Author: remy.maucherat(a)jboss.com
Date: 2009-11-12 20:25:12 -0500 (Thu, 12 Nov 2009)
New Revision: 1266
Modified:
trunk/java/org/apache/catalina/Authenticator.java
trunk/java/org/apache/catalina/connector/Request.java
Log:
- Auth needs to be pluggable, so plan to move it to AuthenticatorBase.
Modified: trunk/java/org/apache/catalina/Authenticator.java
===================================================================
--- trunk/java/org/apache/catalina/Authenticator.java 2009-11-11 18:26:08 UTC (rev 1265)
+++ trunk/java/org/apache/catalina/Authenticator.java 2009-11-13 01:25:12 UTC (rev 1266)
@@ -37,4 +37,10 @@
public interface Authenticator {
public boolean authenticate(Request request, HttpServletResponse response)
throws IOException, ServletException;
+ // TODO
+/* public boolean login(Request request, HttpServletResponse response,
+ String username, String password)
+ throws ServletException;
+ public boolean logout(Request request, HttpServletResponse response, Session
session)
+ throws ServletException;*/
}
Modified: trunk/java/org/apache/catalina/connector/Request.java
===================================================================
--- trunk/java/org/apache/catalina/connector/Request.java 2009-11-11 18:26:08 UTC (rev
1265)
+++ trunk/java/org/apache/catalina/connector/Request.java 2009-11-13 01:25:12 UTC (rev
1266)
@@ -3081,15 +3081,28 @@
}
public void login(String username, String password) throws ServletException {
+ if (userPrincipal != null) {
+ throw new
ServletException(sm.getString("coyoteRequest.authFailed"));
+ }
+ // TODO: for JBoss, should always call Authenticator.login instead so that
there's
+ // a callback
Realm realm = context.getRealm();
userPrincipal = realm.authenticate(username, password);
if (userPrincipal == null) {
throw new
ServletException(sm.getString("coyoteRequest.authFailed"));
}
authType = "LOGIN";
+ Session session = getSessionInternal(false);
+ if (session != null) {
+ session.setPrincipal(userPrincipal);
+ session.setAuthType(authType);
+ }
+ // Note: if SSO is needed, AuthenticatorBase.register is needed
}
public void logout() throws ServletException {
+ // TODO: for JBoss, should always call Authenticator.logout instead so that
there's
+ // a callback
Principal principal = userPrincipal;
userPrincipal = null;
authType = null;
Show replies by date