ml.alternet.security.web

Class Passwords

java.lang.Object

ml.alternet.security.web.Passwords

public abstract class Passwords
extends Object

Handle safe passwords on a Web environment, meaning that in the Web processing chain, a password NEVER appear as a String inside the system.

A password maybe received by a Web server when the client send an HTTP authentication, or when the user fill a login form (POST only since GET is not secure for this purpose). Note that passwords sent by forms doesn't necessary aim to authenticate a user, they may for example have been design to register a user. This class allows to handle all the use case where passwords are sent.

A safe data type is also available for RESTful applications.

To retrieve the passwords, use :

 public void doPost(HttpServletRequest req, HttpServletResponse resp) {
     // retrieve the password(s) of a form field
     PasswordParam pwd = Passwords.getPasswords(req, "pwdField");
     // ...
 }

Author:

Philippe Poulard

Field Summary

Fields

Modifier and Type	Field and Description
static String	ATTRIBUTE_KEY The attribute key for HttpServletRequest
static String	BASIC_AUTH_ATTRIBUTE_KEY The BASIC authentication attribute key for HttpServletRequest, used to store the credentials (login, password).

Constructor Summary

Constructors

Constructor and Description
Passwords()

Method Summary

Modifier and Type	Method and Description
static PasswordParam	getPasswords(javax.servlet.ServletRequest req, String name) Extract the passwords sent by the HTTP request.
protected abstract PasswordParam	getPasswords(String name) Return a non empty sequence of passwords.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ATTRIBUTE_KEY

public static final String ATTRIBUTE_KEY

The attribute key for HttpServletRequest

BASIC_AUTH_ATTRIBUTE_KEY

public static final String BASIC_AUTH_ATTRIBUTE_KEY

The BASIC authentication attribute key for HttpServletRequest, used to store the credentials (login, password).

Constructor Detail

Passwords

public Passwords()

Method Detail

getPasswords

protected abstract PasswordParam getPasswords(String name)

Return a non empty sequence of passwords. If no passwords are defined for the given field name, the first item represents the empty password.

Parameters:

name - The name of the password field.

Returns:

A non empty sequence of passwords.

getPasswords

public static PasswordParam getPasswords(javax.servlet.ServletRequest req,
                                         String name)

Extract the passwords sent by the HTTP request.

Parameters:

req - The actual HTTP request.

name - The name of the password field (either a form field or a header field according to the configuration)

Returns:

A non empty sequence of passwords. If no passwords are defined for the given field name, the first item represents the empty password.