net.officefloor.plugin.web.http.security.scheme

Class FormHttpSecuritySource

java.lang.Object

net.officefloor.plugin.web.http.security.impl.AbstractHttpSecuritySource<HttpSecurity,HttpCredentials,FormHttpSecuritySource.Dependencies,FormHttpSecuritySource.Flows>

net.officefloor.plugin.web.http.security.scheme.FormHttpSecuritySource

All Implemented Interfaces:

HttpSecuritySource<HttpSecurity,HttpCredentials,FormHttpSecuritySource.Dependencies,FormHttpSecuritySource.Flows>

public class FormHttpSecuritySource
extends AbstractHttpSecuritySource<HttpSecurity,HttpCredentials,FormHttpSecuritySource.Dependencies,FormHttpSecuritySource.Flows>

Form based HttpSecuritySource.

Author:

Daniel Sagenschneider

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	FormHttpSecuritySource.Dependencies Dependency keys.
static class	FormHttpSecuritySource.Flows Flow keys.

Nested classes/interfaces inherited from class net.officefloor.plugin.web.http.security.impl.AbstractHttpSecuritySource

AbstractHttpSecuritySource.DependencyLabeller, AbstractHttpSecuritySource.Labeller, AbstractHttpSecuritySource.MetaDataContext<S,C,D extends Enum<D>,F extends Enum<F>>, AbstractHttpSecuritySource.SpecificationContext

Field Summary

Fields

Modifier and Type	Field and Description
static String	PROPERTY_REALM Name of property to retrieve the realm being secured.

Constructor Summary

Constructors

Constructor and Description
FormHttpSecuritySource()

Method Summary

Modifier and Type	Method and Description
void	authenticate(HttpAuthenticateContext<HttpSecurity,HttpCredentials,FormHttpSecuritySource.Dependencies> context) Undertakes authentication.
protected HttpSecurity	authenticate(String userId, String realm, byte[] password, CredentialStore store) Undertakes the authentication.
void	challenge(HttpChallengeContext<FormHttpSecuritySource.Dependencies,FormHttpSecuritySource.Flows> context) Triggers the authentication challenge to the client.
protected void	loadMetaData(AbstractHttpSecuritySource.MetaDataContext<HttpSecurity,HttpCredentials,FormHttpSecuritySource.Dependencies,FormHttpSecuritySource.Flows> context) Overridden to load meta-data.
protected void	loadSpecification(AbstractHttpSecuritySource.SpecificationContext context) Overridden to load specifications.
void	logout(HttpLogoutContext<FormHttpSecuritySource.Dependencies> context) Logs out.
boolean	ratify(HttpRatifyContext<HttpSecurity,HttpCredentials> context) Ratifies whether enough information is available to undertake authentication.

Methods inherited from class net.officefloor.plugin.web.http.security.impl.AbstractHttpSecuritySource

getMetaData, getSpecification, init

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PROPERTY_REALM

public static final String PROPERTY_REALM

Name of property to retrieve the realm being secured.

See Also:

Constant Field Values

Constructor Detail

FormHttpSecuritySource

public FormHttpSecuritySource()

Method Detail

authenticate

protected HttpSecurity authenticate(String userId,
                                    String realm,
                                    byte[] password,
                                    CredentialStore store)
                             throws IOException

Undertakes the authentication.

This is separated out so that may be overridden to provide differing means for authentication.

Parameters:

userId - Identifier for the user.

realm - Security realm.

password - Password.

store - CredentialStore.

Returns:

HttpSecurity or null if not authenticated.

Throws:

IOException - If fails communication with the CredentialStore.

loadSpecification

protected void loadSpecification(AbstractHttpSecuritySource.SpecificationContext context)

Description copied from class: AbstractHttpSecuritySource

Overridden to load specifications.

Specified by:

loadSpecification in class AbstractHttpSecuritySource<HttpSecurity,HttpCredentials,FormHttpSecuritySource.Dependencies,FormHttpSecuritySource.Flows>

Parameters:

context - Specifications.

loadMetaData

protected void loadMetaData(AbstractHttpSecuritySource.MetaDataContext<HttpSecurity,HttpCredentials,FormHttpSecuritySource.Dependencies,FormHttpSecuritySource.Flows> context)
                     throws Exception

Description copied from class: AbstractHttpSecuritySource

Overridden to load meta-data.

Specified by:

loadMetaData in class AbstractHttpSecuritySource<HttpSecurity,HttpCredentials,FormHttpSecuritySource.Dependencies,FormHttpSecuritySource.Flows>

Parameters:

context - Meta-data.

Throws:

Exception - If fails to load the meta-data.

ratify

public boolean ratify(HttpRatifyContext<HttpSecurity,HttpCredentials> context)

Description copied from interface: HttpSecuritySource

Ratifies whether enough information is available to undertake authentication.

As authentication will likely require communication with external services (LDAP store, database, etc), this method allows checking whether enough information is available to undertake the authentication. The purpose is to avoid the Job depending on HttpAuthentication and inherit the dependencies of authentication subsequently causing execution by the authentication Team - especially as the majority of HttpRequest servicing will have the HTTP security cached in the HttpSession and not require the authentication dependencies causing the swap in Team.

Parameters:

context - HttpRatifyContext.

Returns:

true should enough information be available to undertake authentication. false if not enough information is available for authentication.

authenticate

public void authenticate(HttpAuthenticateContext<HttpSecurity,HttpCredentials,FormHttpSecuritySource.Dependencies> context)
                  throws IOException

Description copied from interface: HttpSecuritySource

Undertakes authentication.

Parameters:

context - HttpAuthenticateContext.

Throws:

IOException - If failure in communicating to necessary security services.

challenge

public void challenge(HttpChallengeContext<FormHttpSecuritySource.Dependencies,FormHttpSecuritySource.Flows> context)
               throws IOException

Description copied from interface: HttpSecuritySource

Triggers the authentication challenge to the client.

Parameters:

context - HttpChallengeContext.

Throws:

IOException - If failure in communicating to necessary security services.

logout

public void logout(HttpLogoutContext<FormHttpSecuritySource.Dependencies> context)
            throws IOException

Description copied from interface: HttpSecuritySource

Logs out.

Parameters:

context - HttpLogoutContext.

Throws:

IOException - If failure in communicating to necessary security services.