HttpHandshakeAuthenticator

java.lang.Object
- lumis.portal.authentication.http.HttpHandshakeAuthenticator

All Implemented Interfaces:

IHttpAuthenticator

Direct Known Subclasses:

SpnegoAuthenticator
```
@StableMinor(version="12.3",
             sinceVersion="4.0")
public abstract class HttpHandshakeAuthenticator
extends Object
implements IHttpAuthenticator
```
An abstract implementation of IHttpAuthenticator for making it easier to implement authenticators that require multiple http requests to complete the authentication.
Controls the current state, storing it in the http session. To use this class the methods doAuthentication(HttpServletRequest, HttpServletResponse) and requestAuthentication(HttpServletRequest, HttpServletResponse) must be implemented.

Since:

4.0.10

Version:

$Revision: 23746 $ $Date: 2020-04-07 23:14:34 +0000 (Tue, 07 Apr 2020) $

See Also:

lumis.portal.authentication.http

Field Summary

Fields
Modifier and Type	Field and Description
`protected static String`	`ATTRIBUTE_STATE` Constant containing the name of the attribute used to store the state of the authentication in a session.
`protected static byte`	`STATE_AUTHENTICATED` Constant used to represent the state where the authentication has been completed.
`protected static byte`	`STATE_FAILED` Constant used to represent the state where the authentication has been tried but failed.
`protected static byte`	`STATE_NONE` Constant used to represent the state where the authentication has not initiated.
`protected static byte`	`STATE_REQUESTED` Constant used to represent the state where the authentication has been requested, but was not completed.

Constructor Summary

Constructors
Constructor and Description

HttpHandshakeAuthenticator()

Constructors
Constructor and Description
`HttpHandshakeAuthenticator()`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`String`	`authenticate(HttpServletRequest request, HttpServletResponse response)` Tries to authenticate the request, calling `doAuthentication(HttpServletRequest, HttpServletResponse)` or `requestAuthentication(HttpServletRequest, HttpServletResponse)` according to the current state.
`protected abstract String`	`doAuthentication(HttpServletRequest request, HttpServletResponse response)` Perform the user authentication for the given request.
`protected byte`	`getAuthenticationState(HttpServletRequest request)` Returns the authentication state for the given request.
`protected abstract void`	`requestAuthentication(HttpServletRequest request, HttpServletResponse response)` Request authentication from the browser.
`protected void`	`setAuthenticationState(HttpServletRequest request, byte state)` Sets the authentication state for the given request.
`protected boolean`	`shouldTryToAuthenticateOnlyOncePerSession(HttpServletRequest request, HttpServletResponse response)` Indicates if the user should be tried to be authenticated only once each session.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - ATTRIBUTE_STATE
```
protected static final String ATTRIBUTE_STATE
```
    Constant containing the name of the attribute used to store the state of the authentication in a session. The value for this attribute must be one of the STATE constants.
    
    Since:
    
    4.0.10
    
    See Also:
    
    STATE_REQUESTED, STATE_AUTHENTICATED, Constant Field Values
  - STATE_NONE
```
protected static final byte STATE_NONE
```
    Constant used to represent the state where the authentication has not initiated.
    
    Since:
    
    4.0.10
  - STATE_REQUESTED
```
protected static final byte STATE_REQUESTED
```
    Constant used to represent the state where the authentication has been requested, but was not completed.
    
    Since:
    
    4.0.10
  - STATE_AUTHENTICATED
```
protected static final byte STATE_AUTHENTICATED
```
    Constant used to represent the state where the authentication has been completed.
    
    Since:
    
    4.0.10
  - STATE_FAILED
```
protected static final byte STATE_FAILED
```
    Constant used to represent the state where the authentication has been tried but failed.
    
    Since:
    
    4.0.10
- Constructor Detail
  - HttpHandshakeAuthenticator
```
public HttpHandshakeAuthenticator()
```
- Method Detail
  - getAuthenticationState
```
protected byte getAuthenticationState(HttpServletRequest request)
```
    Returns the authentication state for the given request.
    
    Parameters:
    
    request - the http request.
    
