com.jalios.jcms.authentication.handlers
Class CookieAuthenticationHandler

java.lang.Object
  extended by com.jalios.jcms.authentication.AuthenticationHandler
      extended by com.jalios.jcms.authentication.handlers.CookieAuthenticationHandler
All Implemented Interfaces:
PluginComponent, Comparable<AuthenticationHandler>

public final class CookieAuthenticationHandler
extends AuthenticationHandler

Save authentification made by other handlers into cookie and use it later on to re-authenticate.

You can disable this handler by modifiying property "auth-mgr.cookie-enabled". Cookie can be disabled for admin by modifiying property "auth-mgr.allow-admin-cookie".

Since:
jcms-5.7.0
Version:
$Revision: 37782 $
Author:
Olivier Jaquemet

Field Summary
static String AUTHENTICATION_COOKIE_NAME
          Name of cookie used for authentication.
static int ORDER_COOKIE_HANDLER
          Order used by the CookieAuthenticationHandler
static String REVISION
           
 
Fields inherited from class com.jalios.jcms.authentication.AuthenticationHandler
channel, GENERIC_BAD_AUTHENTICATION_MSG
 
Method Summary
static Member checkAuthenticationFromCookie(javax.servlet.http.Cookie[] cookies)
          Returns the member corresponding to the member id which is contains in memberId cookie.
static boolean checkCookieDigest(String digest, String timeStr, Member member)
          Check if the specified time and password matches the encoded digest.
static javax.servlet.http.Cookie getAuthenticationCookie(Member member, String domain, String path, boolean isPersistent)
          Returns a cookie for a given member
static String getCookieDigest(String timeStr, Member member)
          Returns the cookie digest for the specified time and Member.
static String getCookieDigest(String timeStr, String password)
          Deprecated.  
static javax.servlet.http.Cookie getEmptyAuthenticationCookie(String domain, String path)
          Returns an empty authentication cookie (used for logout)
static CookieAuthenticationHandler getInstance()
           
 void loadProperties()
          This method will be called by the AuthenticationManager each time the Channel properties are loaded/reloaded.
You can use it to reload properties that might have been changed.
This method is called during initialization of the AuthenticationManager
 void login(AuthenticationContext ctxt)
          Authenticate a member.
 void logout(AuthenticationContext ctxt)
          This methods is called when users logout from JCMS.
 
Methods inherited from class com.jalios.jcms.authentication.AuthenticationHandler
compareTo, equals, getOrder, init, setOrder
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

REVISION

public static final String REVISION
See Also:
Constant Field Values

ORDER_COOKIE_HANDLER

public static final int ORDER_COOKIE_HANDLER
Order used by the CookieAuthenticationHandler

See Also:
Constant Field Values

AUTHENTICATION_COOKIE_NAME

public static final String AUTHENTICATION_COOKIE_NAME
Name of cookie used for authentication.

See Also:
Constant Field Values
Method Detail

getInstance

public static final CookieAuthenticationHandler getInstance()

loadProperties

public void loadProperties()
Description copied from class: AuthenticationHandler
This method will be called by the AuthenticationManager each time the Channel properties are loaded/reloaded.
You can use it to reload properties that might have been changed.
This method is called during initialization of the AuthenticationManager

Overrides:
loadProperties in class AuthenticationHandler

login

public void login(AuthenticationContext ctxt)
           throws IOException
Description copied from class: AuthenticationHandler
Authenticate a member.
This method is invoked by the authentication chain on each request.
A typical implementation of this method would follow the following pattern :
  1. Examine informations required to perform the authentication through the AuthenticationContext object (request, response, login.. etc)
  2. Perform your authentication before chain invokation and set the logged Member AuthenticationContext.setLoggedMember(com.jalios.jcms.Member)
  3. a) Either invoke the next entity in the chain using AuthenticationContext.doChain(),
  4. b) or else skip the chain invokation and block other authentication handler of the chain (do this with caution...)
  5. Perform redirection, set information/warning/error message or any other process, after chain invokation, using AuthenticationContext.

Default implementation is to invoke the next handler in the chain.

Overrides:
login in class AuthenticationHandler
Parameters:
ctxt - the AuthenticationContext used for this login
Throws:
IOException

logout

public void logout(AuthenticationContext ctxt)
            throws IOException
Description copied from class: AuthenticationHandler
This methods is called when users logout from JCMS.
It may not be called if user simply close its browser. Don't rely on this for critical operation

Default implementation is to invoke the next handler in the chain.

Overrides:
logout in class AuthenticationHandler
Parameters:
ctxt - the AuthenticationContext used for this login
Throws:
IOException

getCookieDigest

public static final String getCookieDigest(String timeStr,
                                           String password)
Deprecated. 

Returns the cookie digest (MD5) composed of concatenation of the time (in millis) and the password of the member

Parameters:
timeStr - a time as a string (e.g. String.valueOf(System.currentTimeMillis()))
password - the Member's password in its crypted version (e.g. member.getPassword())
Returns:
an authentication digest

getCookieDigest

public static final String getCookieDigest(String timeStr,
                                           Member member)
Returns the cookie digest for the specified time and Member.

Parameters:
timeStr - a time as a string (e.g. String.valueOf(System.currentTimeMillis()))
member - the Member for which the digest is computed
Returns:
an authentication digest
Since:
jcms-7.1

checkCookieDigest

public static final boolean checkCookieDigest(String digest,
                                              String timeStr,
                                              Member member)
Check if the specified time and password matches the encoded digest.

Parameters:
digest - the digest to check (as returned by getCookieDigest(String, String)
timeStr - a time as a string (e.g. String.valueOf(System.currentTimeMillis()))
member - the Member against which the digest is verified
Returns:
true if the specified digest matches the timeStr and Member
Since:
jcms-7.1

checkAuthenticationFromCookie

public static final Member checkAuthenticationFromCookie(javax.servlet.http.Cookie[] cookies)
Returns the member corresponding to the member id which is contains in memberId cookie.

Parameters:
cookies - an array of cookies (request.getCookies())
Returns:
the member or null if not found

getAuthenticationCookie

public static final javax.servlet.http.Cookie getAuthenticationCookie(Member member,
                                                                      String domain,
                                                                      String path,
                                                                      boolean isPersistent)
                                                               throws UnknownHostException
Returns a cookie for a given member

Parameters:
member - the member to use to generate the cookie.
domain - an optionnal String containing the domain name within which the cookie is visible; form is according to RFC 2109
path - the cookie path
isPersistent - if true the cookie will persist on the user disk beyond the browser shutdown ; otherwise it will persist until browser shutdown.
Returns:
a new Cookie instance
Throws:
UnknownHostException - if the specified domain could not be resolved

getEmptyAuthenticationCookie

public static final javax.servlet.http.Cookie getEmptyAuthenticationCookie(String domain,
                                                                           String path)
                                                                    throws UnknownHostException
Returns an empty authentication cookie (used for logout)

Parameters:
domain - the cookie domain (can be null)
path - the cookie path
Returns:
a new Cookie instance
Throws:
UnknownHostException - if the specified domain could not be resolved


Copyright © 2001-2010 Jalios SA. All Rights Reserved.