Package org.wildfly.security.http.form

Class FormAuthenticationMechanism

java.lang.Object

org.wildfly.security.mechanism.http.UsernamePasswordAuthenticationMechanism

org.wildfly.security.http.form.FormAuthenticationMechanism

All Implemented Interfaces:

HttpServerAuthenticationMechanism

final class FormAuthenticationMechanism
extends UsernamePasswordAuthenticationMechanism

A generic FORM authentication mechanism which is usable in a number of different scenarios.

Author:

Darran Lofthouse

Field Summary

Fields

Modifier and Type	Field	Description
private static String	CACHED_IDENTITY_KEY
private String	contextPath
private static String	DEFAULT_POST_LOCATION
private boolean	disableSessionIdChange
private String	errorPage
private static String	LOCATION_KEY
private String	loginPage
private static String	PASSWORD
private String	postLocation
private static String	USERNAME

Fields inherited from class org.wildfly.security.mechanism.http.UsernamePasswordAuthenticationMechanism

callbackHandler

Constructor Summary

Constructors

Constructor	Description
FormAuthenticationMechanism(CallbackHandler callbackHandler, Map<String,?> properties)

Method Summary

Modifier and Type	Method	Description
private static boolean	appendPort(String scheme, int port)
private void	attemptAuthentication(HttpServerRequest request)
private boolean	attemptReAuthentication(HttpServerRequest request)
private boolean	authorize(String username, HttpServerRequest request, IdentityCache identityCache)
private IdentityCache	createIdentityCache(HttpServerRequest request)
private void	error(String message, HttpServerRequest request)
void	evaluateRequest(HttpServerRequest request)	Evaluate the current request and attempt to authenticate if appropriate.
private void	failAndRedirectToErrorPage(HttpServerRequest request, String username)
private void	fixCachedLocation(HttpScope scope, String originalSessionID, String newSessionID)
private String	getCompleteRedirectLocation(HttpServerRequest request, String location)
String	getMechanismName()	Get the name of this mechanism, where appropriate this should be the IANA registered name.
private HttpScope	getSessionScope(HttpServerRequest request, boolean createSession)
private boolean	isAuthenticationRequest(String path)
private void	sendLogin(HttpServerRequest request, HttpServerResponse response)
private void	sendPage(String page, HttpServerRequest request, HttpServerResponse response)
private void	sendRedirect(HttpServerResponse response, String location)

Methods inherited from class org.wildfly.security.mechanism.http.UsernamePasswordAuthenticationMechanism

authenticate, authorize, fail, succeed

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.wildfly.security.http.HttpServerAuthenticationMechanism

dispose, getNegotiatedProperty, getNegotiationProperty

Field Detail

USERNAME

private static final String USERNAME

See Also:

Constant Field Values

PASSWORD

private static final String PASSWORD

See Also:

Constant Field Values

LOCATION_KEY

private static final String LOCATION_KEY

CACHED_IDENTITY_KEY

private static final String CACHED_IDENTITY_KEY

DEFAULT_POST_LOCATION

private static final String DEFAULT_POST_LOCATION

See Also:

Constant Field Values

contextPath

private final String contextPath

loginPage

private final String loginPage

errorPage

private final String errorPage

postLocation

private final String postLocation

disableSessionIdChange

private final boolean disableSessionIdChange

Constructor Detail

FormAuthenticationMechanism

FormAuthenticationMechanism(CallbackHandler callbackHandler,
                            Map<String,?> properties)

Method Detail

getMechanismName

public String getMechanismName()

Description copied from interface: HttpServerAuthenticationMechanism

Get the name of this mechanism, where appropriate this should be the IANA registered name.

Returns:

the name of the mechanism.

evaluateRequest

public void evaluateRequest(HttpServerRequest request)
                     throws HttpAuthenticationException

Description copied from interface: HttpServerAuthenticationMechanism

Evaluate the current request and attempt to authenticate if appropriate. The mechanism should call the appropriate callback methods on the {link HttpServerResponse} to both indicate the outcome of the evaluation and to register any HttpServerMechanismsResponder as required.

Parameters:

request - representation of the HTTP request.

Throws:

HttpAuthenticationException - if there is an internal failure handling the authentication.

See Also:

HttpServerAuthenticationMechanism.evaluateRequest(org.wildfly.security.http.HttpServerRequest)

isAuthenticationRequest

private boolean isAuthenticationRequest(String path)

createIdentityCache

private IdentityCache createIdentityCache(HttpServerRequest request)

fixCachedLocation

private void fixCachedLocation(HttpScope scope,
                               String originalSessionID,
                               String newSessionID)

error

private void error(String message,
                   HttpServerRequest request)

attemptAuthentication

private void attemptAuthentication(HttpServerRequest request)
                            throws HttpAuthenticationException

Throws:

HttpAuthenticationException

authorize

private boolean authorize(String username,
                          HttpServerRequest request,
                          IdentityCache identityCache)
                   throws HttpAuthenticationException

Throws:

HttpAuthenticationException

attemptReAuthentication

private boolean attemptReAuthentication(HttpServerRequest request)
                                 throws HttpAuthenticationException

Throws:

HttpAuthenticationException

failAndRedirectToErrorPage

private void failAndRedirectToErrorPage(HttpServerRequest request,
                                        String username)
                                 throws IOException,
                                        UnsupportedCallbackException

Throws:

IOException

UnsupportedCallbackException

sendLogin

private void sendLogin(HttpServerRequest request,
                       HttpServerResponse response)
                throws HttpAuthenticationException

Throws:

HttpAuthenticationException

sendPage

private void sendPage(String page,
                      HttpServerRequest request,
                      HttpServerResponse response)
               throws HttpAuthenticationException

Throws:

HttpAuthenticationException

getCompleteRedirectLocation

private String getCompleteRedirectLocation(HttpServerRequest request,
                                           String location)

sendRedirect

private void sendRedirect(HttpServerResponse response,
                          String location)

getSessionScope

private HttpScope getSessionScope(HttpServerRequest request,
                                  boolean createSession)

appendPort

private static boolean appendPort(String scheme,
                                  int port)