org.apache.wiki.auth.login

Class CookieAuthenticationLoginModule

java.lang.Object

org.apache.wiki.auth.login.AbstractLoginModule

org.apache.wiki.auth.login.CookieAuthenticationLoginModule

All Implemented Interfaces:

javax.security.auth.spi.LoginModule

public class CookieAuthenticationLoginModule
extends AbstractLoginModule

Logs in a user based on a cookie stored in the user's computer. The cookie information is stored in the jspwiki.workDir, under the directory "logincookies". For security purposes it is a very, very good idea to prevent access to this directory by everyone except the web server process; otherwise people having read access to this directory may be able to spoof other users.

The cookie directory is scrubbed of old entries at regular intervals.

This module must be used with a CallbackHandler (such as WebContainerCallbackHandler) that supports the following Callback types:

1. HttpRequestCallback- supplies the cookie, which should contain an unique id for fetching the UID.
2. WikiEngineCallback - allows access to the Engine itself.

After authentication, a generic WikiPrincipal based on the username will be created and associated with the Subject.

Since:

2.5.62

See Also:

LoginModule.commit(), CookieAssertionLoginModule

Field Summary

Fields

Modifier and Type	Field and Description
protected static java.lang.String	COOKIE_DIR The directory name under which the cookies are stored.
static java.lang.String	PROP_LOGIN_EXPIRY_DAYS User property for setting how long the cookie is stored on the user's computer.

Fields inherited from class org.apache.wiki.auth.login.AbstractLoginModule

m_handler, m_options, m_principals, m_state, m_subject, NULL

Constructor Summary

Constructors

Constructor and Description
CookieAuthenticationLoginModule()

Method Summary

Modifier and Type	Method and Description
static void	clearLoginCookie(Engine engine, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Clears away the login cookie, and removes the uid-username mapping file as well.
boolean	login() Logs in the user by calling back to the registered CallbackHandler with a series of callbacks.
static void	setLoginCookie(Engine engine, javax.servlet.http.HttpServletResponse response, java.lang.String username) Sets a login cookie based on properties set by the user.

Methods inherited from class org.apache.wiki.auth.login.AbstractLoginModule

abort, commit, initialize, logout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

COOKIE_DIR

protected static final java.lang.String COOKIE_DIR

The directory name under which the cookies are stored. The value is "logincookies".

See Also:

Constant Field Values

PROP_LOGIN_EXPIRY_DAYS

public static final java.lang.String PROP_LOGIN_EXPIRY_DAYS

User property for setting how long the cookie is stored on the user's computer. The value is "jspwiki.cookieAuthentication.expiry". The default expiry time is 14 days.

See Also:

Constant Field Values

Constructor Detail

CookieAuthenticationLoginModule

public CookieAuthenticationLoginModule()

Method Detail

login

public boolean login()
              throws javax.security.auth.login.LoginException

Logs in the user by calling back to the registered CallbackHandler with a series of callbacks. If the login succeeds, this method returns true

Specified by:

login in interface javax.security.auth.spi.LoginModule

Specified by:

login in class AbstractLoginModule

Returns:

true if the commit succeeded, or false if this LoginModule should be ignored.

Throws:

javax.security.auth.login.LoginException - if the authentication fails

See Also:

LoginModule.login()

setLoginCookie

public static void setLoginCookie(Engine engine,
                                  javax.servlet.http.HttpServletResponse response,
                                  java.lang.String username)

Sets a login cookie based on properties set by the user. This method also creates the cookie uid-username mapping in the work directory.

Parameters:

engine - The Engine

response - The HttpServletResponse

username - The username for whom to create the cookie.

clearLoginCookie

public static void clearLoginCookie(Engine engine,
                                    javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response)

Clears away the login cookie, and removes the uid-username mapping file as well.

Parameters:

engine - Engine

request - Servlet request

response - Servlet response