Overview  Package   Class  Tree  Deprecated  Index 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.opencms.security
Class CmsDefaultAuthorizationHandler

java.lang.Object
  extended by org.opencms.main.A_CmsAuthorizationHandler
      extended by org.opencms.security.CmsDefaultAuthorizationHandler
All Implemented Interfaces:
I_CmsAuthorizationHandler
public class CmsDefaultAuthorizationHandler
extends A_CmsAuthorizationHandler

Defines default authorization methods.

Since:
6.5.4

Nested Class Summary
 
Nested classes/interfaces inherited from interface org.opencms.security.I_CmsAuthorizationHandler
I_CmsAuthorizationHandler.I_PrivilegedLoginAction
 
Field Summary
static String AUTHORIZATION_BASIC_PREFIX
          Basic authorization prefix constant.
static String HEADER_AUTHORIZATION
          Authorization header constant.
static String SEPARATOR_CREDENTIALS
          Credentials separator constant.
 
Fields inherited from class org.opencms.main.A_CmsAuthorizationHandler
LOG, m_parameters
 
Constructor Summary
CmsDefaultAuthorizationHandler()
           
 
Method Summary
protected  CmsObject checkBasicAuthorization(javax.servlet.http.HttpServletRequest req)
          Checks if the current request contains HTTP basic authentication information in the headers, if so the user is tried to log in with this data, and on success a session is generated.
 String getLoginFormURL(String loginFormURL, String params, String callbackURL)
          Returns the full URL used to call a login form with additional parameters and a callbackURL.
 CmsObject initCmsObject(javax.servlet.http.HttpServletRequest request)
          Creates a new cms object from the given request object.
 CmsObject initCmsObject(javax.servlet.http.HttpServletRequest request, I_CmsAuthorizationHandler.I_PrivilegedLoginAction loginAction)
          Creates a new cms object from the given request object.
 CmsObject initCmsObject(javax.servlet.http.HttpServletRequest request, String userName, String pwd)
          Authenticates the current request with additional user information.
 void requestAuthorization(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, String loginFormURL)
          This method sends a request to the client to display a login form, it is needed for HTTP-Authentication.
 
Methods inherited from class org.opencms.main.A_CmsAuthorizationHandler
initCmsObjectFromSession, registerSession, setParameters
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

AUTHORIZATION_BASIC_PREFIX

public static final String AUTHORIZATION_BASIC_PREFIX
Basic authorization prefix constant.

See Also:
Constant Field Values

HEADER_AUTHORIZATION

public static final String HEADER_AUTHORIZATION
Authorization header constant.

See Also:
Constant Field Values

SEPARATOR_CREDENTIALS

public static final String SEPARATOR_CREDENTIALS
Credentials separator constant.

See Also:
Constant Field Values
Constructor Detail

CmsDefaultAuthorizationHandler

public CmsDefaultAuthorizationHandler()
Method Detail

getLoginFormURL

public String getLoginFormURL(String loginFormURL,
                              String params,
                              String callbackURL)
Description copied from interface: I_CmsAuthorizationHandler
Returns the full URL used to call a login form with additional parameters and a callbackURL.

Parameters:
loginFormURL - the form URL specified in the cms (either as a property or system-wide)
params - additional parameters to provide to the login form
callbackURL - the call-back URL to redirect after a successful login
Returns:
the full URL used to call a login form
See Also:
I_CmsAuthorizationHandler.getLoginFormURL(java.lang.String, java.lang.String, java.lang.String)

initCmsObject

public CmsObject initCmsObject(javax.servlet.http.HttpServletRequest request)
Description copied from interface: I_CmsAuthorizationHandler
Creates a new cms object from the given request object.

This method is called by OpenCms every time a resource is requested and the session can not automatically be authenticated.

Parameters:
request - the HTTP request to authenticate
Returns:
the cms context object associated to the current session
See Also:
I_CmsAuthorizationHandler.initCmsObject(HttpServletRequest)

initCmsObject

public CmsObject initCmsObject(javax.servlet.http.HttpServletRequest request,
                               I_CmsAuthorizationHandler.I_PrivilegedLoginAction loginAction)
Description copied from interface: I_CmsAuthorizationHandler
Creates a new cms object from the given request object.

This method is called by OpenCms every time a resource is requested and the session can not automatically be authenticated.

Parameters:
request - the HTTP request to authenticate
loginAction - the privileged login action
Returns:
the cms context object associated to the current session
See Also:
I_CmsAuthorizationHandler.initCmsObject(javax.servlet.http.HttpServletRequest, org.opencms.security.I_CmsAuthorizationHandler.I_PrivilegedLoginAction)

initCmsObject

public CmsObject initCmsObject(javax.servlet.http.HttpServletRequest request,
                               String userName,
                               String pwd)
                        throws CmsException
Description copied from interface: I_CmsAuthorizationHandler
Authenticates the current request with additional user information.

You have to call this method by your own.

Parameters:
request - the HTTP request to authenticate
userName - the user name to authenticate
pwd - the user password to authenticate with
Returns:
the cms context object associated to the given user
Throws:
CmsException - if something goes wrong
See Also:
I_CmsAuthorizationHandler.initCmsObject(HttpServletRequest, String, String)

requestAuthorization

public void requestAuthorization(javax.servlet.http.HttpServletRequest req,
                                 javax.servlet.http.HttpServletResponse res,
                                 String loginFormURL)
                          throws IOException
This method sends a request to the client to display a login form, it is needed for HTTP-Authentication.

Parameters:
req - the client request
res - the response
loginFormURL - the full URL used for form based authentication
Throws:
IOException - if something goes wrong

checkBasicAuthorization

protected CmsObject checkBasicAuthorization(javax.servlet.http.HttpServletRequest req)
Checks if the current request contains HTTP basic authentication information in the headers, if so the user is tried to log in with this data, and on success a session is generated.

Parameters:
req - the current HTTP request
Returns:
the authenticated cms object, or null if failed
Overview  Package   Class  Tree  Deprecated  Index 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD