Package com.sun.enterprise.security.web.integration

Interface WebProgrammaticLogin

  • All Known Implementing Classes:
    WebProgrammaticLoginImpl
    @Contract
public interface WebProgrammaticLogin
    Web specific Programmatic Login An implementation of this will be injected into com.sun.appserv.security.api.ProgrammaticLogin

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      Boolean login​(String user, char[] password, String realm, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Login and set up principal in request and session.
      Boolean logout​(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Logout and remove principal in request and session.

    • Method Detail

      • login

        Boolean login​(String user,
              char[] password,
              String realm,
              jakarta.servlet.http.HttpServletRequest request,
              jakarta.servlet.http.HttpServletResponse response)
        Login and set up principal in request and session. This implements programmatic login for servlets.

        Due to a number of bugs in RI the security context is not shared between web container and ejb container. In order for an identity established by programmatic login to be known to both containers, it needs to be set not only in the security context but also in the current request and, if applicable, the session object. If a session does not exist this method does not create one.

        See bugs 4646134, 4688449 and other referenced bugs for more background.

        Note also that this login does not hook up into SSO.

        Parameters:
        user - User name to login.
        password - User password.
        request - HTTP request object provided by caller application. It should be an instance of HttpRequestFacade.
        response - HTTP response object provided by called application. It should be an instance of HttpServletResponse. This is not used currently.
        realm - the realm name to be authenticated to. If the realm is null, authentication takes place in default realm
        Throws:
        Exception - on login failure.
        See Also:
        ProgrammaticLogin

      • logout

        Boolean logout​(jakarta.servlet.http.HttpServletRequest request,
               jakarta.servlet.http.HttpServletResponse response)
        throws Exception
        Logout and remove principal in request and session.
        Parameters:
        request - HTTP request object provided by caller application. It should be an instance of HttpRequestFacade.
        response - HTTP response object provided by called application. It should be an instance of HttpServletResponse. This is not used currently.
        Throws:
        Exception - any exception encountered during logout operation
        See Also:
        ProgrammaticLogin