org.opencms.security

Class CmsDefaultAuthorizationHandler

java.lang.Object

org.opencms.main.A_CmsAuthorizationHandler

org.opencms.security.CmsDefaultAuthorizationHandler

All Implemented Interfaces:

I_CmsAuthorizationHandler

Direct Known Subclasses:

CmsPersistentLoginAuthorizationHandler

public class CmsDefaultAuthorizationHandler
extends A_CmsAuthorizationHandler

Defines default authorization methods.

Since:

6.5.4

Nested Class Summary

Nested classes/interfaces inherited from interface org.opencms.security.I_CmsAuthorizationHandler

I_CmsAuthorizationHandler.I_PrivilegedLoginAction

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	AUTHORIZATION_BASIC_PREFIX Basic authorization prefix constant.
static java.lang.String	HEADER_AUTHORIZATION Authorization header constant.
static java.lang.String	SEPARATOR_CREDENTIALS Credentials separator constant.

Fields inherited from class org.opencms.main.A_CmsAuthorizationHandler

LOG, m_parameters

Constructor Summary

Constructors

Constructor and Description
CmsDefaultAuthorizationHandler()

Method Summary

Methods

Modifier and Type	Method and Description
protected CmsObject	checkBasicAuthorization(javax.servlet.http.HttpServletRequest req) Checks if the current request contains HTTP basic authentication information in the headers, if so the user is tried to log in with this data, and on success a session is generated.
java.lang.String	getLoginFormURL(java.lang.String loginFormURL, java.lang.String params, java.lang.String callbackURL) Returns the full URL used to call a login form with additional parameters and a callbackURL.
CmsObject	initCmsObject(javax.servlet.http.HttpServletRequest request) Creates a new cms object from the given request object.
CmsObject	initCmsObject(javax.servlet.http.HttpServletRequest request, I_CmsAuthorizationHandler.I_PrivilegedLoginAction loginAction) Creates a new cms object from the given request object.
CmsObject	initCmsObject(javax.servlet.http.HttpServletRequest request, java.lang.String userName, java.lang.String pwd) Authenticates the current request with additional user information.
void	requestAuthorization(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, java.lang.String loginFormURL) This method sends a request to the client to display a login form, it is needed for HTTP-Authentication.

Methods inherited from class org.opencms.main.A_CmsAuthorizationHandler

initCmsObjectFromSession, registerSession, setParameters

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

AUTHORIZATION_BASIC_PREFIX

public static final java.lang.String AUTHORIZATION_BASIC_PREFIX

Basic authorization prefix constant.

See Also:

Constant Field Values

HEADER_AUTHORIZATION

public static final java.lang.String HEADER_AUTHORIZATION

Authorization header constant.

See Also:

Constant Field Values

SEPARATOR_CREDENTIALS

public static final java.lang.String SEPARATOR_CREDENTIALS

Credentials separator constant.

See Also:

Constant Field Values

Constructor Detail

CmsDefaultAuthorizationHandler

public CmsDefaultAuthorizationHandler()

Method Detail

getLoginFormURL

public java.lang.String getLoginFormURL(java.lang.String loginFormURL,
                               java.lang.String params,
                               java.lang.String callbackURL)

Description copied from interface: I_CmsAuthorizationHandler

Returns the full URL used to call a login form with additional parameters and a callbackURL.

Parameters:

loginFormURL - the form URL specified in the cms (either as a property or system-wide)

params - additional parameters to provide to the login form

callbackURL - the call-back URL to redirect after a successful login

Returns:

the full URL used to call a login form

See Also:

I_CmsAuthorizationHandler.getLoginFormURL(java.lang.String, java.lang.String, java.lang.String)

initCmsObject

public CmsObject initCmsObject(javax.servlet.http.HttpServletRequest request)

Description copied from interface: I_CmsAuthorizationHandler

Creates a new cms object from the given request object.

This method is called by OpenCms every time a resource is requested and the session can not automatically be authenticated.

Parameters:

request - the HTTP request to authenticate

Returns:

the cms context object associated to the current session

See Also:

I_CmsAuthorizationHandler.initCmsObject(HttpServletRequest)

initCmsObject

public CmsObject initCmsObject(javax.servlet.http.HttpServletRequest request,
                      I_CmsAuthorizationHandler.I_PrivilegedLoginAction loginAction)

Description copied from interface: I_CmsAuthorizationHandler

Creates a new cms object from the given request object.

This method is called by OpenCms every time a resource is requested and the session can not automatically be authenticated.

Parameters:

request - the HTTP request to authenticate

loginAction - the privileged login action

Returns:

the cms context object associated to the current session

See Also:

I_CmsAuthorizationHandler.initCmsObject(javax.servlet.http.HttpServletRequest, org.opencms.security.I_CmsAuthorizationHandler.I_PrivilegedLoginAction)

initCmsObject

public CmsObject initCmsObject(javax.servlet.http.HttpServletRequest request,
                      java.lang.String userName,
                      java.lang.String pwd)
                        throws CmsException

Description copied from interface: I_CmsAuthorizationHandler

Authenticates the current request with additional user information.

You have to call this method by your own.

Parameters:

request - the HTTP request to authenticate

userName - the user name to authenticate

pwd - the user password to authenticate with

Returns:

the cms context object associated to the given user

Throws:

CmsException - if something goes wrong

See Also:

I_CmsAuthorizationHandler.initCmsObject(HttpServletRequest, String, String)

requestAuthorization

public void requestAuthorization(javax.servlet.http.HttpServletRequest req,
                        javax.servlet.http.HttpServletResponse res,
                        java.lang.String loginFormURL)
                          throws java.io.IOException

This method sends a request to the client to display a login form, it is needed for HTTP-Authentication.

Parameters:

req - the client request

res - the response

loginFormURL - the full URL used for form based authentication

Throws:

java.io.IOException - if something goes wrong

checkBasicAuthorization

protected CmsObject checkBasicAuthorization(javax.servlet.http.HttpServletRequest req)

Checks if the current request contains HTTP basic authentication information in the headers, if so the user is tried to log in with this data, and on success a session is generated.

Parameters:

req - the current HTTP request

Returns:

the authenticated cms object, or null if failed