engine just before and just after Authentication and Authorization. To register one of these, inside the weblogic.xml, add the following: examples.servlets.AuthFilterImpl

Author:: Copyright (c) 1998 by WebLogic, Inc. All Rights Reserved., Copyright (c) 2000 by BEA Systems. All Rights Reserved.
Copyright © 2001 BEA Systems, Inc. All Rights Reserved.
See Also:: examples.servlets.AuthFilterImpl, Serialized Form

Constructor Summary
`AuthFilter()`

Method Summary
`void`	`doFailAuth(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res)` Called just after Authentication and Authorization occurs in the WebApplication, if the process was a failure.
`void`	`doPreAuth(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res)` Called just before Authentication and Authorization occurs in the WebApplication.
`boolean`	`doSuccessAuth(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res)` Called just after Authentication and Authorization occurs in the WebApplication, if the process was a success.
`void`	`service(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)` Internal service method which delegates off to the correct do method depending on what auth state this Request is in.

Methods inherited from class javax.servlet.http.HttpServlet

doDelete, 
doGet, 
doOptions, 
doPost, 
doPut, 
doTrace, 
getLastModified, 
service

Methods inherited from class javax.servlet.GenericServlet

destroy, 
getInitParameter, 
getInitParameterNames, 
getServletConfig, 
getServletContext, 
getServletInfo, 
getServletName, 
init, 
init, 
log, 
log

Methods inherited from class java.lang.Object

clone, 
equals, 
finalize, 
getClass, 
hashCode, 
notify, 
notifyAll, 
toString, 
wait, 
wait, 
wait

Constructor Detail

AuthFilter

public AuthFilter()

Method Detail

service

public final void service(javax.servlet.ServletRequest request,
                          javax.servlet.ServletResponse response)

Internal service method which delegates off to the correct do method depending on what auth state this Request is in.

Parameters:: request - ServletRequest; response - ServletResponse
Overrides:: service in class javax.servlet.http.HttpServlet

doPreAuth

public void doPreAuth(javax.servlet.ServletRequest req,
                      javax.servlet.ServletResponse res)

Called just before Authentication and Authorization occurs in the WebApplication. In the case of FORM-based auth, this will be called multiple times as the first attempt is made, then the login page is requested, and finally as either the real page or the error page is requested.

Parameters:: request - ServletRequest; response - ServletResponse

doSuccessAuth

public boolean doSuccessAuth(javax.servlet.ServletRequest req,
                             javax.servlet.ServletResponse res)

Called just after Authentication and Authorization occurs in the WebApplication, if the process was a success. Only called once per auth attempt.

Parameters:: request - ServletRequest; response - ServletResponse
Returns:: Boolean which, if made to return false, will override the successfull authentication and authorization to a failure. For BASIC and CERT auth, the HTTP 401 Unauthorized response will be given. For FORM-AUTH, the error page is sent.

doFailAuth

public void doFailAuth(javax.servlet.ServletRequest req,
                       javax.servlet.ServletResponse res)

Called just after Authentication and Authorization occurs in the WebApplication, if the process was a failure. Only called once per auth attempt. If Authentication was successfull but Authorization was not, the getRemoteUser() will return the correct user name. The originally requested URL can be found in the session under the key "j_target_url"

Parameters:: request - ServletRequest; response - ServletResponse