Authentication Class

com.bea.p13n.security
Authentication Class

public final class Authentication

    extends Object

Central place to handle authentication issues. Use this class to handle login, logout, and authentication of users. Can also do some basic tests on Subjects and Principals. In many cases, the methods in this class are thin wrappers over similar functionality available in other WebLogic classes. This class centralizes these functions and allows some convenience groupings for particular usages.


Hierarchy
Object
  Authentication

Field Summary

public static final AuthenticationExceptionTextFormatter
formatter
Text formatter for i18n.
 

Method Summary

public static Subject
authenticate(String username, String password)
Authenticate a user and return the authenticated Subject.
public static Subject
getAnonymousSubject()
Get a Subject representing an Anonymous user
public static Subject
getCurrentSubject()
Get the current logged in user.
public static Principal
getUserPrincipal(Subject subject)
Get the Principal representing the given Subject.
public static boolean
isAdministrator(Subject subject)
Test if the given Subject represents a server Administrator
public static boolean
isAnonymous(Subject subject)
Test if the given Subject represents an Anonymous user
public static boolean
isAnonymous(Principal principal)
Test if the given Principal represents the Anonymous user
public static void
login(String username, String password, HttpServletRequest request)
Log in the user to a webapp.
public static void
logout(HttpServletRequest request, boolean invalidateSessions)
Logout the user.
public static void
logout(HttpServletRequest request)
Same as logout( request, true )
public static Object
runAs(Subject subject, PrivilegedAction action)
Execute a PrivilegedAction as a particular user.
public static Object
runAs(Subject subject, PrivilegedExceptionAction action)
Execute a PrivilegedExceptionAction as a particular user.
 
Methods from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
   

Field Detail

formatter

public static final AuthenticationExceptionTextFormatter formatter
Text formatter for i18n.

 

Method Detail

authenticate(String, String) Method

public static Subject authenticate(String username, 
                                   String password)
throws LoginException
Authenticate a user and return the authenticated Subject.

Parameters

username
The username of the user to authenticate
password
The password for that user (as cleartext)

Returns

the Subject representing the authenticated user

Exceptions

LoginException
if the user is not valid

getAnonymousSubject() Method

public static Subject getAnonymousSubject()
Get a Subject representing an Anonymous user


getCurrentSubject() Method

public static Subject getCurrentSubject()
Get the current logged in user. You should use HttpServletRequest.getUserPrincipal or EJBContext.getCallerPrincipal where possible. But if you need a Subject or can not access the ServletRequest or EJBContext, you can use this method. To see if a user is logged in, test isAnonymous( getCurrentSubject ).


getUserPrincipal(Subject) Method

public static Principal getUserPrincipal(Subject subject)
Get the Principal representing the given Subject.


isAdministrator(Subject) Method

public static boolean isAdministrator(Subject subject)
Test if the given Subject represents a server Administrator


isAnonymous(Subject) Method

public static boolean isAnonymous(Subject subject)
Test if the given Subject represents an Anonymous user


isAnonymous(Principal) Method

public static boolean isAnonymous(Principal principal)
Test if the given Principal represents the Anonymous user


login(String, String, HttpServletRequest) Method

public static void login(String username, 
                         String password, 
                         HttpServletRequest request)
throws LoginException
Log in the user to a webapp. This authenticates the user and sets the authentication information in the user's Servlet Session so the server knows who they are when they come back on the next request. The user is pushed onto this thread so that further operations invoked by this thread are executed as this user. Note that this only does authentication and does not check authorization (that is, if the user is in a particular role or group). The Principal for the newly logged in user can be obtained by calling request.getUserPrincipal().

Parameters

username
The username of the user to login
password
The password for that user (as cleartext)
request
The HttpServletRequest containing the session to be logged in

Exceptions

LoginException
if the authentication failed

logout(HttpServletRequest, boolean) Method

public static void logout(HttpServletRequest request, 
                          boolean invalidateSessions)
Logout the user. This causes the user to be removed from Servlet Session (on all single-signon webapps) as well as from the thread. If the invalidateSession flag is true, then the user's sessions (on all single-signon webapps) are invalidated. Otherwise, only the authentication information is removed from the sessions but other session data is left intact. Note that if you want to logout and invalidate only this webapp's session (not other single-signon webapps), you can call logout(request,false), then call request.getSession().invalidate().

Parameters

request
the HttpServletRequest that contains the session to be logged out.
invalidateSessions
if true, the session is invalidated (on all single-signon webapps). Otherwise the session and its data are left intact (except for authentication information used internally by the server).

logout(HttpServletRequest) Method

public static void logout(HttpServletRequest request)
Same as logout( request, true )

Related Topics

Authentication.logout(HttpServletRequest, boolean)


runAs(Subject, PrivilegedAction) Method

public static Object runAs(Subject subject, 
                           PrivilegedAction action)
Execute a PrivilegedAction as a particular user. Subject.doAs() changes the Java 2 identity as described in Java 2 spec. This runAs method sets the WebLogic identity. The two identities are not related except that they both use a Subject to specify the user.


runAs(Subject, PrivilegedExceptionAction) Method

public static Object runAs(Subject subject, 
                           PrivilegedExceptionAction action)
throws PrivilegedActionException
Execute a PrivilegedExceptionAction as a particular user. Subject.doAs() changes the Java 2 identity as described in Java 2 spec. This runAs method sets the WebLogic identity. The two identities are not related except that they both use a Subject to specify the user.

Exceptions

PrivilegedActionException