|
BEA Systems, Inc. | ||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--weblogic.servlet.security.ServletAuthentication
ServletAuthentication allows both form-based authentication and programmatic authentication in servlets. It performs the authentication call through the Realm and sets the user information into the session. The weak() methods are for password authentication and the strong() methods are for certificate-based authentication. The later being only available through two-way SSL connections, based on the client certificate chain.
Field Summary | |
static int |
AUTHENTICATED
Return value of a successful authentication |
static int |
FAILED_AUTHENTICATION
Return value of an unsuccessful authentication |
static int |
NEEDS_CREDENTIALS
Deprecated. |
Constructor Summary | |
ServletAuthentication(java.lang.String usernameField,
java.lang.String passwordField)
Constructs a ServletAuthentication object which will look for specific form fields inside the HttpRequest for the username and password. |
Method Summary | |
static int |
authenticate(javax.security.auth.callback.CallbackHandler handler,
javax.servlet.http.HttpServletRequest request)
Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION. |
static int |
authObject(java.lang.String username,
java.lang.Object credential,
javax.servlet.http.HttpServletRequest request)
Deprecated. |
static int |
authObject(java.lang.String username,
java.lang.Object credential,
javax.servlet.http.HttpSession session,
javax.servlet.http.HttpServletRequest request)
Deprecated. |
void |
done(javax.servlet.http.HttpServletRequest request)
This "logs out" the user in the session by removing the pertinent data from the sessions the user has logged into and also from the webserver, without losing other session data. |
static java.lang.String |
getTargetURLForFormAuthentication(javax.servlet.http.HttpSession session)
This method returns the target URL stored in the first step of Form based authentication. |
static boolean |
invalidateAll(javax.servlet.http.HttpServletRequest req)
Invalidate all the sessions for the current user only (ie. |
static void |
killCookie(javax.servlet.http.HttpServletRequest req)
Kills the current cookie |
static boolean |
logout(javax.servlet.http.HttpServletRequest req)
This "logs out" the user in the session by removing the pertinent data from the sessions the user has logged into and also from the webserver, without losing other session data. |
static void |
runAs(javax.security.auth.Subject subject,
javax.servlet.http.HttpServletRequest request)
With a given subject, this method sets the current thread identity and current session identity. |
int |
strong(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Strong authentication using the client-side certificate chain as the credential for authentication against the "weblogic" (default) realm. |
int |
strong(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
java.lang.String realmName)
Strong authentication using the client-side certificate chain as the credential for authentication. |
int |
weak(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION after pulling the username and password from the request, authenticating the user and setting it into the session. |
static int |
weak(java.lang.String username,
java.lang.String password,
javax.servlet.http.HttpServletRequest request)
Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION after using the username and password to authenticate the user and setting that user information into the session. |
static int |
weak(java.lang.String username,
java.lang.String password,
javax.servlet.http.HttpSession session)
Deprecated. |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Field Detail |
public static final int AUTHENTICATED
public static final int FAILED_AUTHENTICATION
public static final int NEEDS_CREDENTIALS
Constructor Detail |
public ServletAuthentication(java.lang.String usernameField, java.lang.String passwordField)
Method Detail |
public void done(javax.servlet.http.HttpServletRequest request)
request
- HttpServletRequest which contains the sessionpublic static boolean logout(javax.servlet.http.HttpServletRequest req)
request
- HttpServletRequestpublic static boolean invalidateAll(javax.servlet.http.HttpServletRequest req)
request
- HttpServletRequestpublic static void killCookie(javax.servlet.http.HttpServletRequest req)
request
- HttpServletRequest which contains the sessionpublic int strong(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException, java.io.IOException
request
- HttpServletRequestresponse
- HttpServletResponsepublic int strong(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String realmName) throws javax.servlet.ServletException, java.io.IOException
request
- HttpServletRequestresponse
- HttpServletResponserealmName
- String name of the realm to authenticate againstpublic int weak(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException, java.io.IOException
This weak() method, unlike the others, is not static. It requires that the ServletAuthentication object be instantiated with the field names for the username and password inside the form.
request
- HttpServletRequestresponse
- HttpServletResponsepublic static int weak(java.lang.String username, java.lang.String password, javax.servlet.http.HttpServletRequest request)
username
- Stringpassword
- Stringrequest
- HttpServletRequestpublic static int weak(java.lang.String username, java.lang.String password, javax.servlet.http.HttpSession session)
username
- Stringpassword
- Stringsession
- HttpSessionpublic static int authObject(java.lang.String username, java.lang.Object credential, javax.servlet.http.HttpServletRequest request)
username
- Stringpassword
- Stringrequest
- HttpServletRequestpublic static int authObject(java.lang.String username, java.lang.Object credential, javax.servlet.http.HttpSession session, javax.servlet.http.HttpServletRequest request)
username
- Stringpassword
- Stringsession
- HttpSessionpublic static int authenticate(javax.security.auth.callback.CallbackHandler handler, javax.servlet.http.HttpServletRequest request)
handler
- javax.security.auth.callback.CallbackHandlerrequest
- HttpServletRequestpublic static void runAs(javax.security.auth.Subject subject, javax.servlet.http.HttpServletRequest request)
subject
- javax.security.auth.Subjectrequest
- HttpServletRequestpublic static java.lang.String getTargetURLForFormAuthentication(javax.servlet.http.HttpSession session)
session
- HttpSession
|
Documentation is available at http://download.oracle.com/docs/cd/E13222_01/wls/docs81b |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |