public final class ServletAuthentication
extends java.lang.Object
Modifier and Type | Field | Description |
---|---|---|
static int |
AUTHENTICATED |
Returns the value of a successful authentication.
|
static int |
FAILED_AUTHENTICATION |
Returns the value of an unsuccessful authentication.
|
static int |
NEEDS_CREDENTIALS |
Returns the value of an unsuccessful authentication due to no credentials.
|
Modifier and Type | Method | Description |
---|---|---|
static int |
assertIdentity(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
java.lang.String realmName) |
Deprecated.
12.2.1.0
|
static int |
assertIdentity(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
java.lang.String realmName,
AppContext appContext) |
Deprecated.
12.2.1.0
|
static int |
authenticate(javax.security.auth.callback.CallbackHandler handler,
javax.servlet.http.HttpServletRequest request) |
Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION.
|
static int |
authObject(java.lang.String username,
java.lang.Object credential,
javax.servlet.http.HttpServletRequest request) |
Deprecated.
|
static int |
authObject(java.lang.String username,
java.lang.Object credential,
javax.servlet.http.HttpSession session,
javax.servlet.http.HttpServletRequest request) |
Deprecated.
|
static void |
done(javax.servlet.http.HttpServletRequest request) |
"Logs out" the user in the session by removing the pertinent
data from the sessions the user has logged into and also from the
webserver, without losing other session data.
|
static void |
generateNewSessionID(javax.servlet.http.HttpServletRequest request) |
Moves all current session information into a completely different
session ID and re-associates this session with this new ID.
|
static javax.servlet.http.Cookie |
getSessionCookie(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
Allows you to get a handle on the session cookie itself.
|
static java.lang.String |
getTargetURIForFormAuthentication(javax.servlet.http.HttpSession session) |
Returns the target URI stored in the first step of
Form based authentication.
|
static java.lang.String |
getTargetURLForFormAuthentication(javax.servlet.http.HttpSession session) |
Returns the target URL stored in the first step of
Form based authentication.
|
static boolean |
invalidateAll(javax.servlet.http.HttpServletRequest req) |
Invalidates all the sessions for the current user only (that is, the current cookie),
and since the cookie is no longer required, kills the cookie too.
|
static void |
killCookie(javax.servlet.http.HttpServletRequest req) |
Kills the current cookie.
|
static int |
login(java.lang.String username,
java.lang.String password,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
Deprecated.
as of 12c - use
HttpServletRequest.login(java.lang.String, java.lang.String) |
static int |
login(javax.security.auth.callback.CallbackHandler handler,
javax.servlet.http.HttpServletRequest request) |
Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION.
|
static boolean |
logout(javax.servlet.http.HttpServletRequest req) |
Deprecated.
as of 12c - use
HttpServletRequest.logout() |
static boolean |
logout(javax.servlet.http.HttpSession session) |
Deprecated.
as of 12c - use
HttpServletRequest.logout() |
static void |
runAs(javax.security.auth.Subject subject,
javax.servlet.http.HttpServletRequest request) |
With a given subject, this method sets the current thread identity and
current session identity.
|
static int |
strong(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
Strong authentication using the client-side certificate chain as the
credential for authentication against the "weblogic" (default) realm.
|
static int |
strong(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
java.lang.String realmName) |
Deprecated.
12.2.1.0
|
static int |
weak(java.lang.String username,
java.lang.String password,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
Deprecated.
as of 12c - use
HttpServletRequest.login(java.lang.String, java.lang.String) |
static int |
weak(java.lang.String username,
java.lang.String password,
javax.servlet.http.HttpSession session) |
Deprecated.
|
int |
weak(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION after
pulling the username and password from the request, authenticating
the user and setting it into the session.
