Interface Authenticator

All Known Implementing Classes:
BasicAuthenticator, ClientCertAuthenticator, ConfigurableSpnegoAuthenticator, DigestAuthenticator, FormAuthenticator, JaspiAuthenticator, LoginAuthenticator, OpenIdAuthenticator, SslClientCertAuthenticator

public interface Authenticator
Authenticator Interface

An Authenticator is responsible for checking requests and sending response challenges in order to authenticate a request. Various types of Authentication are returned in order to signal the next step in authentication.

Version:
$Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
  • Method Details

    • setConfiguration

      void setConfiguration(Authenticator.AuthConfiguration configuration)
      Configure the Authenticator
      Parameters:
      configuration - the configuration
    • getAuthMethod

      String getAuthMethod()
      Returns:
      The name of the authentication method
    • prepareRequest

      void prepareRequest(javax.servlet.ServletRequest request)
      Called prior to validateRequest. The authenticator can manipulate the request to update it with information that can be inspected prior to validateRequest being called. The primary purpose of this method is to satisfy the Servlet Spec 3.1 section 13.6.3 on handling Form authentication where the http method of the original request causing authentication is not the same as the http method resulting from the redirect after authentication.
      Parameters:
      request - the request to manipulate
    • validateRequest

      Authentication validateRequest(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, boolean mandatory) throws ServerAuthException
      Validate a request
      Parameters:
      request - The request
      response - The response
      mandatory - True if authentication is mandatory.
      Returns:
      An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not mandatory, then a Authentication.Deferred may be returned.
      Throws:
      ServerAuthException - if unable to validate request
    • secureResponse

      boolean secureResponse(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException
      is response secure
      Parameters:
      request - the request
      response - the response
      mandatory - if security is mandator
      validatedUser - the user that was validated
      Returns:
      true if response is secure
      Throws:
      ServerAuthException - if unable to test response