| 
 | Oracle Fusion Middleware Oracle WebLogic Server API Reference 11g Release 1 (10.3.6) Part Number E13941-06 | ||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||
java.lang.Objectweblogic.servlet.security.ServletAuthentication
public final class ServletAuthentication
ServletAuthentication allows both form-based authentication and programmatic authentication in servlets. It performs the authentication call through the Realm and sets the user information into the session. The weak() methods are for password authentication and the strong() methods are for certificate-based authentication. The latter is available only via two-way SSL connections, based on the client certificate chain. In order to avoid a type of attack called "session fixation," you should change the user's session ID at login. To do this, call the generateNewSessionID method after you call the login method.
| Field Summary | |
|---|---|
| static int | AUTHENTICATEDReturns the value of a successful authentication. | 
| static int | FAILED_AUTHENTICATIONReturns the value of an unsuccessful authentication. | 
| static int | NEEDS_CREDENTIALSReturns the value of an unsuccessful authentication due to no credentials. | 
| Constructor Summary | |
|---|---|
| ServletAuthentication(String usernameField,
                      String passwordField)Constructs a ServletAuthentication object that looks for specific form fields inside the HttpRequest for the username and password. | |
| Method Summary | |
|---|---|
| static int | assertIdentity(HttpServletRequest request,
               HttpServletResponse response,
               String realmName)Strong authentication using the client-side certificate chain as the credential for authentication. | 
| static int | assertIdentity(HttpServletRequest request,
               HttpServletResponse response,
               String realmName,
               AppContext appContext)Strong authentication using the client-side certificate chain as the credential for authentication. | 
| static int | authenticate(CallbackHandler handler,
             HttpServletRequest request)Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION. | 
| static int | authObject(String username,
           Object credential,
           HttpServletRequest request)Deprecated. | 
| static int | authObject(String username,
           Object credential,
           HttpSession session,
           HttpServletRequest request)Deprecated. | 
| static void | done(HttpServletRequest request)"Logs out" the user in the session by removing the pertinent data from the sessions the user has logged into and also from the webserver, without losing other session data. | 
| static void | generateNewSessionID(HttpServletRequest request)Moves all current session information into a completely different session ID and re-associates this session with this new ID. | 
| static Cookie | getSessionCookie(HttpServletRequest request,
                 HttpServletResponse response)Allows you to get a handle on the session cookie itself. | 
| static String | getTargetURIForFormAuthentication(HttpSession session)Returns the target URI stored in the first step of Form based authentication. | 
| static String | getTargetURLForFormAuthentication(HttpSession session)Returns the target URL stored in the first step of Form based authentication. | 
| static boolean | invalidateAll(HttpServletRequest req)Invalidates all the sessions for the current user only (that is, the current cookie), and since the cookie is no longer required, kills the cookie too. | 
| static void | killCookie(HttpServletRequest req)Kills the current cookie. | 
| static int | login(CallbackHandler handler,
      HttpServletRequest request)Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION. | 
| static int | login(String username,
      String password,
      HttpServletRequest request,
      HttpServletResponse response)Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION after using the username and password to authenticate the user and setting that user information into the session. | 
| static boolean | logout(HttpServletRequest req)"Logs out" the user in the session by removing the pertinent data from the sessions the user has logged into and also from the webserver, without losing other session data. | 
| static boolean | logout(HttpSession session)"Logs out" the user in the session by removing the pertinent data from the sessions the user has logged into and also from the webserver, without losing other session data. | 
| static void | runAs(Subject subject,
      HttpServletRequest request)With a given subject, this method sets the current thread identity and current session identity. | 
| static int | strong(HttpServletRequest request,
       HttpServletResponse response)Strong authentication using the client-side certificate chain as the credential for authentication against the "weblogic" (default) realm. | 
| static int | strong(HttpServletRequest request,
       HttpServletResponse response,
       String realmName)Strong authentication using the client-side certificate chain as the credential for authentication. | 
|  int | weak(HttpServletRequest request,
     HttpServletResponse response)Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION after pulling the username and password from the request, authenticating the user and setting it into the session. | 
| static int | weak(String username,
     String password,
     HttpServletRequest request)Deprecated. since 9.0; use weak(String, String, HttpServletRequest, HttpServletResponse); | 
| static int | weak(String username,
     String password,
     HttpServletRequest request,
     HttpServletResponse response)Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION after using the username and password to authenticate the user and setting that user information into the session. | 
| static int | weak(String username,
     String password,
