org.activemath.webapp.base
Class AuthenticationManager

java.lang.Object
  org.activemath.webapp.base.AuthenticationManager

public class AuthenticationManager
extends Object

Login/Logout logic

Method Summary

String	checkAuthentication(HttpServletRequest request) Say if user can be authenticated by a login cookie.
boolean	checkAuthentication(String userId, String password) Say if user can be authenticated.
boolean	checkAuthenticationHashed(String userId, String password)
ExternalAuthenticationData	checkExternalAuthentication(HttpServletRequest request)
AccountManager	getAccountManager() Return the user account management object
static AuthenticationManager	getInstance()
AuthenticationManagerService	getService() Return the XML-RPC remote service object
boolean	isValidToken(String tokenId)
User	login(String userId, AppSession appSession, HttpServletRequest request, HttpServletResponse response) Login logic.
void	logout(AppSession appSession) Logout current user of an AppSession.
void	removeLoginCookie(HttpServletResponse response)
void	removeToken(AuthToken token) Remove a token from the valid token list.
void	setLoginCookie(String userId, HttpServletResponse response)
protected void	tryAutoLogin(HttpServletRequest request, AppSession appSession, String userIdParam, String passwordParam) Try to login implicitly.
void	unbindAppSession(HttpServletRequest request) Unbind an AppSession from the HttpSession.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getInstance

public static AuthenticationManager getInstance()

getAccountManager

public final AccountManager getAccountManager()

Return the user account management object

getService

public AuthenticationManagerService getService()

Return the XML-RPC remote service object

unbindAppSession

public void unbindAppSession(HttpServletRequest request)

Unbind an AppSession from the HttpSession. This will cause AppSession.valueUnbound() to be called by the servlet engine.

checkAuthentication

public boolean checkAuthentication(String userId,
                                   String password)

Say if user can be authenticated. Forwards call to @link AccountManager

checkAuthenticationHashed

public boolean checkAuthenticationHashed(String userId,
                                         String password)

checkAuthentication

public String checkAuthentication(HttpServletRequest request)

Say if user can be authenticated by a login cookie.

Returns:

userId or null.

checkExternalAuthentication

public ExternalAuthenticationData checkExternalAuthentication(HttpServletRequest request)
                                                       throws ExternalAuthenticationException

Throws:

ExternalAuthenticationException

tryAutoLogin

protected void tryAutoLogin(HttpServletRequest request,
                            AppSession appSession,
                            String userIdParam,
                            String passwordParam)
                     throws ExternalAuthenticationException,
                            Exception

Try to login implicitly. This can happen by

1. a permanent login cookie
2. external authentication from SSO host system
3. explicit userId/passwd from request parameters

Automatic features for SSO:

• an unknown user is automatically created
• user data is updated with data from SSO host.

Throws:

ExternalAuthenticationException

UserManagerException

AuthenticationManagerException

Exception

login

public User login(String userId,
                  AppSession appSession,
                  HttpServletRequest request,
                  HttpServletResponse response)
           throws AuthenticationManagerException

Login logic. Careful: User is assumed to be authenticated! Actions:

• get User object from UserManager
• handle visitor creation
• tie user to AppSession
• fire UserLoggedIn event
• subscribe AppSession to EventManager

Returns:

User object of the logged in user.

Throws:

AuthenticationManagerException

logout

public void logout(AppSession appSession)

Logout current user of an AppSession. Actions:

• logout User from UserManager
• handle visitor logic
• unsubscribe AppSession from EventManager
• fire UserLoggedOut event
• reset AppSession to AnonUser

setLoginCookie

public void setLoginCookie(String userId,
                           HttpServletResponse response)

removeLoginCookie

public void removeLoginCookie(HttpServletResponse response)

removeToken

public void removeToken(AuthToken token)

Remove a token from the valid token list.

isValidToken

public boolean isValidToken(String tokenId)