com.caucho.security
Class LoginList

java.lang.Object
  extended by com.caucho.security.LoginList
All Implemented Interfaces:
Login

@Singleton
public class LoginList
extends java.lang.Object
implements Login

Used to allow multiple login types in a priority list.

Since:
Resin 4.0.2

Field Summary
 
Fields inherited from interface com.caucho.security.Login
LOGIN_PASSWORD, LOGIN_USER_NAME, LOGIN_USER_PRINCIPAL
 
Constructor Summary
LoginList()
           
 
Method Summary
 void add(Login login)
          Adds the next login in the list.
 Authenticator getAuthenticator()
          Returns the configured authenticator
 java.lang.String getAuthType()
          Returns the authentication type.
 java.util.ArrayList<Login> getLoginList()
          Returns the login list.
 java.security.Principal getUserPrincipal(HttpServletRequest request)
          Returns the Principal associated with the current request.
 boolean isLoginUsedForRequest(HttpServletRequest request)
          Returns true if the login is used for this request
 boolean isPasswordBased()
          Returns true if username and password based authentication is supported.
 boolean isUserInRole(java.security.Principal user, java.lang.String role)
          Returns true if the current user plays the named role.
 java.security.Principal login(HttpServletRequest request, HttpServletResponse response, boolean isFail)
          Logs a user in.
 void logout(java.security.Principal user, HttpServletRequest request, HttpServletResponse response)
          Logs the user out from the given request.
 void sessionInvalidate(HttpSession session, boolean isTimeout)
          Called when the session invalidates.
 java.lang.String toString()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

LoginList

public LoginList()
Method Detail

add

public void add(Login login)
Adds the next login in the list.


getLoginList

public java.util.ArrayList<Login> getLoginList()
Returns the login list.


getAuthType

public java.lang.String getAuthType()
Returns the authentication type. getAuthType is called by HttpServletRequest.getAuthType.

Specified by:
getAuthType in interface Login

getAuthenticator

public Authenticator getAuthenticator()
Returns the configured authenticator

Specified by:
getAuthenticator in interface Login

isLoginUsedForRequest

public boolean isLoginUsedForRequest(HttpServletRequest request)
Returns true if the login is used for this request

Specified by:
isLoginUsedForRequest in interface Login

getUserPrincipal

public java.security.Principal getUserPrincipal(HttpServletRequest request)
Returns the Principal associated with the current request. getUserPrincipal is called in response to the Request.getUserPrincipal call. Login.getUserPrincipal can't modify the response or return an error page.

Specified by:
getUserPrincipal in interface Login
Parameters:
request - servlet request
Returns:
the logged in principal on success, null on failure.

login

public java.security.Principal login(HttpServletRequest request,
                                     HttpServletResponse response,
                                     boolean isFail)
Logs a user in. The authenticate method is called during the security check. If the user does not exist, authenticate sets the reponse error page and returns null.

Specified by:
login in interface Login
Parameters:
request - servlet request
response - servlet response for a failed authentication.
isFail - true if the authorization has failed
Returns:
the logged in principal on success, null on failure.

isPasswordBased

public boolean isPasswordBased()
Returns true if username and password based authentication is supported.

Specified by:
isPasswordBased in interface Login
Returns:
See Also:
BasicLogin

isUserInRole

public boolean isUserInRole(java.security.Principal user,
                            java.lang.String role)
Returns true if the current user plays the named role. isUserInRole is called in response to the HttpServletRequest.isUserInRole call.

Specified by:
isUserInRole in interface Login
Parameters:
user - the logged in user
role - the role to check
Returns:
true if the user plays the named role

logout

public void logout(java.security.Principal user,
                   HttpServletRequest request,
                   HttpServletResponse response)
Logs the user out from the given request.

Since there is no servlet API for logout, this must be called directly from user code. Resin stores the web-app's login object in the ServletContext attribute "caucho.login".

Specified by:
logout in interface Login

sessionInvalidate

public void sessionInvalidate(HttpSession session,
                              boolean isTimeout)
Called when the session invalidates.

Specified by:
sessionInvalidate in interface Login

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object