Package lumis.portal.authentication.http

Class HttpHandshakeAuthenticator

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected static java.lang.String ATTRIBUTE_STATE
      Constant containing the name of the attribute used to store the state of the authentication in a session.
      protected static byte STATE_AUTHENTICATED
      Constant used to represent the state where the authentication has been completed.
      protected static byte STATE_FAILED
      Constant used to represent the state where the authentication has been tried but failed.
      protected static byte STATE_NONE
      Constant used to represent the state where the authentication has not initiated.
      protected static byte STATE_REQUESTED
      Constant used to represent the state where the authentication has been requested, but was not completed.

    • Method Summary

      All Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String authenticate​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Tries to authenticate the request, calling doAuthentication(HttpServletRequest, HttpServletResponse) or requestAuthentication(HttpServletRequest, HttpServletResponse) according to the current state.
      protected abstract java.lang.String doAuthentication​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Perform the user authentication for the given request.
      protected byte getAuthenticationState​(javax.servlet.http.HttpServletRequest request)
      Returns the authentication state for the given request.
      protected abstract void requestAuthentication​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Request authentication from the browser.
      protected void setAuthenticationState​(javax.servlet.http.HttpServletRequest request, byte state)
      Sets the authentication state for the given request.
      protected boolean shouldTryToAuthenticateOnlyOncePerSession​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Indicates if the user should be tried to be authenticated only once each session.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • ATTRIBUTE_STATE

        protected static final java.lang.String ATTRIBUTE_STATE
        Constant containing the name of the attribute used to store the state of the authentication in a session. The value for this attribute must be one of the STATE constants.
        Since:
        4.0.10
        See Also:
        STATE_REQUESTED, STATE_AUTHENTICATED, Constant Field Values

      • STATE_NONE

        protected static final byte STATE_NONE
        Constant used to represent the state where the authentication has not initiated.
        Since:
        4.0.10

      • STATE_REQUESTED

        protected static final byte STATE_REQUESTED
        Constant used to represent the state where the authentication has been requested, but was not completed.
        Since:
        4.0.10

      • STATE_AUTHENTICATED

        protected static final byte STATE_AUTHENTICATED
        Constant used to represent the state where the authentication has been completed.
        Since:
        4.0.10

      • STATE_FAILED

        protected static final byte STATE_FAILED
        Constant used to represent the state where the authentication has been tried but failed.
        Since:
        4.0.10

    • Constructor Detail

      • HttpHandshakeAuthenticator

        public HttpHandshakeAuthenticator()

    • Method Detail

      • getAuthenticationState

        protected byte getAuthenticationState​(javax.servlet.http.HttpServletRequest request)
        Returns the authentication state for the given request.
        Parameters:
        request - the http request.
        Returns:
        the state. One of the STATE constants.
        Since:
        4.0.10

      • setAuthenticationState

        protected void setAuthenticationState​(javax.servlet.http.HttpServletRequest request,
                                      byte state)
        Sets the authentication state for the given request.
        Parameters:
        request - the http request.
        state - the state to set. One of the STATE constants.
        Since:
        4.0.10

      • shouldTryToAuthenticateOnlyOncePerSession

        protected boolean shouldTryToAuthenticateOnlyOncePerSession​(javax.servlet.http.HttpServletRequest request,
                                                            javax.servlet.http.HttpServletResponse response)
        Indicates if the user should be tried to be authenticated only once each session. The default implementation returns true. This affects when if authenticate(HttpServletRequest, HttpServletResponse) will ignore further authenticate attempts when an authentication has already been tried for the current session.
        Returns:
        true if should try to authenticate the request only once per session, false otherwise.
        Since:
        4.0.10

      • doAuthentication

        protected abstract java.lang.String doAuthentication​(javax.servlet.http.HttpServletRequest request,
                                                     javax.servlet.http.HttpServletResponse response)
                                              throws PortalException,
                                                     ContinueOnNextRequestException
        Perform the user authentication for the given request.

        This method is called by authenticate(HttpServletRequest, HttpServletResponse) when the current state is STATE_REQUESTED. So this method implements the 'continuation' of the authentication, after it already began.

        Parameters:
        request - the http request.
        response - the http response.
        Returns:
        the userId of the authenticated user, or null if the authentication failed.
        Throws:
        PortalException
        ContinueOnNextRequestException - if the authentication is not complete and will continue on next request. This is useful when more requests are necessary to complete the authentication.
        Since:
        4.0.10

      • requestAuthentication

        protected abstract void requestAuthentication​(javax.servlet.http.HttpServletRequest request,
                                              javax.servlet.http.HttpServletResponse response)
                                       throws PortalException
        Request authentication from the browser. The response must be set as necessary so the browser will respond with the necessary authentication information in its next request.

        This method is called by authenticate(HttpServletRequest, HttpServletResponse) when an authentication is necessary but it is not in the STATE_REQUESTED state. So this method implements the 'beginning' of the authentication.

        Parameters:
        request - the http request.
        response - the http response.
        Throws:
        PortalException
        Since:
        4.0.10