com.jalios.jcms.authentication.handlers

Class HttpBasicAuthenticationHandler

java.lang.Object

com.jalios.jcms.authentication.AuthenticationHandler

com.jalios.jcms.authentication.handlers.HttpBasicAuthenticationHandler

All Implemented Interfaces:

PluginComponent, java.lang.Comparable<AuthenticationHandler>

public class HttpBasicAuthenticationHandler
extends AuthenticationHandler

Authenticates user using HTTP Authorization.
In order to make it work you are responsible to call the method setHttpBasicAuthorizationHeader(HttpServletResponse, String) to trigger a HTTP Authorization response, the handler will deal with decoding of the next request.

Since:

jcms-5.7.0

Version:

$Revision: 107554 $

Author:

Olivier Jaquemet

Field Summary

Fields

Modifier and Type	Field and Description
static int	ORDER_BASIC_HTTP_HANDLER Order used by the HttpBasicAuthenticationHandler
static java.lang.String	REVISION

Fields inherited from class com.jalios.jcms.authentication.AuthenticationHandler

channel, GENERIC_BAD_AUTHENTICATION_MSG

Method Summary

Modifier and Type	Method and Description
static Member	checkAuthenticationFromHTTPAuthorization(javax.servlet.http.HttpServletRequest request) Returns the member corresponding to the HTTP Authorization header available in the request.
static HttpBasicAuthenticationHandler	getInstance()
void	loadProperties() This method will be called by the AuthenticationManager each time the Channel properties are loaded/reloaded. You can use it to reload properties that might have been changed. This method is called during initialization of the AuthenticationManager
void	login(AuthenticationContext ctxt) Authenticate a member.
static void	setHttpBasicAuthorizationHeader(javax.servlet.http.HttpServletResponse response, java.lang.String realm) Set a 401 status code (UNAUTHORIZED) and add the "WWW-Authenticate" header to the given response using the given realm.

Methods inherited from class com.jalios.jcms.authentication.AuthenticationHandler

compareTo, equals, getOrder, init, logout, setOrder

Methods inherited from class java.lang.Object

clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

REVISION

public static final java.lang.String REVISION

See Also:

Constant Field Values

ORDER_BASIC_HTTP_HANDLER

public static final int ORDER_BASIC_HTTP_HANDLER

Order used by the HttpBasicAuthenticationHandler

See Also:

Constant Field Values

Method Detail

getInstance

public static final HttpBasicAuthenticationHandler getInstance()

loadProperties

public void loadProperties()

Description copied from class: AuthenticationHandler

This method will be called by the AuthenticationManager each time the Channel properties are loaded/reloaded.
You can use it to reload properties that might have been changed.
This method is called during initialization of the AuthenticationManager

Overrides:

loadProperties in class AuthenticationHandler

login

public void login(AuthenticationContext ctxt)
           throws java.io.IOException

Description copied from class: AuthenticationHandler

Authenticate a member.
This method is invoked by the authentication chain on each request.
A typical implementation of this method would follow the following pattern :

1. Examine informations required to perform the authentication through the AuthenticationContext object (request, response, login.. etc)
2. Perform your authentication before chain invokation and set the logged Member AuthenticationContext.setLoggedMember(com.jalios.jcms.Member)
3. a) Either invoke the next entity in the chain using AuthenticationContext.doChain(),
4. b) or else skip the chain invokation and block other authentication handler of the chain (do this with caution...)
5. Perform redirection, set information/warning/error message or any other process, after chain invokation, using AuthenticationContext.

Default implementation is to invoke the next handler in the chain.

Overrides:

login in class AuthenticationHandler

Parameters:

ctxt - the AuthenticationContext used for this login

Throws:

java.io.IOException

checkAuthenticationFromHTTPAuthorization

public static final Member checkAuthenticationFromHTTPAuthorization(javax.servlet.http.HttpServletRequest request)
                                                             throws java.io.IOException

Returns the member corresponding to the HTTP Authorization header available in the request.
http://www.ietf.org/rfc/rfc2617.txt
We only handle the "Basic" Authentication Scheme.

Parameters:

request - the request where to look for HTTP Authorization header

Returns:

the authenticated member or null if not found

Throws:

java.io.IOException - if the underneath login operation with the userId/password could not be performed

Since:

jcms-5.5.0

setHttpBasicAuthorizationHeader

public static final void setHttpBasicAuthorizationHeader(javax.servlet.http.HttpServletResponse response,
                                                         java.lang.String realm)

Set a 401 status code (UNAUTHORIZED) and add the "WWW-Authenticate" header to the given response using the given realm.
Use this methods to request an HTTP Authorization using the "Basic" Authentication Scheme.

Parameters:

response - the HttpServletResponse of which to set status and add header

realm - the Basic Realm to set in the response

Since:

jcms-5.5.0