Module org.apache.wicket.core
Package org.apache.wicket.authentication.strategy

Class DefaultAuthenticationStrategy

  • All Implemented Interfaces:
    IAuthenticationStrategy
    public class DefaultAuthenticationStrategy
extends Object
implements IAuthenticationStrategy
    Wicket's default implementation of an authentication strategy. It'll concatenate username and password, encrypt it and put it into one Cookie.
    Author:
    Juergen Donnerstag

    • Field Detail

      • cookieKey

        protected final String cookieKey
        The cookie name to store the username and password

      • encryptionKey

        protected final String encryptionKey
        The key to use for encrypting/decrypting the cookie value

      • VALUE_SEPARATOR

        protected final String VALUE_SEPARATOR
        The separator used to concatenate the username and password
        See Also:
        Constant Field Values

    • Constructor Detail

      • DefaultAuthenticationStrategy

        public DefaultAuthenticationStrategy​(String cookieKey)
        Constructor
        Parameters:
        cookieKey - The name of the cookie

      • DefaultAuthenticationStrategy

        public DefaultAuthenticationStrategy​(String cookieKey,
                                     String encryptionKey)

    • Method Detail

      • getCookieUtils

        protected CookieUtils getCookieUtils()
        Make sure you always return a valid CookieUtils
        Returns:
        CookieUtils

      • getCrypt

        protected org.apache.wicket.util.crypt.ICrypt getCrypt()
        Returns:
        The crypt engine to be used

      • load

        public String[] load()
        Description copied from interface: IAuthenticationStrategy
        If "rememberMe" is enabled, then load the saved credentials (e.g. username and password) from the persistence storage (e.g. Cookie) for automatic sign in. This is useful for applications which users typically have open the whole day but where the server invalidates the session after a timeout and you want to force the user to sign in again and again during the day.
        Specified by:
        load in interface IAuthenticationStrategy
        Returns:
        The saved credentials

      • decode

        protected String[] decode​(String value)
        This method will decode decrypted cookie value based on application needs
        Parameters:
        value - decrypted cookie value
        Returns:
        decomposed values array, or null in case cookie value was empty.

      • save

        public void save​(String credential,
                 String... extraCredentials)
        Description copied from interface: IAuthenticationStrategy
        If "rememberMe" is enabled and login was successful, then store the given credentials in the persistence store (e.g. Cookie).

        The implementation of this method should be symmetrical with the implementation of IAuthenticationStrategy.load().

        Specified by:
        save in interface IAuthenticationStrategy
        Parameters:
        credential - The credential to store. For example: a security token or username.
        extraCredentials - Optional extra credentials. For example: a password

      • encode

        protected String encode​(String credential,
                        String... extraCredentials)
        This method can be overridden to provide different encoding mechanism
        Parameters:
        credential -
        extraCredentials -
        Returns:
        String representation of the parameters given