electric.servlet.authenticators.basic
Class BasicAuthenticator

java.lang.Object
  electric.servlet.authenticators.basic.BasicAuthenticator

All Implemented Interfaces:

IEXMLLoggingConstants, IGLUELoggingConstants, IHTTPAuthenticator, IHTTPConstants, ILoggingConstants

public class BasicAuthenticator

extends java.lang.Object

implements IHTTPAuthenticator, IHTTPConstants, IGLUELoggingConstants

HTTP Basic authentication, see rfc2617 for details

Author:

webMethods

Field Summary

Fields inherited from interface electric.util.http.IHTTPConstants

ACCEPT_LANGUAGE, ACCEPT_RANGES, APPLICATION_BINARY, APPLICATION_OCTET_STREAM, ASCII, AUTHORIZATION, BASIC, BOUNDARY, CHARSET_EQUALS, CHUNKED, CLOSE, COLON_SLASH_SLASH, CONNECT, CONNECTION, CONTENT_ID, CONTENT_LANGUAGE, CONTENT_LENGTH, CONTENT_LOCATION, CONTENT_TYPE, CONTINUATION_STATUS, CONTINUE_EXPECTATION, COOKIE, COOKIE_LISTENER, DATE, DEFAULT_CONTENT_TYPE, DEFAULT_HTTP_CHARSET, DEFAULT_HTTPS_PORT, DEFAULT_MIME_TYPE, DEFAULT_PROXY_PORT, DIGEST, EOL, EXPECT, EXPECT_HEADER, FORM_URLENCODED, GET, GLUE_SESSION, HEAD, HOST, HTTP_1_0, HTTP_1_1, HTTP_PROTOCOL, HTTPS_PROTOCOL, IF_MODIFIED_SINCE, KEEP_ALIVE, LAST_MODIFIED, LOCATION, MD5_HASH, MIME_BOUNDARY, MIME_VERSION, MULTIPART_CONTENT_TYPE, OK, POST, PROXY_AUTHORIZATION, RANGE, SC_CONTINUE, SC_MOVED, SC_MOVED_PERMANENTLY, SC_OK, SC_PROXY_AUTHENTICATION_REQUIRED, SC_UNAUTHORIZED, SEPARATOR, SERVER, SERVER_PREFIX, SERVER_TYPE, SET_COOKIE_0, SET_COOKIE_1, SLASH, START, TEXT_HTML, TEXT_PLAIN, TEXT_XML, TEXT_XML_UTF_8, TRANSFER_ENCODING, USER_AGENT, WWW_AUTHENTICATE

Fields inherited from interface electric.glue.IGLUELoggingConstants

CLUSTER_DEBUG_EVENT, CLUSTER_EVENT, CONSOLE_DEBUG_EVENT, DEPLOY_EVENT, DETECTORS_EVENT, HTTP_EVENT, JMS_EVENT, REBINDING_EVENT, SECURITY_DEBUG_EVENT, SECURITY_DETAIL_EVENT, SERVLET_EVENT, SOAP_EVENT

Fields inherited from interface electric.xml.IEXMLLoggingConstants

MAPPING_EVENT, SCHEMA_EVENT

Fields inherited from interface electric.util.log.ILoggingConstants

CLASSLOADER_EVENT, COMMAND_EVENT, COMMENT_EVENT, CONFIG_EVENT, DEBUG_EVENT, ELECTRIC_LOGGING_PROPERTY, ERROR_EVENT, EXCEPTION_EVENT, FILE_EVENT, LICENSE_EVENT, RESOURCES_EVENT, SECURITY_EVENT, SHUTDOWN_EVENT, SOURCE_EVENT, SQL_EVENT, STARTUP_EVENT, WARNING_EVENT

Constructor Summary

BasicAuthenticator()

Method Summary

boolean	authenticate(InboundHTTPRequest request, OutboundHTTPResponse response, java.lang.String relativePath, electric.servlet.security.WebResourceCollection webResourceCollection) Authenticate a request.
ICredentials[]	getAuthenticatedCredentials(javax.servlet.http.HttpServletRequest request, IRealm realm) Given an incoming HTTP request, find any HTTP Basic Authorize: headers, extract the credentials, and authenticate them.
java.lang.String	getAuthMethod()
ICredentials[]	getDeclaredCredentials(javax.servlet.http.HttpServletRequest servletRequest) Extract all the HTTP Basic authentication credentials from the given request.
boolean	sendNoAuthenticationResponse(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, IRealm realm) Add the appropriate WWW-Authenticate request to the response, based on the incoming request and the realm.
void	setContext(HTTPContext context) Authenticators are per-servlet-context.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BasicAuthenticator

public BasicAuthenticator()

Method Detail

setContext

public void setContext(HTTPContext context)

Description copied from interface: IHTTPAuthenticator

Authenticators are per-servlet-context.

Specified by:

setContext in interface IHTTPAuthenticator

Parameters:

context -

authenticate

public boolean authenticate(InboundHTTPRequest request,
                            OutboundHTTPResponse response,
                            java.lang.String relativePath,
                            electric.servlet.security.WebResourceCollection webResourceCollection)
                     throws java.io.IOException

Description copied from interface: IHTTPAuthenticator

Authenticate a request. Return true if authentication successful and processing should continue to the authorization step, false if the authenticator has handled the response itself and the httpcontext should short-circuit processing and return immediately.

Specified by:

authenticate in interface IHTTPAuthenticator

Parameters:

request -

response -

relativePath -

Returns:

true or false

Throws:

java.io.IOException

getAuthMethod

public java.lang.String getAuthMethod()

Specified by:

getAuthMethod in interface IHTTPAuthenticator

Returns:

a servlet-spec compatible string indicating the authentication method in use

getAuthenticatedCredentials

public ICredentials[] getAuthenticatedCredentials(javax.servlet.http.HttpServletRequest request,
                                                  IRealm realm)

Given an incoming HTTP request, find any HTTP Basic Authorize: headers, extract the credentials, and authenticate them.

Parameters:

request -

realm -

getDeclaredCredentials

public ICredentials[] getDeclaredCredentials(javax.servlet.http.HttpServletRequest servletRequest)

Extract all the HTTP Basic authentication credentials from the given request.

Returns:

an array of credentials to be verified, or null.

sendNoAuthenticationResponse

public boolean sendNoAuthenticationResponse(javax.servlet.http.HttpServletRequest request,
                                            javax.servlet.http.HttpServletResponse response,
                                            IRealm realm)
                                     throws java.io.IOException

Add the appropriate WWW-Authenticate request to the response, based on the incoming request and the realm.

Specified by:

sendNoAuthenticationResponse in interface IHTTPAuthenticator

Parameters:

request -

response -

realm -

Returns:

whether to retry the request

Throws:

java.io.IOException

See Also:

GuardAuthorizer