     HttpSession session)Deprecated. | 
| Methods inherited from class java.lang.Object | 
|---|
| clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait | 
| Field Detail | 
|---|
public static final int AUTHENTICATED
public static final int FAILED_AUTHENTICATION
public static final int NEEDS_CREDENTIALS
| Constructor Detail | 
|---|
public ServletAuthentication(String usernameField,
                             String passwordField)
| Method Detail | 
|---|
public static void done(HttpServletRequest request)
request - HttpServletRequest which contains the sessionpublic static boolean logout(HttpServletRequest req)
req - HttpServletRequestpublic static boolean logout(HttpSession session)
session - HttpSessionpublic static boolean invalidateAll(HttpServletRequest req)
req - HttpServletRequestpublic static void killCookie(HttpServletRequest req)
req - HttpServletRequest which contains the session
public static int strong(HttpServletRequest request,
                         HttpServletResponse response)
                  throws ServletException,
                         IOException
request - HttpServletRequestresponse - HttpServletResponse
javax.servlet.ServletException
IOException
ServletException
public static int strong(HttpServletRequest request,
                         HttpServletResponse response,
                         String realmName)
                  throws ServletException,
                         IOException
request - HttpServletRequestresponse - HttpServletResponserealmName - String name of the realm to authenticate against
javax.servlet.ServletException
IOException
ServletException
public static int assertIdentity(HttpServletRequest request,
                                 HttpServletResponse response,
                                 String realmName)
                          throws ServletException,
                                 IOException,
                                 LoginException
request - HttpServletRequestresponse - HttpServletResponserealmName - String name of the realm to authenticate against
javax.servlet.ServletException
IOException
ServletException
LoginException
public static int assertIdentity(HttpServletRequest request,
                                 HttpServletResponse response,
                                 String realmName,
                                 AppContext appContext)
                          throws ServletException,
                                 IOException,
                                 LoginException
request - HttpServletRequestresponse - HttpServletResponserealmName - String name of the realm to authenticate againstappContext - AppContext to use when asserting identity
javax.servlet.ServletException
IOException
ServletException
LoginException
public int weak(HttpServletRequest request,
                HttpServletResponse response)
         throws ServletException,
                IOException
This weak() method, unlike the others, is not static. It requires that the ServletAuthentication object be instantiated with the field names for the username and password inside the form.
request - HttpServletRequestresponse - HttpServletResponse
javax.servlet.ServletException
IOException
ServletException
public static int weak(String username,
                       String password,
                       HttpServletRequest request)
username - Stringpassword - Stringrequest - HttpServletRequest
public static int weak(String username,
                       String password,
                       HttpServletRequest request,
                       HttpServletResponse response)
username - Stringpassword - Stringrequest - HttpServletRequestresponse - HttpServletResponse
public static int login(String username,
                        String password,
                        HttpServletRequest request,
                        HttpServletResponse response)
                 throws LoginException
username - Stringpassword - Stringrequest - HttpServletRequestresponse - HttpServletResponse
LoginException
public static int weak(String username,
                       String password,
                       HttpSession session)
username - Stringpassword - Stringsession - HttpSession
public static int authObject(String username,
                             Object credential,
                             HttpServletRequest request)
username - Stringcredential - Stringrequest - HttpServletRequest
public static int authObject(String username,
                             Object credential,
                             HttpSession session,
                             HttpServletRequest request)
username - Stringcredential - Stringsession - HttpSession
public static int authenticate(CallbackHandler handler,
                               HttpServletRequest request)
handler - javax.security.auth.callback.CallbackHandlerrequest - HttpServletRequest
public static int login(CallbackHandler handler,
                        HttpServletRequest request)
                 throws LoginException
handler - javax.security.auth.callback.CallbackHandlerrequest - HttpServletRequest
LoginExceptionpublic static void generateNewSessionID(HttpServletRequest request)
request - HttpServletRequest
public static Cookie getSessionCookie(HttpServletRequest request,
                                      HttpServletResponse response)
response - HttpServletResponse
public static void runAs(Subject subject,
                         HttpServletRequest request)
subject - javax.security.auth.Subjectrequest - HttpServletRequestpublic static String getTargetURLForFormAuthentication(HttpSession session)
session - HttpSession
public static String getTargetURIForFormAuthentication(HttpSession session)
session - HttpSession
| 
 | Copyright 1996, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Fusion Middleware Oracle WebLogic Server API Reference 11g Release 1 (10.3.6) Part Number E13941-06 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||