Authentication Class
- public final class Authentication
extends Object
Central place to handle authentication issues.
Use this class to handle login, logout, and authentication of users.
Can also do some basic tests on Subjects and Principals.
In many cases, the methods in this class are thin wrappers over similar functionality
available in other WebLogic classes. This class centralizes these functions
and allows some convenience groupings for particular usages.
-
Hierarchy
-
Object
Authentication
public static final AuthenticationExceptionTextFormatter |
-
formatter
- Text formatter for i18n.
|
Methods from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
formatter
public static final AuthenticationExceptionTextFormatter
formatter
- Text formatter for i18n.
authenticate(String, String) Method
public static Subject
authenticate(String
username,
String
password)
throws LoginException
Authenticate a user and return the authenticated Subject.
Parameters
-
username
- The username of the user to authenticate
-
password
- The password for that user (as cleartext)
Returns
- the Subject representing the authenticated user
Exceptions
-
LoginException
- if the user is not valid
getAnonymousSubject() Method
public static Subject
getAnonymousSubject()
Get a Subject representing an Anonymous user
getCurrentSubject() Method
public static Subject
getCurrentSubject()
Get the current logged in user.
You should use HttpServletRequest.getUserPrincipal or
EJBContext.getCallerPrincipal where possible. But if you need a
Subject or can not access the ServletRequest or EJBContext, you
can use this method.
To see if a user is logged in, test isAnonymous( getCurrentSubject ).
getUserPrincipal(Subject) Method
public static Principal
getUserPrincipal(Subject
subject)
Get the Principal representing the given Subject.
isAdministrator(Subject) Method
public static boolean isAdministrator(Subject
subject)
Test if the given Subject represents a server Administrator
isAnonymous(Subject) Method
public static boolean isAnonymous(Subject
subject)
Test if the given Subject represents an Anonymous user
isAnonymous(Principal) Method
public static boolean isAnonymous(Principal
principal)
Test if the given Principal represents the Anonymous user
login(String, String, HttpServletRequest) Method
public static void login(String
username,
String
password,
HttpServletRequest
request)
throws LoginException
Log in the user to a webapp. This authenticates the user and
sets the authentication information in the user's Servlet Session
so the server knows who they are when they come back on the next request.
The user is pushed onto this thread so that further operations
invoked by this thread are executed as this user.
Note that this only does authentication and does not check authorization
(that is, if the user is in a particular role or group).
The Principal for the newly logged in user can be obtained
by calling request.getUserPrincipal().
Parameters
-
username
- The username of the user to login
-
password
- The password for that user (as cleartext)
-
request
- The HttpServletRequest containing the session to be logged in
Exceptions
-
LoginException
- if the authentication failed
logout(HttpServletRequest, boolean) Method
public static void logout(HttpServletRequest
request,
boolean invalidateSessions)
Logout the user. This causes the user to be removed from Servlet
Session (on all single-signon webapps) as well as from the thread.
If the invalidateSession flag is true, then the user's sessions
(on all single-signon webapps) are invalidated. Otherwise, only the
authentication information is removed from the sessions but other
session data is left intact.
Note that if you want to logout and invalidate only this webapp's session
(not other single-signon webapps), you can call logout(request,false),
then call request.getSession().invalidate().
Parameters
-
request
- the HttpServletRequest that contains the session to be logged out.
-
invalidateSessions
- if true, the session is invalidated (on all
single-signon webapps). Otherwise the session and its data
are left intact (except for authentication information used
internally by the server).
logout(HttpServletRequest) Method
public static void logout(HttpServletRequest
request)
Same as logout( request, true )
Related Topics
Authentication.logout(HttpServletRequest, boolean)
runAs(Subject, PrivilegedAction) Method
public static Object
runAs(Subject
subject,
PrivilegedAction
action)
Execute a PrivilegedAction as a particular user.
Subject.doAs() changes the Java 2 identity as described in Java 2 spec.
This runAs method sets the WebLogic identity.
The two identities are not related except that they both use a
Subject to specify the user.
runAs(Subject, PrivilegedExceptionAction) Method
public static Object
runAs(Subject
subject,
PrivilegedExceptionAction
action)
throws PrivilegedActionException
Execute a PrivilegedExceptionAction as a particular user.
Subject.doAs() changes the Java 2 identity as described in Java 2 spec.
This runAs method sets the WebLogic identity.
The two identities are not related except that they both use a
Subject to specify the user.
Exceptions
-
PrivilegedActionException