Package org.apache.catalina.authenticator

Class FormAuthenticator

    • Field Detail

      • characterEncoding

        protected java.lang.String characterEncoding
        Character encoding to use to read the username and password parameters from the request. If not set, the encoding of the request body will be used.

      • landingPage

        protected java.lang.String landingPage
        Landing page to use if a user tries to access the login page directly or if the session times out during login. If not set, error responses will be sent instead.

    • Constructor Detail

      • FormAuthenticator

        public FormAuthenticator()

    • Method Detail

      • getCharacterEncoding

        public java.lang.String getCharacterEncoding()
        Return the character encoding to use to read the user name and password.
        Returns:
        The name of the character encoding

      • setCharacterEncoding

        public void setCharacterEncoding​(java.lang.String encoding)
        Set the character encoding to be used to read the user name and password.
        Parameters:
        encoding - The name of the encoding to use

      • getLandingPage

        public java.lang.String getLandingPage()
        Return the landing page to use when FORM auth is mis-used.
        Returns:
        The path to the landing page relative to the web application root

      • setLandingPage

        public void setLandingPage​(java.lang.String landingPage)
        Set the landing page to use when the FORM auth is mis-used.
        Parameters:
        landingPage - The path to the landing page relative to the web application root

      • doAuthenticate

        protected boolean doAuthenticate​(Request request,
                                 HttpServletResponse response)
                          throws java.io.IOException
        Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.
        Specified by:
        doAuthenticate in class AuthenticatorBase
        Parameters:
        request - Request we are processing
        response - Response we are creating
        Returns:
        true if the the user was authenticated, otherwise false, in which case an authentication challenge will have been written to the response
        Throws:
        java.io.IOException - if an input/output error occurs

      • register

        protected void register​(Request request,
                        HttpServletResponse response,
                        java.security.Principal principal,
                        java.lang.String authType,
                        java.lang.String username,
                        java.lang.String password,
                        boolean alwaysUseSession,
                        boolean cache)
        Description copied from class: AuthenticatorBase
        Register an authenticated Principal and authentication type in our request, in the current session (if there is one), and with our SingleSignOn valve, if there is one. Set the appropriate cookie to be returned.
        Overrides:
        register in class AuthenticatorBase
        Parameters:
        request - The servlet request we are processing
        response - The servlet response we are generating
        principal - The authenticated Principal to be registered
        authType - The authentication type to be registered
        username - Username used to authenticate (if any)
        password - Password used to authenticate (if any)
        alwaysUseSession - Should a session always be used once a user is authenticated?
        cache - Should we cache authenticated Principals if the request is part of an HTTP session?

      • forwardToLoginPage

        protected void forwardToLoginPage​(Request request,
                                  HttpServletResponse response,
                                  LoginConfig config)
                           throws java.io.IOException
        Called to forward to the login page
        Parameters:
        request - Request we are processing
        response - Response we are populating
        config - Login configuration describing how authentication should be performed
        Throws:
        java.io.IOException - If the forward to the login page fails and the call to HttpServletResponse.sendError(int, String) throws an IOException

      • forwardToErrorPage

        protected void forwardToErrorPage​(Request request,
                                  HttpServletResponse response,
                                  LoginConfig config)
                           throws java.io.IOException
        Called to forward to the error page
        Parameters:
        request - Request we are processing
        response - Response we are populating
        config - Login configuration describing how authentication should be performed
        Throws:
        java.io.IOException - If the forward to the error page fails and the call to HttpServletResponse.sendError(int, String) throws an IOException

      • matchRequest

        protected boolean matchRequest​(Request request)
        Does this request match the saved one (so that it must be the redirect we signaled after successful authentication?
        Parameters:
        request - The request to be verified
        Returns:
        true if the requests matched the saved one

      • restoreRequest

        protected boolean restoreRequest​(Request request,
                                 Session session)
                          throws java.io.IOException
        Restore the original request from information stored in our session. If the original request is no longer present (because the session timed out), return false; otherwise, return true.
        Parameters:
        request - The request to be restored
        session - The session containing the saved information
        Returns:
        true if the request was successfully restored
        Throws:
        java.io.IOException - if an IO error occurred during the process

      • saveRequest

        protected void saveRequest​(Request request,
                           Session session)
                    throws java.io.IOException
        Save the original request information into our session.
        Parameters:
        request - The request to be saved
        session - The session to contain the saved information
        Throws:
        java.io.IOException - if an IO error occurred during the process

      • savedRequestURL

        protected java.lang.String savedRequestURL​(Session session)
        Return the request URI (with the corresponding query string, if any) from the saved request so that we can redirect to it.
        Parameters:
        session - Our current session
        Returns:
        the original request URL