Package com.sun.web.security
Class WebProgrammaticLoginImpl
- java.lang.Object
-
- com.sun.web.security.WebProgrammaticLoginImpl
-
- All Implemented Interfaces:
WebProgrammaticLogin
@Service public class WebProgrammaticLoginImpl extends Object implements WebProgrammaticLogin
Internal implementation for servlet programmatic login.- See Also:
ProgrammaticLogin
-
-
Field Summary
Fields Modifier and Type Field Description static String
WEBAUTH_PROGRAMMATIC
-
Constructor Summary
Constructors Constructor Description WebProgrammaticLoginImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Boolean
login(String user, char[] password, String realm, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
Login and set up principal in request and session.Boolean
logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
Logout and remove principal in request and session.
-
-
-
Field Detail
-
WEBAUTH_PROGRAMMATIC
public static final String WEBAUTH_PROGRAMMATIC
- See Also:
- Constant Field Values
-
-
Method Detail
-
login
public Boolean login(String user, char[] password, String realm, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
Login and set up principal in request and session. This implements programmatic login for servlets.Due to a number of bugs in RI the security context is not shared between web container and ejb container. In order for an identity established by programmatic login to be known to both containers, it needs to be set not only in the security context but also in the current request and, if applicable, the session object. If a session does not exist this method does not create one.
See bugs 4646134, 4688449 and other referenced bugs for more background.
Note also that this login does not hook up into SSO.
- Specified by:
login
in interfaceWebProgrammaticLogin
- Parameters:
user
- User name to login.password
- User password.request
- HTTP request object provided by caller application. It should be an instance of HttpRequestFacade.response
- HTTP response object provided by called application. It should be an instance of HttpServletResponse. This is not used currently.realm
- the realm name to be authenticated to. If the realm is null, authentication takes place in default realm- Throws:
Exception
- on login failure.- See Also:
ProgrammaticLogin
-
logout
public Boolean logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws Exception
Logout and remove principal in request and session.- Specified by:
logout
in interfaceWebProgrammaticLogin
- Parameters:
request
- HTTP request object provided by caller application. It should be an instance of HttpRequestFacade.response
- HTTP response object provided by called application. It should be an instance of HttpServletResponse. This is not used currently.- Throws:
Exception
- any exception encountered during logout operation- See Also:
ProgrammaticLogin
-
-