    Returns:
    
    the state. One of the STATE constants.
    
    Since:
    
    4.0.10
  - setAuthenticationState
```
protected void setAuthenticationState(HttpServletRequest request,
                                      byte state)
```
    Sets the authentication state for the given request.
    
    Parameters:
    
    request - the http request.
    
    state - the state to set. One of the STATE constants.
    
    Since:
    
    4.0.10
  - shouldTryToAuthenticateOnlyOncePerSession
```
protected boolean shouldTryToAuthenticateOnlyOncePerSession(HttpServletRequest request,
                                                            HttpServletResponse response)
```
    Indicates if the user should be tried to be authenticated only once each session. The default implementation returns true. This affects when if authenticate(HttpServletRequest, HttpServletResponse) will ignore further authenticate attempts when an authentication has already been tried for the current session.
    
    Returns:
    
    true if should try to authenticate the request only once per session, false otherwise.
    
    Since:
    
    4.0.10
  - doAuthentication
```
protected abstract String doAuthentication(HttpServletRequest request,
                                           HttpServletResponse response)
                                    throws PortalException,
                                           ContinueOnNextRequestException
```
    Perform the user authentication for the given request.
    This method is called by authenticate(HttpServletRequest, HttpServletResponse) when the current state is STATE_REQUESTED. So this method implements the 'continuation' of the authentication, after it already began.
    
    Parameters:
    
    request - the http request.
    
    response - the http response.
    
    Returns:
    
    the userId of the authenticated user, or null if the authentication failed.
    
    Throws:
    
    PortalException
    
    ContinueOnNextRequestException - if the authentication is not complete and will continue on next request. This is useful when more requests are necessary to complete the authentication.
    
    Since:
    
    4.0.10
  - requestAuthentication
```
protected abstract void requestAuthentication(HttpServletRequest request,
                                              HttpServletResponse response)
                                       throws PortalException
```
    Request authentication from the browser. The response must be set as necessary so the browser will respond with the necessary authentication information in its next request.
    This method is called by authenticate(HttpServletRequest, HttpServletResponse) when an authentication is necessary but it is not in the STATE_REQUESTED state. So this method implements the 'beginning' of the authentication.
    
    Parameters:
    
    request - the http request.
    
    response - the http response.
    
    Throws:
    
    PortalException
    
    Since:
    
    4.0.10
  - authenticate
```
public String authenticate(HttpServletRequest request,
                           HttpServletResponse response)
                    throws PortalException,
                           ContinueOnNextRequestException
```
    Tries to authenticate the request, calling doAuthentication(HttpServletRequest, HttpServletResponse) or requestAuthentication(HttpServletRequest, HttpServletResponse) according to the current state.
    If current state is STATE_REQUESTED, the doAuthentication method is called, and the state is changed according to the result of that method. Else if the current state is STATE_NONE or the shouldTryToAuthenticateOnlyOncePerSession(HttpServletRequest, HttpServletResponse) method returns false, the requestAuthentication method is called, the state is changed to STATE_REQUESTED and the ContinueOnNextRequestException exception is thrown. Else the authentication should not be tried and null is returned.
    
    Specified by:
    
    authenticate in interface IHttpAuthenticator
    
    Parameters:
    
    request - the http request.
    
    response - the http response.
    
    Returns:
    
    the authenticated user id, or null if the authentication failed.
    
    Throws:
    
    ContinueOnNextRequestException - if the authentication did not complete and requires to wait the next request to proceed. This method may set the response with some data, and throw this exception to await the next browser request after receiving the response set. This is useful for authentications that need more than one request to complete the authentication.
    
    PortalException
    
    Since:
    
    4.0.10
    
    See Also:
    
    lumis.portal.authentication.http

Class HttpHandshakeAuthenticator

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

ATTRIBUTE_STATE

STATE_NONE

STATE_REQUESTED

STATE_AUTHENTICATED

STATE_FAILED

Constructor Detail

HttpHandshakeAuthenticator

Method Detail

getAuthenticationState

setAuthenticationState

shouldTryToAuthenticateOnlyOncePerSession

doAuthentication

requestAuthentication

authenticate