abstract class WebServiceAuth
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
private static java.lang.String |
FWD_SESSION_ID_HEADER_NAME
The name of the header holding the FWD authentication token.
|
protected static java.util.logging.Logger |
LOG
Logger.
|
protected boolean |
loginApiAuth
When
true , the login service must be used to authenticate. |
protected SecurityManager |
sm
The cached
SecurityManager instance. |
protected int |
timeout
The timeout for the created context.
|
private java.lang.String |
type
The web service type (REST, SOAP, WEBHANDLER).
|
private WebServiceResource |
webServiceResource
The resource plugin used to perform the authorization.
|
Constructor and Description |
---|
WebServiceAuth(java.lang.String type,
boolean loginApiAuth,
int timeout)
Create a web service authentication and authorization with the specified details.
|
Modifier and Type | Method and Description |
---|---|
protected abstract boolean |
authenticate(javax.servlet.http.HttpServletRequest request)
Authenticate this request, but do not create the FWD context.
|
protected boolean |
authenticate(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Authenticate the web request.
|
protected java.lang.String |
authorize(java.lang.String target,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Authorize this web request.
|
protected java.lang.String |
getAuthorizationToken(javax.servlet.http.HttpServletRequest request)
Read the authorization token from the HTTP request's "FwdSessionId" header.
|
protected abstract java.lang.String |
login(javax.servlet.http.HttpServletRequest request)
Perform the actual login, which will create the FWD context associated with this web request.
|
protected boolean |
logout(java.lang.String token)
Perform the logout operation.
|
protected void |
setAuthorizationToken(java.lang.String token,
javax.servlet.http.HttpServletResponse response)
Set the authorization token to the HTTP response, in the "FwdSessionId" header.
|
protected static final java.util.logging.Logger LOG
private static final java.lang.String FWD_SESSION_ID_HEADER_NAME
protected final boolean loginApiAuth
true
, the login service must be used to authenticate. Otherwise, each service call must
have the authentication data in its request.protected final int timeout
protected final SecurityManager sm
SecurityManager
instance.private final java.lang.String type
private final WebServiceResource webServiceResource
public WebServiceAuth(java.lang.String type, boolean loginApiAuth, int timeout)
type
- The web service type (REST, SOAP, WEBHANDLER).loginApiAuth
- Flag indicating if there is an explicit login API to be used.timeout
- The context timeout.protected abstract java.lang.String login(javax.servlet.http.HttpServletRequest request)
request
- The HTTP request.null
if the authentication failed.protected abstract boolean authenticate(javax.servlet.http.HttpServletRequest request)
request
- The HTTP request.true
if the request contains valid credentials.protected boolean logout(java.lang.String token)
token
- The authentication tokentrue
if the context was destroyed.protected final boolean authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
loginApiAuth
is set, the authorization token will be read
from the "FwdSessionId" header, and will return true
if the context
exists for this token.
Otherwise, the request is authenticated.
request
- The HTTP request.response
- The HTTP response.true
if the request could be authenticated.protected final java.lang.String authorize(java.lang.String target, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
loginApiAuth
flag is not set, an login(javax.servlet.http.HttpServletRequest)
is first
tried to authenticate the request, after which the authorization will be checked for the created context.
If the request can't be authenticated, the response status code will be set to
HttpStatus.UNAUTHORIZED_401
.
If the context is not authorized, the response status code will be set to
HttpStatus.FORBIDDEN_403
.
target
- The target path.request
- The HTTP request.response
- The HTTP response.null
if the request can't be authenticated or
authorized.protected java.lang.String getAuthorizationToken(javax.servlet.http.HttpServletRequest request)
request
- The HTTP response.protected void setAuthorizationToken(java.lang.String token, javax.servlet.http.HttpServletResponse response)
token
- The authorization token.response
- The HTTP response.