|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
ObjectAuthenticator
class Authenticator
Performs all authentication tasks for the servlet, including IP-based, LDAP, and external authentication.
Nested Class Summary | |
---|---|
private class |
Authenticator.AllAuthSpec
Allow or deny all access |
private class |
Authenticator.AuthSpec
Holds information on a particular authorization specification |
private class |
Authenticator.ExternalAuthSpec
Allow or deny based on an external login page |
private class |
Authenticator.IPAuthSpec
Allow or deny based on whether requestor's IP address is in the specified list. |
private class |
Authenticator.IpListCache
This class is used to cache IP maps so we don't have to load the same ones over and over. |
private class |
Authenticator.LdapAuthSpec
Allow or deny based on looking up an entry in an LDAP database. |
Field Summary | |
---|---|
private StringCache |
authCache
Caches authorized session IDs |
private DynaXMLConfig |
config
Configuration info |
private Authenticator.IpListCache |
ipListCache
Caches IP maps |
private StringCache |
loginCache
Caches nonce values for external log-ins |
private SecureRandom |
secureRandom
Used for generating random nonce values |
private DynaXML |
servlet
Servlet to get dependencies from |
Constructor Summary | |
---|---|
Authenticator(DynaXML servlet)
Construct an authorizer, initializing all the caches. |
Method Summary | |
---|---|
private boolean |
authExternal(Authenticator.ExternalAuthSpec spec,
HttpServletRequest req,
HttpServletResponse res)
Uses an external login web page to authorize user access. |
private void |
authLdap(Authenticator.LdapAuthSpec spec,
HttpServletRequest req,
HttpServletResponse res)
Uses an LDAP server to authorize user access with a username and password. |
private static String |
bytesToHex(byte[] bytes)
Converts an array of bytes to the hex representation of them, two digits per byte and no spaces. |
boolean |
checkAuth(String ipAddr,
Vector authSpecs,
HttpServletRequest req,
HttpServletResponse res)
Based on a list of authentication specifications, checks if the current session is allowed to access this document. |
void |
clearCaches()
Clears all the caches used by the authenticator. |
private boolean |
isEmpty(String s)
Utility method to check if a string is null or "" |
Authenticator.AuthSpec |
processAuthTag(EasyNode el)
Creates an AuthSpec from an 'auth' element produced by the docReqParser stylesheet. |
Methods inherited from class Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private SecureRandom secureRandom
private Authenticator.IpListCache ipListCache
private StringCache authCache
private StringCache loginCache
private DynaXML servlet
private DynaXMLConfig config
Constructor Detail |
---|
public Authenticator(DynaXML servlet)
servlet
- Servlet whose cache we will accessMethod Detail |
---|
private boolean isEmpty(String s)
public Authenticator.AuthSpec processAuthTag(EasyNode el) throws DynaXMLException
DynaXMLException
public void clearCaches()
private void authLdap(Authenticator.LdapAuthSpec spec, HttpServletRequest req, HttpServletResponse res) throws Exception
spec
- The authorization spec containing details (server to
connect to, what to look up, etc.)req
- The HTTP request (contains username and password)res
- The HTTP response (only used to re-request user auth)
NoPermissionException
- If permission isn't granted, or the browser must re-validate
the password.
Exception
- Communication or other miscellaneous problems.private boolean authExternal(Authenticator.ExternalAuthSpec spec, HttpServletRequest req, HttpServletResponse res) throws Exception
spec
- The authorization spec containing URL to contact.req
- The HTTP request (contains nonce when we get the return
from the authorization page).res
- The HTTP response
NoPermissionException
- If permission isn't granted.
Exception
- For miscellaneous problems.public boolean checkAuth(String ipAddr, Vector authSpecs, HttpServletRequest req, HttpServletResponse res) throws Exception
ipAddr
- Real IP address of the requestorauthSpecs
- List of authentication specifications (allow/deny),
processed in order.req
- The HTTP request that was maderes
- The HTTP response being generated
NoPermissionException
- Authentication failed
Exception
- Miscellaneous problemsprivate static String bytesToHex(byte[] bytes)
bytes
- An array of bytes to convert
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |