CookieAuthenticationHandler (JCMS API)

java.lang.Object
- com.jalios.jcms.authentication.AuthenticationHandler
- - com.jalios.jcms.authentication.handlers.CookieAuthenticationHandler

All Implemented Interfaces:

PluginComponent, java.lang.Comparable<AuthenticationHandler>
```
public final class CookieAuthenticationHandler
extends AuthenticationHandler
```
Save authentification made by other handlers into cookie and use it later on to re-authenticate.

You can disable this handler by modifiying property "auth-mgr.cookie-enabled". Cookie can be disabled for admin by modifiying property "auth-mgr.allow-admin-cookie".

Since:

jcms-5.7.0

Version:

$Revision: 46271 $

Author:

Olivier Jaquemet

Field Summary

Fields
Modifier and Type	Field and Description
`static java.lang.String`	`AUTHENTICATION_COOKIE_NAME` Name of cookie used for authentication.
`static int`	`ORDER_COOKIE_HANDLER` Order used by the CookieAuthenticationHandler
`static java.lang.String`	`REVISION`

Fields inherited from class com.jalios.jcms.authentication.AuthenticationHandler
channel, GENERIC_BAD_AUTHENTICATION_MSG

Method Summary

Methods
Modifier and Type	Method and Description
`static Member`	`checkAuthenticationFromCookie(javax.servlet.http.Cookie[] cookies)` Returns the member corresponding to the member id which is contains in memberId cookie.
`static boolean`	`checkCookieDigest(java.lang.String digest, java.lang.String timeStr, Member member)` Check if the specified time and password matches the encoded digest.
`static javax.servlet.http.Cookie`	`getAuthenticationCookie(Member member, java.lang.String domain, java.lang.String path, boolean isPersistent)` Returns a cookie for a given member
`static java.lang.String`	`getCookieDigest(java.lang.String timeStr, Member member)` Returns the cookie digest for the specified time and Member.
`static java.lang.String`	`getCookieDigest(java.lang.String timeStr, java.lang.String password)` Deprecated.
`static javax.servlet.http.Cookie`	`getEmptyAuthenticationCookie(java.lang.String domain, java.lang.String path)` Returns an empty authentication cookie (used for logout)
`static CookieAuthenticationHandler`	`getInstance()`
`void`	`loadProperties()` This method will be called by the AuthenticationManager each time the Channel properties are loaded/reloaded.
`void`	`login(AuthenticationContext ctxt)` Authenticate a member.
`void`	`logout(AuthenticationContext ctxt)` This methods is called when users logout from JCMS.

Methods inherited from class com.jalios.jcms.authentication.AuthenticationHandler
compareTo, equals, getOrder, init, setOrder

Methods inherited from class java.lang.Object
clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - REVISION
```
public static final java.lang.String REVISION
```
    See Also:
    Constant Field Values
  - ORDER_COOKIE_HANDLER
```
public static final int ORDER_COOKIE_HANDLER
```
    Order used by the CookieAuthenticationHandler
    
    See Also:
    Constant Field Values
  - AUTHENTICATION_COOKIE_NAME
```
public static final java.lang.String AUTHENTICATION_COOKIE_NAME
```
    Name of cookie used for authentication.
    
    See Also:
    Constant Field Values
- Method Detail
  - getInstance
```
public static final CookieAuthenticationHandler getInstance()
```
  - loadProperties
```
public void loadProperties()
```
    Description copied from class: AuthenticationHandler
    
    This method will be called by the AuthenticationManager each time the Channel properties are loaded/reloaded.
    You can use it to reload properties that might have been changed.
    This method is called during initialization of the AuthenticationManager
    
    Overrides:
    
    loadProperties in class AuthenticationHandler
  - login
```
public void login(AuthenticationContext ctxt)
           throws java.io.IOException
```
    Description copied from class: AuthenticationHandler
    Authenticate a member.
    This method is invoked by the authentication chain on each request.
    A typical implementation of this method would follow the following pattern :
    1. Examine informations required to perform the authentication through the AuthenticationContext object (request, response, login.. etc)
    2. Perform your authentication before chain invokation and set the logged Member AuthenticationContext.setLoggedMember(com.jalios.jcms.Member)
    3. a) Either invoke the next entity in the chain using AuthenticationContext.doChain(),
    4. b) or else skip the chain invokation and block other authentication handler of the chain (do this with caution...)
    5. Perform redirection, set information/warning/error message or any other process, after chain invokation, using AuthenticationContext.
    Default implementation is to invoke the next handler in the chain.
    Overrides:
    
    login in class AuthenticationHandler
    
    Parameters:
    ctxt - the AuthenticationContext used for this login
    
    Throws:
    
    java.io.IOException
  - logout
```
public void logout(AuthenticationContext ctxt)
            throws java.io.IOException
```
    Description copied from class: AuthenticationHandler
    
    This methods is called when users logout from JCMS.
    It may not be called if user simply close its browser. Don't rely on this for critical operation
    
    Default implementation is to invoke the next handler in the chain.
    
