jodd.joy.auth

Class AuthInterceptor<T>

java.lang.Object

jodd.joy.auth.AuthInterceptor<T>

All Implemented Interfaces:

jodd.madvoc.ActionWrapper, jodd.madvoc.interceptor.ActionInterceptor

public class AuthInterceptor<T>
extends java.lang.Object
implements jodd.madvoc.interceptor.ActionInterceptor

Simple Auth interceptor.

Authentication checking interceptor. Provides auto-login using cookies.

Authentication pertains to the question "Who are you?". Usually a user authenticates himself by successfully associating his "principal" (often a username) with his "credentials" (often a password).

Authorization checking interceptor.

Authorization pertains to the question "What may you do?". In JEE applications, this is achieved by making secured resources accessible ("requestable" in web applications) to particular "roles". Principals (i.e. users) who are associated with one or more of these roles will have access to those resources.

Field Summary

Fields

Modifier and Type	Field and Description
protected boolean	authenticateViaBasicAuth
protected boolean	return404instead401
static UserAuth	userAuth Simple static HOOK for the implementation.

Constructor Summary

Constructors

Constructor and Description
AuthInterceptor()

Method Summary

Modifier and Type	Method and Description
protected T	authenticateUserViaBasicAuth(jodd.madvoc.ActionRequest actionRequest) Tires to authenticate user via the basic authentication.
protected T	authenticateUserViaHttpSession(jodd.madvoc.ActionRequest actionRequest) Tries to authenticate user via HTTP session.
protected T	authenticateUserViaToken(jodd.madvoc.ActionRequest actionRequest) Tries to authenticate user via token.
protected boolean	authorized(jodd.madvoc.ActionRequest actionRequest) Hook method for authorization of action requests.
java.lang.Object	intercept(jodd.madvoc.ActionRequest actionRequest)
void	setAuthenticateViaBasicAuth(boolean authenticateViaBasicAuth)
void	setReturn404instead401(boolean return404instead401)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface jodd.madvoc.interceptor.ActionInterceptor

apply

Methods inherited from interface jodd.madvoc.ActionWrapper

init

Field Detail

userAuth

public static UserAuth userAuth

Simple static HOOK for the implementation.

return404instead401

protected boolean return404instead401

authenticateViaBasicAuth

protected boolean authenticateViaBasicAuth

Constructor Detail

AuthInterceptor

public AuthInterceptor()

Method Detail

setReturn404instead401

public void setReturn404instead401(boolean return404instead401)

setAuthenticateViaBasicAuth

public void setAuthenticateViaBasicAuth(boolean authenticateViaBasicAuth)

intercept

public java.lang.Object intercept(jodd.madvoc.ActionRequest actionRequest)
                           throws java.lang.Exception

Specified by:

intercept in interface jodd.madvoc.interceptor.ActionInterceptor

Throws:

java.lang.Exception

authenticateUserViaHttpSession

protected T authenticateUserViaHttpSession(jodd.madvoc.ActionRequest actionRequest)

Tries to authenticate user via HTTP session. Returns the token if user is authenticated. Returned token may be rotated.

authenticateUserViaToken

protected T authenticateUserViaToken(jodd.madvoc.ActionRequest actionRequest)

Tries to authenticate user via token. Returns the token if user is authenticated. Returned token may be rotated.

authenticateUserViaBasicAuth

protected T authenticateUserViaBasicAuth(jodd.madvoc.ActionRequest actionRequest)

Tires to authenticate user via the basic authentication. Returns the token if user is authenticated.

authorized

protected boolean authorized(jodd.madvoc.ActionRequest actionRequest)

Hook method for authorization of action requests.