wt.httpgw
Class FormAuthentication

java.lang.Object
  wt.httpgw.FormAuthentication

All Implemented Interfaces:

AuthenticationHandler, CGIConstants

public class FormAuthentication

extends Object

implements AuthenticationHandler, CGIConstants

Form Authentication service. Authentication is performed by having client call our login method via a form for which a Web server performs authentication.

Supported API: true
Extendable: true

Field Summary

private static String	ANONYMOUS_USER
private static String	CONFIRM_AUTH_KEY
private static String	FORM_METHOD_AUTH_KEY
private static String	GATEWAY_HOST
private static String	JSPPAGE
private static String	previousClientHost
private static String	REAUTH_FLAG_KEY
private static String	RESOURCE
private static boolean	VERBOSE_SERVER

Fields inherited from interface wt.auth.AuthenticationHandler

versionID

Fields inherited from interface wt.httpgw.CGIConstants

CGI_ACCEPT, CGI_ACCEPT_CHARSET, CGI_ACCEPT_LANGUAGE, CGI_AUTH_TYPE, CGI_AUTHORIZATION, CGI_CONNECTION, CGI_CONTENT_LENGTH, CGI_CONTENT_TYPE, CGI_CONTEXT_PATH, CGI_DELETE_METHOD, CGI_GATEWAY_INTERFACE, CGI_GET_METHOD, CGI_HEAD_METHOD, CGI_HOST, CGI_IF_MODIFIED_SINCE, CGI_MULTIPART_BOUNDARY, CGI_PATH_INFO, CGI_PATH_TRANSLATED, CGI_POST_METHOD, CGI_PRAGMA, CGI_PROPERTY_PREFIX, CGI_PROTOCOL, CGI_PUT_METHOD, CGI_QUERY_STRING, CGI_REFERER, CGI_REMOTE_ADDR, CGI_REMOTE_HOST, CGI_REMOTE_IDENT, CGI_REMOTE_USER, CGI_REQUEST_METHOD, CGI_SCHEME, CGI_SCRIPT_NAME, CGI_SERVER_NAME, CGI_SERVER_PORT, CGI_SERVER_PROTOCOL, CGI_SERVER_SOFTWARE, CGI_SERVLET_SESSION, CGI_TRACE_METHOD, CGI_UA_COLOR, CGI_UA_CPU, CGI_UA_OS, CGI_UA_PIXELS, CGI_URI, CGI_URL, CGI_USER_AGENT, versionID

Constructor Summary

FormAuthentication()

Method Summary

MethodAuthenticator	bootstrap(MethodAuthenticator authenticator) Initialization method called from bootstrapping authenticator's init method.
protected static void	checkAccess() Method to validate access to processRequest method.
MethodAuthenticator	getBootstrapAuthenticator() Get a bootstrap MethodAuthenticator capable of identifying the user.
MethodAuthenticator	getBootstrapAuthenticator(String session_id) Get a bootstrap MethodAuthenticator capable of identifying the user for the given session.
protected void	initSession(GatewayAuthenticator auth) Establish security context (or lack thereof) for a HTTP gateway method call.
static void	login(HTTPRequest request, HTTPResponse response) Handle client request for form login.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RESOURCE

private static final String RESOURCE

See Also:

Constant Field Values

VERBOSE_SERVER

private static final boolean VERBOSE_SERVER

ANONYMOUS_USER

private static final String ANONYMOUS_USER

GATEWAY_HOST

private static String GATEWAY_HOST

FORM_METHOD_AUTH_KEY

private static final String FORM_METHOD_AUTH_KEY

See Also:

Constant Field Values

JSPPAGE

private static final String JSPPAGE

CONFIRM_AUTH_KEY

private static final String CONFIRM_AUTH_KEY

See Also:

Constant Field Values

REAUTH_FLAG_KEY

private static final String REAUTH_FLAG_KEY

See Also:

Constant Field Values

previousClientHost

private static String previousClientHost

Constructor Detail

FormAuthentication

public FormAuthentication()

Method Detail

getBootstrapAuthenticator

public MethodAuthenticator getBootstrapAuthenticator()

Get a bootstrap MethodAuthenticator capable of identifying the user. This method returns a FormLogin object that will perform login by calling our login method using an authenticated HTTP request.

Supported API: false

Specified by:

getBootstrapAuthenticator in interface AuthenticationHandler

Returns:

MethodAuthenticator object

getBootstrapAuthenticator

public MethodAuthenticator getBootstrapAuthenticator(String session_id)

Get a bootstrap MethodAuthenticator capable of identifying the user for the given session. This method returns a FormLogin object that will perform login by calling our login method using an authenticated HTTP request.

Supported API: false

Specified by:

getBootstrapAuthenticator in interface AuthenticationHandler

Parameters:

session_id - a string identifying the session to be authenticated

Returns:

MethodAuthenticator object

bootstrap

public MethodAuthenticator bootstrap(MethodAuthenticator authenticator)

Initialization method called from bootstrapping authenticator's init method. Called to establish authentication for Form Autentication requests or to report failure of client Form login attempt.

Supported API: false

Specified by:

bootstrap in interface AuthenticationHandler

Parameters:

authenticator - the MethodAuthenticator being initialized

Returns:

replacement MethodAuthenticator or null if not our authenticator.

Throws:

AuthenticationException - if authentication failed

login

public static void login(HTTPRequest request,
                         HTTPResponse response)
                  throws IOException,
                         WTException

Handle client request for form login.

Supported API: false

Throws:

IOException

WTException

initSession

protected void initSession(GatewayAuthenticator auth)

Establish security context (or lack thereof) for a HTTP gateway method call.

Supported API: false

checkAccess

protected static void checkAccess()

Method to validate access to processRequest method. This implementation allows access only from clients that are running on the local (server) host or identified in the wt.httpgw.hostname property.

Supported API: false

Throws:

SecurityException - if check fails and/or access is denied