Class NonLoginAuthenticator

    • Constructor Detail

      • NonLoginAuthenticator

        public NonLoginAuthenticator()
    • Method Detail

      • doAuthenticate

        protected boolean doAuthenticate​(Request request,
                                         HttpServletResponse response)

        Authenticate the user making this request, based on the fact that no login-config has been defined for the container.

        This implementation means "login the user even though there is no self-contained way to establish a security Principal for that user".

        This method is called by the AuthenticatorBase super class to establish a Principal for the user BEFORE the container security constraints are examined, i.e. it is not yet known whether the user will eventually be permitted to access the requested resource. Therefore, it is necessary to always return true to indicate the user has not failed authentication.

        There are two cases:

        • without SingleSignon: a Session instance does not yet exist and there is no auth-method to authenticate the user, so leave Request's Principal as null. Note: AuthenticatorBase will later examine the security constraints to determine whether the resource is accessible by a user without a security Principal and Role (i.e. unauthenticated).
        • with SingleSignon: if the user has already authenticated via another container (using its own login configuration), then associate this Session with the SSOEntry so it inherits the already-established security Principal and associated Roles. Note: This particular session will become a full member of the SingleSignOnEntry Session collection and so will potentially keep the SSOE "alive", even if all the other properly authenticated Sessions expire first... until it expires too.
        Specified by:
        doAuthenticate in class AuthenticatorBase
        request - Request we are processing
        response - Response we are creating
        boolean to indicate whether the user is authenticated
        Throws: - if an input/output error occurs
      • getAuthMethod

        protected java.lang.String getAuthMethod()
        Description copied from class: AuthenticatorBase
        Return the authentication method, which is vendor-specific and not defined by HttpServletRequest.
        Specified by:
        getAuthMethod in class AuthenticatorBase
        the authentication method, which is vendor-specific and not defined by HttpServletRequest.