WebLogic Server 6.1 API Reference: Class ServletAuthentication

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

BEA Systems, Inc.

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

WebLogic Server 6.1 API Reference

weblogic.servlet.security
Class ServletAuthentication

java.lang.Object
  |
  +--weblogic.servlet.security.ServletAuthentication

public class ServletAuthentication
extends java.lang.Object

ServletAuthentication allows both form-based authentication and programmatic authentication in servlets. It performs the authentication call through the Realm and sets the user information into the session. The weak() methods are for password authentication and the strong() methods are for certificate-based authentication. The later being only available through two-way SSL connections, based on the client certificate chain.

Author:: Copyright (c) 1998 by WebLogic, Inc. All Rights Reserved., Copyright (c) 2000 by BEA Systems. All Rights Reserved.
Copyright © 2001 BEA Systems, Inc. All Rights Reserved.

Field Summary
`static int`	`AUTHENTICATED` Return value of a successful authentication
`static int`	`FAILED_AUTHENTICATION` Return value of an unsuccessful authentication
`static int`	`NEEDS_CREDENTIALS` Deprecated.

Constructor Summary
`ServletAuthentication(java.lang.String usernameField, java.lang.String passwordField)` Constructs a ServletAuthentication object which will look for specific form fields inside the HttpRequest for the username and password.

Method Summary
`static int`	`authObject(java.lang.String username, java.lang.Object credential, javax.servlet.http.HttpServletRequest request)` Returns a int value for AUTHENTICATED or FAILED_AUTHENTICATION after using the username and credential object to authenticate the user and setting that user information into the session.
`static int`	`authObject(java.lang.String username, java.lang.Object credential, javax.servlet.http.HttpSession session, javax.servlet.http.HttpServletRequest request)` Returns a int value for AUTHENTICATED or FAILED_AUTHENTICATION after using the username and credential object to authenticate the user and setting that user information into the session.
`void`	`done(javax.servlet.http.HttpServletRequest request)` This "logs out" the user in the session by removing the pertinent data from the sessions the user has logged into and also from the webserver, without losing other session data.
`static void`	`generateNewSessionID(javax.servlet.http.HttpServletRequest request)` This moves all current session information into a completely different session ID and re-associate this session with this new ID.
`static javax.servlet.http.Cookie`	`getSessionCookie(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` This would allow you to get a handle on the session cookie itself.
`static boolean`	`invalidateAll(javax.servlet.http.HttpServletRequest req)` Invalidate all the sessions for the current user only (ie.
`static void`	`killCookie(javax.servlet.http.HttpServletRequest req)` Kills the current cookie
`static boolean`	`logout(javax.servlet.http.HttpServletRequest req)`
`static boolean`	`logoutSession(javax.servlet.http.HttpServletRequest req)` This "logs out" the user in the session by removing the pertinent data from the sessions the user has logged into and also from the webserver, without losing other session data.
`int`	`strong(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Strong authentication using the client-side certificate chain as the credential for authentication against the "weblogic" (default) realm.
`int`	`strong(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String realmName)` Strong authentication using the client-side certificate chain as the credential for authentication.
`int`	`weak(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Returns a int value for AUTHENTICATED or FAILED_AUTHENTICATION after pulling the username and password from the request, authenticating the user and setting it into the session.
`static int`	`weak(java.lang.String username, java.lang.String password, javax.servlet.http.HttpServletRequest request)` Returns a int value for AUTHENTICATED or FAILED_AUTHENTICATION after using the username and password to authenticate the user and setting that user information into the session.
`static int`	`weak(java.lang.String username, java.lang.String password, javax.servlet.http.HttpSession session)` Returns a int value for AUTHENTICATED or FAILED_AUTHENTICATION after using the username and password to authenticate the user and setting that user information into the session.

Methods inherited from class java.lang.Object

clone, 
equals, 
finalize, 
getClass, 
hashCode, 
notify, 
notifyAll, 
toString, 
wait, 
wait, 
wait

Field Detail

AUTHENTICATED

public static final int AUTHENTICATED

Return value of a successful authentication

FAILED_AUTHENTICATION

public static final int FAILED_AUTHENTICATION

Return value of an unsuccessful authentication

NEEDS_CREDENTIALS

public static final int NEEDS_CREDENTIALS

Deprecated.

Return value of an unsuccessful authentication due to no credentials.

Constructor Detail

ServletAuthentication

public ServletAuthentication(java.lang.String usernameField,
                             java.lang.String passwordField)

Constructs a ServletAuthentication object which will look for specific form fields inside the HttpRequest for the username and password.

Method Detail

done

public void done(javax.servlet.http.HttpServletRequest request)

This "logs out" the user in the session by removing the pertinent data from the sessions the user has logged into and also from the webserver, without losing other session data.

Parameters:: request - HttpServletRequest which contains the session

logoutSession

public static boolean logoutSession(javax.servlet.http.HttpServletRequest req)

This "logs out" the user in the session by removing the pertinent data from the sessions the user has logged into and also from the webserver, without losing other session data.

