org.apache.wicket.authentication.strategy
Class DefaultAuthenticationStrategy

java.lang.Object
  org.apache.wicket.authentication.strategy.DefaultAuthenticationStrategy

All Implemented Interfaces:

IAuthenticationStrategy

public class DefaultAuthenticationStrategy
extends Object
implements IAuthenticationStrategy

Wicket's default implementation of an authentication strategy. It'll concatenate username and password, encrypt it and put it into one Cookie.

Author:

Juergen Donnerstag

Field Summary

protected String	cookieKey The cookie name to store the username and password
protected String	encryptionKey The key to use for encrypting/decrypting the cookie value
protected String	VALUE_SEPARATOR The separator used to concatenate the username and password

Constructor Summary

DefaultAuthenticationStrategy(String cookieKey)
Constructor

DefaultAuthenticationStrategy(String cookieKey, String encryptionKey)

Method Summary

protected String[]	decode(String value) This method will decode decrypted cookie value based on application needs
protected CookieUtils	getCookieUtils() Make sure you always return a valid CookieUtils
protected ICrypt	getCrypt()
String[]	load() If "rememberMe" is enabled, than load login name and password from the persistence storage (e.g.
void	remove() When the user logs out (session invalidation), than remove username and password from the persistence store
void	save(String username, String password) If "rememberMe" is enabled and login was successful, than store username and password in the persistence store (e.g.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

cookieKey

protected final String cookieKey

The cookie name to store the username and password

encryptionKey

protected final String encryptionKey

The key to use for encrypting/decrypting the cookie value

VALUE_SEPARATOR

protected final String VALUE_SEPARATOR

The separator used to concatenate the username and password

See Also:

Constant Field Values

Constructor Detail

DefaultAuthenticationStrategy

public DefaultAuthenticationStrategy(String cookieKey)

Constructor

Parameters:

cookieKey - The name of the cookie

DefaultAuthenticationStrategy

public DefaultAuthenticationStrategy(String cookieKey,
                                     String encryptionKey)

Method Detail

getCookieUtils

protected CookieUtils getCookieUtils()

Make sure you always return a valid CookieUtils

Returns:

CookieUtils

getCrypt

protected ICrypt getCrypt()

Returns:

The crypt engine to be used

load

public String[] load()

Description copied from interface: IAuthenticationStrategy

If "rememberMe" is enabled, than load login name and password from the persistence storage (e.g. Cookie) for automatic sign in. This is useful for applications which users typically have open the whole day but where the server invalidates the session after a timeout and you want to force the user to sign in again and again during the day.

Specified by:

load in interface IAuthenticationStrategy

Returns:

[0] = username, [1] = password, null if not found

decode

protected String[] decode(String value)

This method will decode decrypted cookie value based on application needs

Parameters:

value - decrypted cookie value

Returns:

decomposed values array, or null in case cookie value was empty.

save

public void save(String username,
                 String password)

Description copied from interface: IAuthenticationStrategy

If "rememberMe" is enabled and login was successful, than store username and password in the persistence store (e.g. Cookie).

Specified by:

save in interface IAuthenticationStrategy

remove

public void remove()

Description copied from interface: IAuthenticationStrategy

When the user logs out (session invalidation), than remove username and password from the persistence store

Specified by:

remove in interface IAuthenticationStrategy