wt.httpgw
Class DemoAuthentication

java.lang.Object
  wt.httpgw.HTTPAuthentication
      wt.httpgw.DemoAuthentication

All Implemented Interfaces:

AuthenticationHandler, CGIConstants

public class DemoAuthentication

extends HTTPAuthentication

A version of HTTP Authentication service that simply extracts the user name from HTTP Basic authorization headers. This implmementation can be used for demos when many user names are desired but setting up web server access controls would take too long.

It also servers as an example of how to the Windchill authentication framework can be used to implement additional authentication techniques such as using user name and password supplied by HTTP Basic authentication to authenticate with 3rd party software such as a LDAP server.

To use this class, configure the wt.auth.handlers property to be wt.httpgw.DemoAuthentication. Then configure wt.httpgw.url.anonymous to be wt.httpgw.HTTPGatewayServlet and wt.httpgw.url.authenticated to be wt.httpgw.HTTPAuthGatewayServlet. If the web server does not automatically add a www-authenticate header to 401 responses, also set property wt.httpgw.wwwAuthenticate to a HTTP Basic challenge (e.g. "Basic").

Supported API: false
Extendable: false

Field Summary

private static int[]	fromBase64
private static boolean	VERBOSE_SERVER

Fields inherited from class wt.httpgw.HTTPAuthentication

Fields inherited from interface wt.auth.AuthenticationHandler

versionID

Fields inherited from interface wt.httpgw.CGIConstants

CGI_ACCEPT, CGI_ACCEPT_CHARSET, CGI_ACCEPT_LANGUAGE, CGI_AUTH_TYPE, CGI_AUTHORIZATION, CGI_CONNECTION, CGI_CONTENT_LENGTH, CGI_CONTENT_TYPE, CGI_CONTEXT_PATH, CGI_DELETE_METHOD, CGI_GATEWAY_INTERFACE, CGI_GET_METHOD, CGI_HEAD_METHOD, CGI_HOST, CGI_IF_MODIFIED_SINCE, CGI_MULTIPART_BOUNDARY, CGI_PATH_INFO, CGI_PATH_TRANSLATED, CGI_POST_METHOD, CGI_PRAGMA, CGI_PROPERTY_PREFIX, CGI_PROTOCOL, CGI_PUT_METHOD, CGI_QUERY_STRING, CGI_REFERER, CGI_REMOTE_ADDR, CGI_REMOTE_HOST, CGI_REMOTE_IDENT, CGI_REMOTE_USER, CGI_REQUEST_METHOD, CGI_SCHEME, CGI_SCRIPT_NAME, CGI_SERVER_NAME, CGI_SERVER_PORT, CGI_SERVER_PROTOCOL, CGI_SERVER_SOFTWARE, CGI_SERVLET_SESSION, CGI_TRACE_METHOD, CGI_UA_COLOR, CGI_UA_CPU, CGI_UA_OS, CGI_UA_PIXELS, CGI_URI, CGI_URL, CGI_USER_AGENT, versionID

Constructor Summary

DemoAuthentication()

Method Summary

private String	decode(String str)
protected String	getAuthenticatedUser(String user, String pw) Get authenticated user name from supplied user name and password.
protected void	initSession(GatewayAuthenticator auth) Establish security context (or lack thereof) for a HTTP gateway method call.

Methods inherited from class wt.httpgw.HTTPAuthentication

bootstrap, checkAccess, getBootstrapAuthenticator, getBootstrapAuthenticator, login

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

VERBOSE_SERVER

private static final boolean VERBOSE_SERVER

fromBase64

private static int[] fromBase64

Constructor Detail

DemoAuthentication

public DemoAuthentication()

Method Detail

initSession

protected void initSession(GatewayAuthenticator auth)

Establish security context (or lack thereof) for a HTTP gateway method call. This implementation extracts remote user from HTTP Authorization header.

Supported API: false

Overrides:

initSession in class HTTPAuthentication

getAuthenticatedUser

protected String getAuthenticatedUser(String user,
                                      String pw)

Get authenticated user name from supplied user name and password. Returns null if authentication fails. This implementation simply returns the user name, but this method can be overriden to check the password against 3rd party software.

Supported API: false

decode

private String decode(String str)