Class BasicWebConsoleSecurityProvider
- java.lang.Object
-
- org.apache.felix.webconsole.internal.servlet.BasicWebConsoleSecurityProvider
-
- All Implemented Interfaces:
WebConsoleSecurityProvider,WebConsoleSecurityProvider2
public class BasicWebConsoleSecurityProvider extends Object implements WebConsoleSecurityProvider2
Basic implementation of WebConsoleSecurityProvider to replace logic that was previously in OsgiManagerHttpContext
-
-
Field Summary
-
Fields inherited from interface org.apache.felix.webconsole.WebConsoleSecurityProvider2
USER_ATTRIBUTE
-
-
Constructor Summary
Constructors Constructor Description BasicWebConsoleSecurityProvider(org.osgi.framework.BundleContext bundleContext, String username, String password, String realm)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Objectauthenticate(String username, String password)Authenticates the user with the given user name and password.booleanauthenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Authenticates the given request or asks the client for credentials.booleanauthorize(Object user, String role)All users authenticated with the repository are granted access for all roles in the Web Console.
-
-
-
Method Detail
-
authenticate
public Object authenticate(String username, String password)
Description copied from interface:WebConsoleSecurityProviderAuthenticates the user with the given user name and password.- Specified by:
authenticatein interfaceWebConsoleSecurityProvider- Parameters:
username- The name of the user presented by the clientpassword- The password presented by the client- Returns:
- Some object representing the authenticated user indicating general
access to be granted to the web console. If the user cannot be
authenticated (e.g. unknown user name or wrong password) or the
user must not be allowed access to the web console at all
nullmust be returned from this method.
-
authorize
public boolean authorize(Object user, String role)
All users authenticated with the repository are granted access for all roles in the Web Console.- Specified by:
authorizein interfaceWebConsoleSecurityProvider- Parameters:
user- The object referring to the authenticated user. This is the object returned from theWebConsoleSecurityProvider.authenticate(String, String)method and will never benull.role- The requested role- Returns:
trueif the user is given permission for the given role.
-
authenticate
public boolean authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Description copied from interface:WebConsoleSecurityProvider2Authenticates the given request or asks the client for credentials.Implementations of this method are expected to respect and implement the semantics of the
HttpContext.handleSecuritymethod as specified in the OSGi HTTP Service specification.If this method returns
trueit is assumed the request provided valid credentials identifying the user as accepted to access the web console. In addition, theWebConsoleSecurityProvider2.USER_ATTRIBUTErequest attribute must be set to a non-nullobject reference identifying the authenticated user.If this method returns
falsethe request to the web console is terminated without any more response sent back to the client. That is the implementation is expected to have informed the client in case of non-granted access.- Specified by:
authenticatein interfaceWebConsoleSecurityProvider2- Parameters:
request- The request objectresponse- The response object- Returns:
trueIf the request provided valid credentials.
-
-