    Overrides:
    
    logout in class AuthenticationHandler
    
    Parameters:
    ctxt - the AuthenticationContext used for this login
    
    Throws:
    
    java.io.IOException
  - getCookieDigest
```
public static final java.lang.String getCookieDigest(java.lang.String timeStr,
                               java.lang.String password)
```
    Deprecated.
    
    Returns the cookie digest (MD5) composed of concatenation of the time (in millis) and the password of the member
    
    Parameters:
    timeStr - a time as a string (e.g. String.valueOf(System.currentTimeMillis()))
    password - the Member's password in its crypted version (e.g. member.getPassword())
    
    Returns:
    an authentication digest
  - getCookieDigest
```
public static final java.lang.String getCookieDigest(java.lang.String timeStr,
                               Member member)
```
    Returns the cookie digest for the specified time and Member.
    
    Parameters:
    timeStr - a time as a string (e.g. String.valueOf(System.currentTimeMillis()))
    member - the Member for which the digest is computed
    
    Returns:
    an authentication digest
    Since:
    
    jcms-7.1
  - checkCookieDigest
```
public static final boolean checkCookieDigest(java.lang.String digest,
                        java.lang.String timeStr,
                        Member member)
```
    Check if the specified time and password matches the encoded digest.
    
    Parameters:
    digest - the digest to check (as returned by getCookieDigest(String, String)
    timeStr - a time as a string (e.g. String.valueOf(System.currentTimeMillis()))
    member - the Member against which the digest is verified
    
    Returns:
    true if the specified digest matches the timeStr and Member
    Since:
    
    jcms-7.1
  - checkAuthenticationFromCookie
```
public static final Member checkAuthenticationFromCookie(javax.servlet.http.Cookie[] cookies)
```
    Returns the member corresponding to the member id which is contains in memberId cookie.
    
    Parameters:
    cookies - an array of cookies (request.getCookies())
    
    Returns:
    the member or null if not found
  - getAuthenticationCookie
```
public static final javax.servlet.http.Cookie getAuthenticationCookie(Member member,
                                                java.lang.String domain,
                                                java.lang.String path,
                                                boolean isPersistent)
                                                               throws java.net.UnknownHostException
```
    Returns a cookie for a given member
    
    Parameters:
    member - the member to use to generate the cookie.
    domain - an optionnal String containing the domain name within which the cookie is visible; form is according to RFC 2109
    path - the cookie path
    isPersistent - if true the cookie will persist on the user disk beyond the browser shutdown ; otherwise it will persist until browser shutdown.
    
    Returns:
    a new Cookie instance
    
    Throws:
    
    java.net.UnknownHostException - if the specified domain could not be resolved
  - getEmptyAuthenticationCookie
```
public static final javax.servlet.http.Cookie getEmptyAuthenticationCookie(java.lang.String domain,
                                                     java.lang.String path)
                                                                    throws java.net.UnknownHostException
```
    Returns an empty authentication cookie (used for logout)
    
    Parameters:
    domain - the cookie domain (can be null)
    path - the cookie path
    
    Returns:
    a new Cookie instance
    
    Throws:
    
    java.net.UnknownHostException - if the specified domain could not be resolved

Class CookieAuthenticationHandler

Field Summary

Fields inherited from class com.jalios.jcms.authentication.AuthenticationHandler

Method Summary

Methods inherited from class com.jalios.jcms.authentication.AuthenticationHandler

Methods inherited from class java.lang.Object

Field Detail

REVISION

ORDER_COOKIE_HANDLER

AUTHENTICATION_COOKIE_NAME

Method Detail

getInstance

loadProperties

login

logout

getCookieDigest

getCookieDigest

checkCookieDigest

checkAuthenticationFromCookie

getAuthenticationCookie

getEmptyAuthenticationCookie