|
public static final int AUTHENTICATED
public static final int FAILED_AUTHENTICATION
public static final int NEEDS_CREDENTIALS
public static void done(javax.servlet.http.HttpServletRequest request)
request
- HttpServletRequest which contains the session@Deprecated public static boolean logout(javax.servlet.http.HttpServletRequest req)
HttpServletRequest.logout()
req
- HttpServletRequest@Deprecated public static boolean logout(javax.servlet.http.HttpSession session)
HttpServletRequest.logout()
session
- HttpSessionpublic static boolean invalidateAll(javax.servlet.http.HttpServletRequest req)
req
- HttpServletRequestpublic static void killCookie(javax.servlet.http.HttpServletRequest req)
req
- HttpServletRequest which contains the sessionpublic static int strong(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException, java.io.IOException
request
- HttpServletRequestresponse
- HttpServletResponsejavax.servlet.ServletException
java.io.IOException
@Deprecated public static int strong(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String realmName) throws javax.servlet.ServletException, java.io.IOException
request
- HttpServletRequestresponse
- HttpServletResponserealmName
- String name of the realm to authenticate againstjavax.servlet.ServletException
java.io.IOException
@Deprecated public static int assertIdentity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String realmName) throws javax.servlet.ServletException, java.io.IOException, javax.security.auth.login.LoginException
request
- HttpServletRequestresponse
- HttpServletResponserealmName
- String name of the realm to authenticate againstjavax.servlet.ServletException
java.io.IOException
javax.security.auth.login.LoginException
@Deprecated public static int assertIdentity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String realmName, AppContext appContext) throws javax.servlet.ServletException, java.io.IOException, javax.security.auth.login.LoginException
request
- HttpServletRequestresponse
- HttpServletResponserealmName
- String name of the realm to authenticate againstappContext
- AppContext to use when asserting identityjavax.servlet.ServletException
java.io.IOException
javax.security.auth.login.LoginException
public int weak(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException, java.io.IOException
This weak() method, unlike the others, is not static. It requires that the ServletAuthentication object be instantiated with the field names for the username and password inside the form.
request
- HttpServletRequestresponse
- HttpServletResponsejavax.servlet.ServletException
java.io.IOException
@Deprecated public static int weak(java.lang.String username, java.lang.String password, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
HttpServletRequest.login(java.lang.String, java.lang.String)
username
- Stringpassword
- Stringrequest
- HttpServletRequestresponse
- HttpServletResponse@Deprecated public static int login(java.lang.String username, java.lang.String password, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws javax.security.auth.login.LoginException
HttpServletRequest.login(java.lang.String, java.lang.String)
username
- Stringpassword
- Stringrequest
- HttpServletRequestresponse
- HttpServletResponsejavax.security.auth.login.LoginException
@Deprecated public static int weak(java.lang.String username, java.lang.String password, javax.servlet.http.HttpSession session)
username
- Stringpassword
- Stringsession
- HttpSession@Deprecated public static int authObject(java.lang.String username, java.lang.Object credential, javax.servlet.http.HttpServletRequest request)
username
- Stringcredential
- Stringrequest
- HttpServletRequest@Deprecated public static int authObject(java.lang.String username, java.lang.Object credential, javax.servlet.http.HttpSession session, javax.servlet.http.HttpServletRequest request)
username
- Stringcredential
- Stringsession
- HttpSessionpublic static int authenticate(javax.security.auth.callback.CallbackHandler handler, javax.servlet.http.HttpServletRequest request)
handler
- javax.security.auth.callback.CallbackHandlerrequest
- HttpServletRequestpublic static int login(javax.security.auth.callback.CallbackHandler handler, javax.servlet.http.HttpServletRequest request) throws javax.security.auth.login.LoginException
handler
- javax.security.auth.callback.CallbackHandlerrequest
- HttpServletRequestjavax.security.auth.login.LoginException
public static void generateNewSessionID(javax.servlet.http.HttpServletRequest request)
request
- HttpServletRequestpublic static javax.servlet.http.Cookie getSessionCookie(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
response
- HttpServletResponsepublic static void runAs(javax.security.auth.Subject subject, javax.servlet.http.HttpServletRequest request)
subject
- javax.security.auth.Subjectrequest
- HttpServletRequestpublic static java.lang.String getTargetURLForFormAuthentication(javax.servlet.http.HttpSession session)
session
- HttpSessionpublic static java.lang.String getTargetURIForFormAuthentication(javax.servlet.http.HttpSession session)
session
- HttpSession