Parameters:: request - HttpServletRequest

logout

public static boolean logout(javax.servlet.http.HttpServletRequest req)

invalidateAll

public static boolean invalidateAll(javax.servlet.http.HttpServletRequest req)

Invalidate all the sessions for the current user only (ie. current cookie) and since the cookie is no more required, kill the cookie too.

Parameters:: request - HttpServletRequest

killCookie

public static void killCookie(javax.servlet.http.HttpServletRequest req)

Kills the current cookie

Parameters:: request - HttpServletRequest which contains the session

strong

public int strong(javax.servlet.http.HttpServletRequest request,
                  javax.servlet.http.HttpServletResponse response)
           throws javax.servlet.ServletException,
                  java.io.IOException

Strong authentication using the client-side certificate chain as the credential for authentication against the "weblogic" (default) realm.

Parameters:: request - HttpServletRequest; response - HttpServletResponse
Returns:: int authentication value
Throws:: javax.servlet.ServletException -; java.io.IOException -

strong

public int strong(javax.servlet.http.HttpServletRequest request,
                  javax.servlet.http.HttpServletResponse response,
                  java.lang.String realmName)
           throws javax.servlet.ServletException,
                  java.io.IOException

Strong authentication using the client-side certificate chain as the credential for authentication.

Parameters:: request - HttpServletRequest; response - HttpServletResponse; realmName - String name of the realm to authenticate against
Returns:: int authentication value
Throws:: javax.servlet.ServletException -; java.io.IOException -

weak

public int weak(javax.servlet.http.HttpServletRequest request,
                javax.servlet.http.HttpServletResponse response)
         throws javax.servlet.ServletException,
                java.io.IOException

Returns a int value for AUTHENTICATED or FAILED_AUTHENTICATION after pulling the username and password from the request, authenticating the user and setting it into the session.

This weak() method, unlike the others, is not static. It requires that the ServletAuthentication object be instantiated with the field names for the username and password inside the form.

Parameters:: request - HttpServletRequest; response - HttpServletResponse
Returns:: int authentication value
Throws:: javax.servlet.ServletException -; java.io.IOException -

weak

public static int weak(java.lang.String username,
                       java.lang.String password,
                       javax.servlet.http.HttpServletRequest request)

Returns a int value for AUTHENTICATED or FAILED_AUTHENTICATION after using the username and password to authenticate the user and setting that user information into the session.

Parameters:: username - String; password - String; request - HttpServletRequest
Returns:: int authentication value

weak

public static int weak(java.lang.String username,
                       java.lang.String password,
                       javax.servlet.http.HttpSession session)

Returns a int value for AUTHENTICATED or FAILED_AUTHENTICATION after using the username and password to authenticate the user and setting that user information into the session.

Parameters:: username - String; password - String; session - HttpSession
Returns:: int authentication value

authObject

public static int authObject(java.lang.String username,
                             java.lang.Object credential,
                             javax.servlet.http.HttpServletRequest request)

Returns a int value for AUTHENTICATED or FAILED_AUTHENTICATION after using the username and credential object to authenticate the user and setting that user information into the session.

Parameters:: username - String; password - String; request - HttpServletRequest
Returns:: int authentication value

authObject

public static int authObject(java.lang.String username,
                             java.lang.Object credential,
                             javax.servlet.http.HttpSession session,
                             javax.servlet.http.HttpServletRequest request)

Returns a int value for AUTHENTICATED or FAILED_AUTHENTICATION after using the username and credential object to authenticate the user and setting that user information into the session.

Parameters:: username - String; password - String; session - HttpSession
Returns:: int authentication value

generateNewSessionID

public static void generateNewSessionID(javax.servlet.http.HttpServletRequest request)

This moves all current session information into a completely different session ID and re-associate this session with this new ID. If a session cookie does not exist at this point, one will be created.

Parameters:: request - HttpServletRequest

getSessionCookie

public static javax.servlet.http.Cookie getSessionCookie(javax.servlet.http.HttpServletRequest request,
                                                         javax.servlet.http.HttpServletResponse response)

This would allow you to get a handle on the session cookie itself. Returns null if there is no session or if session cookies have been turned off in the servlet engine.

Parameters:: response - HttpServletResponse
Returns:: Session Cookie if it exists, null otherwise

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Documentation is available at
http://download.oracle.com/docs/cd/E13222_01/wls/docs61

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

WebLogic classes and methods that do not appear in this reference are not public and are not supported.

weblogic.servlet.security Class ServletAuthentication

AUTHENTICATED

FAILED_AUTHENTICATION

NEEDS_CREDENTIALS

ServletAuthentication

done

logoutSession

logout

invalidateAll

killCookie

strong

strong

weak

weak

weak

authObject

authObject

generateNewSessionID

getSessionCookie

weblogic.servlet.security
Class ServletAuthentication