org.picketlink.authentication.web

Class FormAuthenticationScheme

java.lang.Object

org.picketlink.authentication.web.FormAuthenticationScheme

All Implemented Interfaces:

HTTPAuthenticationScheme

public class FormAuthenticationScheme
extends Object
implements HTTPAuthenticationScheme

An implementation of HTTPAuthenticationScheme that supports the Servlet Specification FORM Authentication Scheme

Since:

June 06, 2013

Author:

Anil Saldhana

Field Summary

Fields

Modifier and Type	Field and Description
static String	FORM_ERROR_PAGE_INIT_PARAM
static String	FORM_LOGIN_PAGE_INIT_PARAM
static String	J_PASSWORD
static String	J_SECURITY_CHECK
static String	J_USERNAME
static String	SAVED_REQUEST
static String	STATE

Constructor Summary

Constructors

Constructor and Description
FormAuthenticationScheme()

Method Summary

Methods

Modifier and Type	Method and Description
void	challengeClient(HttpServletRequest request, HttpServletResponse response) Challenges the client if no credentials were supplied or the credentials were not extracted in order to continue with the authentication.
void	extractCredential(HttpServletRequest request, DefaultLoginCredentials creds) Extracts the credentials from the given HttpServletRequest and populates the DefaultLoginCredentials with them.
void	initialize(FilterConfig config) Called one time by the AuthenticationFilter after the CDI initialization has completed, but before any other methods from this interface are invoked.
boolean	isProtected(HttpServletRequest request) Indicates if the given HttpServletRequest should be protected or not.
boolean	postAuthentication(HttpServletRequest request, HttpServletResponse response) Performs any post-authentication logic regarding of the authentication result.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

FORM_LOGIN_PAGE_INIT_PARAM

public static final String FORM_LOGIN_PAGE_INIT_PARAM

See Also:

Constant Field Values

FORM_ERROR_PAGE_INIT_PARAM

public static final String FORM_ERROR_PAGE_INIT_PARAM

See Also:

Constant Field Values

J_SECURITY_CHECK

public static final String J_SECURITY_CHECK

See Also:

Constant Field Values

J_USERNAME

public static final String J_USERNAME

See Also:

Constant Field Values

J_PASSWORD

public static final String J_PASSWORD

See Also:

Constant Field Values

SAVED_REQUEST

public static final String SAVED_REQUEST

See Also:

Constant Field Values

STATE

public static final String STATE

See Also:

Constant Field Values

Constructor Detail

FormAuthenticationScheme

public FormAuthenticationScheme()

Method Detail

initialize

public void initialize(FilterConfig config)

Description copied from interface: HTTPAuthenticationScheme

Called one time by the AuthenticationFilter after the CDI initialization has completed, but before any other methods from this interface are invoked.

Specified by:

initialize in interface HTTPAuthenticationScheme

Parameters:

config - the configuration of AuthenticationFilter from web.xml. Never null.

extractCredential

public void extractCredential(HttpServletRequest request,
                     DefaultLoginCredentials creds)

Description copied from interface: HTTPAuthenticationScheme

Extracts the credentials from the given HttpServletRequest and populates the DefaultLoginCredentials with them. If the request is not an authentication attempt (as defined by the implementation), then creds is not affected.

Specified by:

extractCredential in interface HTTPAuthenticationScheme

Parameters:

request - The current request, to examine for authentication information.

creds - The credentials instance that will be populated with the credentials found in the request, if any.

challengeClient

public void challengeClient(HttpServletRequest request,
                   HttpServletResponse response)
                     throws IOException

Description copied from interface: HTTPAuthenticationScheme

Challenges the client if no credentials were supplied or the credentials were not extracted in order to continue with the authentication.

Specified by:

challengeClient in interface HTTPAuthenticationScheme

Parameters:

request - The current request, which may be used to obtain a RequestDispatcher if needed. If this method is called, the rest of the filter chain will not be processed, so implementations are free to read the request body if they so choose.

response - The current response, which can be used to send HTTP error results, redirects, or for sending additional challenge headers.

Throws:

IOException - if reading the request or writing the response fails.

postAuthentication

public boolean postAuthentication(HttpServletRequest request,
                         HttpServletResponse response)
                           throws IOException

Description copied from interface: HTTPAuthenticationScheme

Performs any post-authentication logic regarding of the authentication result.

Specified by:

postAuthentication in interface HTTPAuthenticationScheme

Parameters:

request - The current request, which may be used to obtain a RequestDispatcher if needed.

response - The current response, which can be used to send an HTTP response, or a redirect.

Returns:

true if the processing of the filter chain should continue, false if the processing should stop (typically because this filter has already sent a response).

Throws:

IOException - if reading the request or writing the response fails.

isProtected

public boolean isProtected(HttpServletRequest request)

Description copied from interface: HTTPAuthenticationScheme

Indicates if the given HttpServletRequest should be protected or not.

Specified by:

isProtected in interface HTTPAuthenticationScheme

Returns:

If this method returns false, the authentication will be ignored and the client will not be challenged for credentials.