Interface WebProgrammaticLogin
-
- All Known Implementing Classes:
WebProgrammaticLoginImpl
@Contract public interface WebProgrammaticLogin
Web specific Programmatic Login An implementation of this will be injected into com.sun.appserv.security.api.ProgrammaticLogin
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description Boolean
login(String user, char[] password, String realm, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
Login and set up principal in request and session.Boolean
logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
Logout and remove principal in request and session.
-
-
-
Method Detail
-
login
Boolean login(String user, char[] password, String realm, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
Login and set up principal in request and session. This implements programmatic login for servlets.Due to a number of bugs in RI the security context is not shared between web container and ejb container. In order for an identity established by programmatic login to be known to both containers, it needs to be set not only in the security context but also in the current request and, if applicable, the session object. If a session does not exist this method does not create one.
See bugs 4646134, 4688449 and other referenced bugs for more background.
Note also that this login does not hook up into SSO.
- Parameters:
user
- User name to login.password
- User password.request
- HTTP request object provided by caller application. It should be an instance of HttpRequestFacade.response
- HTTP response object provided by called application. It should be an instance of HttpServletResponse. This is not used currently.realm
- the realm name to be authenticated to. If the realm is null, authentication takes place in default realm- Throws:
Exception
- on login failure.- See Also:
ProgrammaticLogin
-
logout
Boolean logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws Exception
Logout and remove principal in request and session.- Parameters:
request
- HTTP request object provided by caller application. It should be an instance of HttpRequestFacade.response
- HTTP response object provided by called application. It should be an instance of HttpServletResponse. This is not used currently.- Throws:
Exception
- any exception encountered during logout operation- See Also:
ProgrammaticLogin
-
-