AuthenticatorList (Resin 4.0.s170329)

java.lang.Object
- com.caucho.server.security.AuthenticatorList

All Implemented Interfaces:: ServletAuthenticator

public class AuthenticatorList
extends java.lang.Object
implements ServletAuthenticator

The AuthenticatorList is used to configure more than one authenticators in a list, each authenticator is tried in turn and if the authentication fails the next authenticator in the list is attempted.

  <authenticator type="com.caucho.server.security.AuthenticatorList">
    <init>
      <authenticator resin:type="com.caucho.server.security.XmlAuthenticator">
        <user>admin:NIHlOSafJN2H7emQCkOQ2w==:user,admin</user>
      </authenticator>

      <authenticator resin:type='com.caucho.server.security.JdbcAuthenticator'>
        <data-source>jdbc/users</data-source>
        <password-query>
          SELECT password FROM LOGIN WHERE username=?
        </password-query>
        <cookie-auth-query>
          SELECT username FROM LOGIN WHERE cookie=?
        </cookie-auth-query>
        <cookie-auth-update>
          UPDATE LOGIN SET cookie=? WHERE username=?
        </cookie-auth-update>
        <role-query>
          SELECT role FROM LOGIN WHERE username=?
        </role-query>
      </authenticator>
    </init>
  </authenticator>

  <login-config auth-method='basic'/>

  <security-constraint url-pattern='/users/*' role-name='user'/>
  <security-constraint url-pattern='/admin/*' role-name='admin'/>

Constructor Summary

Constructors
Constructor and Description

AuthenticatorList()

Constructors
Constructor and Description
`AuthenticatorList()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`addAuthenticator(ServletAuthenticator authenticator)` Sets the path to the XML file.
`java.security.Principal`	`getUserPrincipal(HttpServletRequest request, HttpServletResponse response, ServletContext application)` Gets the authenticated user for the current request.
`void`	`init()` Initialize the authenticator.
`boolean`	`isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.security.Principal user, java.lang.String role)` Returns true if the user plays the named role.
`java.security.Principal`	`login(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.lang.String user, java.lang.String password)` Logs a user in with a user name and a password.
`java.security.Principal`	`loginDigest(HttpServletRequest request, HttpServletResponse response, ServletContext app, java.lang.String user, java.lang.String realm, java.lang.String nonce, java.lang.String uri, java.lang.String qop, java.lang.String nc, java.lang.String cnonce, byte[] clientDigset)` Validates the user when using HTTP Digest authentication.
`void`	`logout(ServletContext application, HttpSession timeoutSession, java.lang.String sessionId, java.security.Principal user)` Logs the user out from the given request.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - AuthenticatorList
```
public AuthenticatorList()
```
- Method Detail
  - addAuthenticator
```
public void addAuthenticator(ServletAuthenticator authenticator)
```
    Sets the path to the XML file.
  - init
```
@PostConstruct
public void init()
                         throws ServletException
```
    Description copied from interface: ServletAuthenticator
    
    Initialize the authenticator. init() is called after all the bean parameter have been set.
    
    Specified by:
    
    init in interface ServletAuthenticator
    
    Throws:
    
    ServletException
  - login
```
public java.security.Principal login(HttpServletRequest request,
                                     HttpServletResponse response,
                                     ServletContext application,
                                     java.lang.String user,
                                     java.lang.String password)
                              throws ServletException
```
    Description copied from interface: ServletAuthenticator
    
    Logs a user in with a user name and a password. The login method is generally called during servlet security checks. The ServletRequest.getUserPrincipal call will generally call getUserPrincipal.
    The implementation may only use the response to set cookies and headers. It may not write output or set the response status. If the application needs to send a custom error reponse, it must implement a custom AbstractLogin instead.
    
    Specified by:
    
    login in interface ServletAuthenticator
    
    Parameters:
    
    request - servlet request
    
    response - servlet response, in case any cookie need sending.
    
    application - servlet application
    
    user - the user name.
    
    password - the users input password.
    
    Returns:
    
    the logged in principal on success, null on failure.
    
    Throws:
    
    ServletException
  - getUserPrincipal
```
public java.security.Principal getUserPrincipal(HttpServletRequest request,
                                                HttpServletResponse response,
                                                ServletContext application)
                                         throws ServletException
```
    Description copied from interface: ServletAuthenticator
    
    Gets the authenticated user for the current request. If the user has not logged in, just returns null.
    getUserPrincipal is called in response to an application's call to HttpServletRequest.getUserPrincipal.
    The implementation may only use the response to set cookies and headers. It may not write output.
    
    Specified by:
    
    getUserPrincipal in interface ServletAuthenticator
    
    Parameters:
    
    request - the request trying to authenticate.
    
    response - the response for setting headers and cookies.
    
    application - the servlet context
    
    Returns:
    
    the authenticated user or null if none has logged in
    
    Throws:
    
    ServletException
  - loginDigest
```
public java.security.Principal loginDigest(HttpServletRequest request,
                                           HttpServletResponse response,
                                           ServletContext app,
                                           java.lang.String user,
                                           java.lang.String realm,
                                           java.lang.String nonce,
                                           java.lang.String uri,
                                           java.lang.String qop,
                                           java.lang.String nc,
                                           java.lang.String cnonce,
                                           byte[] clientDigset)
                                    throws ServletException
```
    Description copied from interface: ServletAuthenticator
    Validates the user when using HTTP Digest authentication. DigestLogin will call this method. Most other AbstractLogin implementations, like BasicLogin and FormLogin, will use getUserPrincipal instead.
    The HTTP Digest authentication uses the following algorithm to calculate the digest. The digest is then compared to the client digest.
```
 A1 = MD5(username + ':' + realm + ':' + password)
 A2 = MD5(method + ':' + uri)
 digest = MD5(A1 + ':' + nonce + A2)
 
```
    Specified by:
    
    loginDigest in interface ServletAuthenticator
    
    Parameters:
    
    request - the request trying to authenticate.
    
    response - the response for setting headers and cookies.
    
    app - the servlet context
    
    user - the username
    
    realm - the authentication realm
    
    nonce - the nonce passed to the client during the challenge
    
    uri - te protected uri
    
    cnonce - the client nonce
    
    Returns:
    
    the logged in principal if successful
    
    Throws:
    
    ServletException
  - isUserInRole
```
public boolean isUserInRole(HttpServletRequest request,
                            HttpServletResponse response,
                            ServletContext application,
                            java.security.Principal user,
                            java.lang.String role)
                     throws ServletException
```
    Description copied from interface: ServletAuthenticator
    
    Returns true if the user plays the named role.
    This method is called in response to the HttpServletResponse.isUserInRole call and for security-constraints that check the use role.
    
    Specified by:
    
    isUserInRole in interface ServletAuthenticator
    
    Parameters:
    
    request - the request testing the role.
    
    application - the owning application
    
    user - the user's Principal.
    
    role - role name.
    
    Throws:
    
    ServletException
  - logout
```
public void logout(ServletContext application,
                   HttpSession timeoutSession,
                   java.lang.String sessionId,
                   java.security.Principal user)
            throws ServletException
```
    Description copied from interface: ServletAuthenticator
    
    Logs the user out from the given request.
    Called via the session.logout() method.
    
    Specified by:
    
    logout in interface ServletAuthenticator
    
    timeoutSession - for timeout, the session timing out. null if force logout
    
    Throws:
    
    ServletException

Class AuthenticatorList

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

AuthenticatorList

Method Detail

addAuthenticator

init

login

getUserPrincipal

loginDigest

isUserInRole

logout