com.sun.web.security

Class WebProgrammaticLoginImpl

java.lang.Object

com.sun.web.security.WebProgrammaticLoginImpl

All Implemented Interfaces:

com.sun.enterprise.security.web.integration.WebProgrammaticLogin

@Service
public class WebProgrammaticLoginImpl
extends Object
implements com.sun.enterprise.security.web.integration.WebProgrammaticLogin

Internal implementation for servlet programmatic login.

See Also:

com.sun.enterprise.security.ee.auth.login.ProgrammaticLogin

Field Summary

Fields

Modifier and Type	Field and Description
static String	WEBAUTH_PROGRAMMATIC

Constructor Summary

Constructors

Constructor and Description
WebProgrammaticLoginImpl()

Method Summary

Modifier and Type	Method and Description
Boolean	login(String user, char[] password, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Login and set up principal in request and session.
Boolean	logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Logout and remove principal in request and session.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

WEBAUTH_PROGRAMMATIC

public static final String WEBAUTH_PROGRAMMATIC

See Also:

Constant Field Values

Constructor Detail

WebProgrammaticLoginImpl

public WebProgrammaticLoginImpl()

Method Detail

login

public Boolean login(String user,
                     char[] password,
                     String realm,
                     javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response)

Login and set up principal in request and session. This implements programmatic login for servlets.

Due to a number of bugs in RI the security context is not shared between web container and ejb container. In order for an identity established by programmatic login to be known to both containers, it needs to be set not only in the security context but also in the current request and, if applicable, the session object. If a session does not exist this method does not create one.

See bugs 4646134, 4688449 and other referenced bugs for more background.

Note also that this login does not hook up into SSO.

Specified by:

login in interface com.sun.enterprise.security.web.integration.WebProgrammaticLogin

Parameters:

user - User name to login.

password - User password.

request - HTTP request object provided by caller application. It should be an instance of HttpRequestFacade.

response - HTTP response object provided by called application. It should be an instance of HttpServletResponse. This is not used currently.

realm - the realm name to be authenticated to. If the realm is null, authentication takes place in default realm

Throws:

Exception - on login failure.

See Also:

com.sun.enterprise.security.ee.auth.login.ProgrammaticLogin

logout

public Boolean logout(javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response)
               throws Exception

Logout and remove principal in request and session.

Specified by:

logout in interface com.sun.enterprise.security.web.integration.WebProgrammaticLogin

Parameters:

request - HTTP request object provided by caller application. It should be an instance of HttpRequestFacade.

response - HTTP response object provided by called application. It should be an instance of HttpServletResponse. This is not used currently.

Throws:

Exception - any exception encountered during logout operation

See Also:

com.sun.enterprise.security.ee.auth.login.ProgrammaticLogin