org.jboss.as.web.security.jaspi.modules

Class HTTPFormServerAuthModule

java.lang.Object

org.jboss.as.web.security.jaspi.modules.WebServerAuthModule

org.jboss.as.web.security.jaspi.modules.HTTPFormServerAuthModule

All Implemented Interfaces:

javax.security.auth.message.module.ServerAuthModule, javax.security.auth.message.ServerAuth

public class HTTPFormServerAuthModule
extends WebServerAuthModule

This class implements a JASPI ServerAuthModule that handles HTTP FORM authentication.

Author:

Anil Saldhana, Stefan Guilhen

Field Summary

Fields

Modifier and Type	Field and Description
protected boolean	cache
protected org.apache.catalina.Context	context
protected String	delegatingLoginContextName
protected static org.apache.catalina.util.StringManager	sm

Fields inherited from class org.jboss.as.web.security.jaspi.modules.WebServerAuthModule

callbackHandler, options

Constructor Summary

Constructors

Constructor and Description
HTTPFormServerAuthModule() Creates an instance of HTTPFormServerAuthModule.
HTTPFormServerAuthModule(String delegatingLoginContextName) Creates an instance of HTTPFormServerAuthModule with the specified delegating login context name.

Method Summary

Methods

Modifier and Type	Method and Description
protected void	forwardToErrorPage(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.LoginConfig config) Forwards the current request to the error page.
protected void	forwardToLoginPage(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.LoginConfig config) Forwards the current request to the login page.
protected boolean	matchRequest(org.apache.catalina.connector.Request request) This method verifies if the specified Request matches a previously saved request or not.
protected boolean	restoreRequest(org.apache.catalina.connector.Request request, org.apache.catalina.Session session) Restores the original request from information stored in our session.
protected String	savedRequestURL(org.apache.catalina.Session session) Returns the request URI (with the corresponding query string, if any) from the saved request so that we can redirect to it.
protected void	saveRequest(org.apache.catalina.connector.Request request, org.apache.catalina.Session session) Saves the original request information into our session.
javax.security.auth.message.AuthStatus	secureResponse(javax.security.auth.message.MessageInfo messageInfo, Subject serviceSubject)
javax.security.auth.message.AuthStatus	validateRequest(javax.security.auth.message.MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject)

Methods inherited from class org.jboss.as.web.security.jaspi.modules.WebServerAuthModule

cleanSubject, getSupportedMessageTypes, initialize, registerWithCallbackHandler

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

context

protected org.apache.catalina.Context context

cache

protected boolean cache

sm

protected static final org.apache.catalina.util.StringManager sm

delegatingLoginContextName

protected String delegatingLoginContextName

Constructor Detail

HTTPFormServerAuthModule

public HTTPFormServerAuthModule()

Creates an instance of HTTPFormServerAuthModule.

HTTPFormServerAuthModule

public HTTPFormServerAuthModule(String delegatingLoginContextName)

Creates an instance of HTTPFormServerAuthModule with the specified delegating login context name.

Parameters:

delegatingLoginContextName - the name of the login context configuration that contains the JAAS modules that are to be called by this module.

Method Detail

secureResponse

public javax.security.auth.message.AuthStatus secureResponse(javax.security.auth.message.MessageInfo messageInfo,
                                                    Subject serviceSubject)
                                                      throws javax.security.auth.message.AuthException

Specified by:

secureResponse in interface javax.security.auth.message.ServerAuth

Specified by:

secureResponse in class WebServerAuthModule

Throws:

javax.security.auth.message.AuthException

validateRequest

public javax.security.auth.message.AuthStatus validateRequest(javax.security.auth.message.MessageInfo messageInfo,
                                                     Subject clientSubject,
                                                     Subject serviceSubject)
                                                       throws javax.security.auth.message.AuthException

Specified by:

validateRequest in interface javax.security.auth.message.ServerAuth

Specified by:

validateRequest in class WebServerAuthModule

Throws:

javax.security.auth.message.AuthException

matchRequest

protected boolean matchRequest(org.apache.catalina.connector.Request request)

This method verifies if the specified Request matches a previously saved request or not.

Parameters:

request - The Request object to be verified.

Returns:

true if the request matches the saved one; false otherwise.

restoreRequest

protected boolean restoreRequest(org.apache.catalina.connector.Request request,
                     org.apache.catalina.Session session)

Restores the original request from information stored in our session. If the original request is no longer present (because the session timed out), return false; otherwise, return true.

Parameters:

request - the Request instance that will be populated with the saved request data.

session - the Session containing the saved information.

Returns:

true if the request could be restored; false otherwise.

saveRequest

protected void saveRequest(org.apache.catalina.connector.Request request,
               org.apache.catalina.Session session)
                    throws IOException

Saves the original request information into our session.

Parameters:

request - the Request instance to be saved

session - the Session where the request is to be saved.

Throws:

IOException - if an error occurs while saving the request.

savedRequestURL

protected String savedRequestURL(org.apache.catalina.Session session)

Returns the request URI (with the corresponding query string, if any) from the saved request so that we can redirect to it.

Parameters:

session - the current Session.

Returns:

a String containing the request URI.

forwardToLoginPage

protected void forwardToLoginPage(org.apache.catalina.connector.Request request,
                      org.apache.catalina.connector.Response response,
                      org.apache.catalina.deploy.LoginConfig config)

Forwards the current request to the login page.

Parameters:

request - the Request instance being processed.

response - the Response instance being processed.

config - the login configuration describing how authentication should be performed

forwardToErrorPage

protected void forwardToErrorPage(org.apache.catalina.connector.Request request,
                      org.apache.catalina.connector.Response response,
                      org.apache.catalina.deploy.LoginConfig config)

Forwards the current request to the error page.

Parameters:

request - the Request instance being processed.

response - the Response instance being processed.

config - the login configuration describing how authentication should be performed