@StableMinor(version="12.5", sinceVersion="4.0") public abstract class HttpHandshakeAuthenticator extends Object implements IHttpAuthenticator
IHttpAuthenticator
for making it easier
to implement authenticators that require multiple http requests to
complete the authentication.
Controls the current state, storing it in the http session. To use this class
the methods doAuthentication(HttpServletRequest, HttpServletResponse)
and requestAuthentication(HttpServletRequest, HttpServletResponse)
must be implemented.
lumis.portal.authentication.http
Modifier and Type | Field and Description |
---|---|
protected static String |
ATTRIBUTE_STATE
Constant containing the name of the attribute used to store the
state of the authentication in a session.
|
protected static byte |
STATE_AUTHENTICATED
Constant used to represent the state where the authentication has
been completed.
|
protected static byte |
STATE_FAILED
Constant used to represent the state where the authentication has
been tried but failed.
|
protected static byte |
STATE_NONE
Constant used to represent the state where the authentication has
not initiated.
|
protected static byte |
STATE_REQUESTED
Constant used to represent the state where the authentication has
been requested, but was not completed.
|
Constructor and Description |
---|
HttpHandshakeAuthenticator() |
Modifier and Type | Method and Description |
---|---|
String |
authenticate(HttpServletRequest request,
HttpServletResponse response)
Tries to authenticate the request, calling
doAuthentication(HttpServletRequest, HttpServletResponse)
or requestAuthentication(HttpServletRequest, HttpServletResponse)
according to the current state. |
protected abstract String |
doAuthentication(HttpServletRequest request,
HttpServletResponse response)
Perform the user authentication for the given request.
|
protected byte |
getAuthenticationState(HttpServletRequest request)
Returns the authentication state for the given request.
|
protected abstract void |
requestAuthentication(HttpServletRequest request,
HttpServletResponse response)
Request authentication from the browser.
|
protected void |
setAuthenticationState(HttpServletRequest request,
byte state)
Sets the authentication state for the given request.
|
protected boolean |
shouldTryToAuthenticateOnlyOncePerSession(HttpServletRequest request,
HttpServletResponse response)
Indicates if the user should be tried to be authenticated only once
each session.
|
protected static final String ATTRIBUTE_STATE
STATE_REQUESTED
,
STATE_AUTHENTICATED
,
Constant Field Valuesprotected static final byte STATE_NONE
protected static final byte STATE_REQUESTED
protected static final byte STATE_AUTHENTICATED
protected static final byte STATE_FAILED
protected byte getAuthenticationState(HttpServletRequest request)
request
- the http request.protected void setAuthenticationState(HttpServletRequest request, byte state)
request
- the http request.state
- the state to set. One of the STATE constants.protected boolean shouldTryToAuthenticateOnlyOncePerSession(HttpServletRequest request, HttpServletResponse response)
authenticate(HttpServletRequest, HttpServletResponse)
will
ignore further authenticate attempts when an authentication has already
been tried for the current session.protected abstract String doAuthentication(HttpServletRequest request, HttpServletResponse response) throws PortalException, ContinueOnNextRequestException
This method is called by authenticate(HttpServletRequest, HttpServletResponse)
when the current state is STATE_REQUESTED
. So this method
implements the 'continuation' of the authentication,
after it already began.
request
- the http request.response
- the http response.PortalException
ContinueOnNextRequestException
- if the authentication is not
complete and will continue on next request. This is useful when more
requests are necessary to complete the authentication.protected abstract void requestAuthentication(HttpServletRequest request, HttpServletResponse response) throws PortalException
This method is called by authenticate(HttpServletRequest, HttpServletResponse)
when an authentication is necessary but it is not in the
STATE_REQUESTED
state. So this method implements the 'beginning'
of the authentication.
request
- the http request.response
- the http response.PortalException
public String authenticate(HttpServletRequest request, HttpServletResponse response) throws PortalException, ContinueOnNextRequestException
doAuthentication(HttpServletRequest, HttpServletResponse)
or requestAuthentication(HttpServletRequest, HttpServletResponse)
according to the current state.
If current state is STATE_REQUESTED
, the
doAuthentication
method is called, and the state is changed
according to the result of that method.
Else if the current state is STATE_NONE
or the
shouldTryToAuthenticateOnlyOncePerSession(HttpServletRequest, HttpServletResponse)
method returns false, the requestAuthentication
method
is called, the state is changed to STATE_REQUESTED
and the
ContinueOnNextRequestException
exception is thrown. Else the
authentication should not be tried and null
is returned.
authenticate
in interface IHttpAuthenticator
request
- the http request.response
- the http response.null
if the authentication failed.ContinueOnNextRequestException
- if the authentication did not
complete and requires to wait the next request to proceed.
This method may set the response with some data, and throw this exception
to await the next browser request after receiving the response set.
This is useful for authentications that need more than one request
to complete the authentication.PortalException
lumis.portal.authentication.http
LumisXP 12.5.0.200928 - Copyright © 2006–2020 Lumis EIP Tecnologia da Informação LTDA. All Rights Reserved.