public interface LoginHandler
Session is bound
to the HttpSession under the attribute with the name
Session.HTTP_SESSION_BINDING_ATTRIBUTE.
After a successful authentication has been completed the handler MUST either:
Subject to the attribute identified by SUBJECT_KEY if one was created
during the authentication process. The principals, public, and private credentials from this subject will be merged
with those in the Subject within the
Session.Principal for the user to the request attribute identified by PRINCIPAL_KEY
. Such a Principal MUST implement Serializable. This principal
will be added to the Subject within the
Session.PRINCIPAL_NAME_KEY. In this case the
AuthenticationEngine will create a Principal object of type
UsernamePrincipal and add that to the
Subject within the Session.AUTHENTICATION_METHOD_KEY. Failure to do so may lead to a situation where one authentication method is
started but a user switches to a weaker one in mid-process. Without the login handler explicitly setting the
method, the first method that is started is what will be reported to the relying party.AUTHENTICATION_ERROR_KEY.AuthenticationException, if an exception occurred during authentication to the request attribute
identified by AUTHENTICATION_EXCEPTION_KEY.AuthenticationEngine.returnToAuthenticationEngine(HttpServletRequest, HttpServletResponse). After which the
authentication handler must immediately return.
Handlers MUST NOT change or add any data to the user's HttpSession that
persists past the process of authenticating the user, that is no additional session data may be added and no existing
session data may be changed when the handler returns control to the authentication engine.| 修飾子とタイプ | フィールドと説明 |
|---|---|
static String |
AUTHENTICATION_ERROR_KEY
Request attribute to which an error message may be bound.
|
static String |
AUTHENTICATION_EXCEPTION_KEY
Request attribute to which an
AuthenticationException may be bound. |
static String |
AUTHENTICATION_INSTANT_KEY
Request attribute to which an authentication timestamp may be bound.
|
static String |
AUTHENTICATION_METHOD_KEY
Request attribute to which an authentication method URI may be bound.
|
static String |
PRINCIPAL_KEY
Request attribute to which user's principal should be bound.
|
static String |
PRINCIPAL_NAME_KEY
Request attribute to which user's principal name should be bound.
|
static String |
SUBJECT_KEY
Request attribute to which user's subject should be bound.
|
| 修飾子とタイプ | メソッドと説明 |
|---|---|
long |
getAuthenticationDuration()
Gets the length of time, in milliseconds, after which a user authenticated by this handler should be
re-authenticated.
|
List<String> |
getSupportedAuthenticationMethods()
Gets the list of authentication methods this handler supports.
|
void |
login(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Authenticate the user making the request.
|
boolean |
supportsForceAuthentication()
Returns if this handler supports the ability to force a user to (re-)authenticate.
|
boolean |
supportsPassive()
Gets whether this handler supports passive authentication.
|
static final String PRINCIPAL_KEY
static final String PRINCIPAL_NAME_KEY
static final String SUBJECT_KEY
static final String AUTHENTICATION_METHOD_KEY
static final String AUTHENTICATION_INSTANT_KEY
static final String AUTHENTICATION_ERROR_KEY
static final String AUTHENTICATION_EXCEPTION_KEY
AuthenticationException may be bound.List<String> getSupportedAuthenticationMethods()
long getAuthenticationDuration()
boolean supportsPassive()
boolean supportsForceAuthentication()
void login(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
httpRequest - user requesthttpResponse - response to userCopyright © 2012. All Rights Reserved.