Class NonLoginAuthenticator
java.lang.Object
org.apache.catalina.util.LifecycleBase
org.apache.catalina.util.LifecycleMBeanBase
org.apache.catalina.valves.ValveBase
org.apache.catalina.authenticator.AuthenticatorBase
org.apache.catalina.authenticator.NonLoginAuthenticator
- All Implemented Interfaces:
RegistrationListener,MBeanRegistration,Authenticator,Contained,JmxEnabled,Lifecycle,Valve
An Authenticator and Valve implementation that checks only security constraints not involving user
authentication.
- Author:
- Craig R. McClanahan
-
Nested Class Summary
Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase
AuthenticatorBase.AllowCorsPreflightNested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
Lifecycle.SingleUse -
Field Summary
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, ssoFields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, nextFields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected booleandoAuthenticate(Request request, HttpServletResponse response) Authenticate the user making this request, based on the fact that nologin-confighas been defined for the container.protected StringReturn the authentication method, which is vendor-specific and not defined by HttpServletRequest.Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isPreemptiveAuthPossible, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, startInternal, stopInternalMethods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toStringMethods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregisterMethods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
-
Constructor Details
-
NonLoginAuthenticator
public NonLoginAuthenticator()
-
-
Method Details
-
doAuthenticate
Authenticate the user making this request, based on the fact that no
login-confighas been defined for the container.This implementation means "login the user even though there is no self-contained way to establish a security Principal for that user".
This method is called by the AuthenticatorBase super class to establish a Principal for the user BEFORE the container security constraints are examined, i.e. it is not yet known whether the user will eventually be permitted to access the requested resource. Therefore, it is necessary to always return
trueto indicate the user has not failed authentication.There are two cases:
- without SingleSignon: a Session instance does not yet exist and there is no
auth-methodto authenticate the user, so leave Request's Principal as null. Note: AuthenticatorBase will later examine the security constraints to determine whether the resource is accessible by a user without a security Principal and Role (i.e. unauthenticated). - with SingleSignon: if the user has already authenticated via another container (using its own login configuration), then associate this Session with the SSOEntry so it inherits the already-established security Principal and associated Roles. Note: This particular session will become a full member of the SingleSignOnEntry Session collection and so will potentially keep the SSOE "alive", even if all the other properly authenticated Sessions expire first... until it expires too.
- Specified by:
doAuthenticatein classAuthenticatorBase- Parameters:
request- Request we are processingresponse- Response we are creating- Returns:
- boolean to indicate whether the user is authenticated
- Throws:
IOException- if an input/output error occurs
- without SingleSignon: a Session instance does not yet exist and there is no
-
getAuthMethod
Description copied from class:AuthenticatorBaseReturn the authentication method, which is vendor-specific and not defined by HttpServletRequest.- Specified by:
getAuthMethodin classAuthenticatorBase- Returns:
- the authentication method, which is vendor-specific and not defined by HttpServletRequest.
-