org.apache.catalina.authenticator
Class NonLoginAuthenticator

java.lang.Object
  org.apache.catalina.util.LifecycleBase
      org.apache.catalina.util.LifecycleMBeanBase
          org.apache.catalina.valves.ValveBase
              org.apache.catalina.authenticator.AuthenticatorBase
                  org.apache.catalina.authenticator.NonLoginAuthenticator

All Implemented Interfaces:

MBeanRegistration, Authenticator, Contained, Lifecycle, Valve

public final class NonLoginAuthenticator
extends AuthenticatorBase

An Authenticator and Valve implementation that checks only security constraints not involving user authentication.

Version:

$Id: NonLoginAuthenticator.java 1297906 2012-03-07 09:22:09Z kfujino $

Author:

Craig R. McClanahan

Field Summary

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sessionIdGenerator, sm, sso

Fields inherited from class org.apache.catalina.valves.ValveBase

asyncSupported, container, containerLog, next

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

mserver

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

NonLoginAuthenticator()

Method Summary

boolean	authenticate(Request request, HttpServletResponse response, LoginConfig config) Authenticate the user making this request, based on the fact that no login-config has been defined for the container.
protected String	getAuthMethod() Return the authentication method, which is vendor-specific and not defined by HttpServletRequest.
String	getInfo() Return descriptive information about this Valve implementation.

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

associate, authenticate, doLogin, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, login, logout, reauthenticateFromSSO, register, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, startInternal, stopInternal

Methods inherited from class org.apache.catalina.valves.ValveBase

backgroundProcess, event, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase

addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

NonLoginAuthenticator

public NonLoginAuthenticator()

Method Detail

getInfo

public String getInfo()

Return descriptive information about this Valve implementation.

Specified by:

getInfo in interface Valve

Overrides:

getInfo in class AuthenticatorBase

authenticate

public boolean authenticate(Request request,
                            HttpServletResponse response,
                            LoginConfig config)
                     throws IOException

Authenticate the user making this request, based on the fact that no login-config has been defined for the container.

This implementation means "login the user even though there is no self-contained way to establish a security Principal for that user".

This method is called by the AuthenticatorBase super class to establish a Principal for the user BEFORE the container security constraints are examined, i.e. it is not yet known whether the user will eventually be permitted to access the requested resource. Therefore, it is necessary to always return true to indicate the user has not failed authentication.

There are two cases:

• without SingleSignon: a Session instance does not yet exist and there is no auth-method to authenticate the user, so leave Request's Principal as null. Note: AuthenticatorBase will later examine the security constraints to determine whether the resource is accessible by a user without a security Principal and Role (i.e. unauthenticated).
• with SingleSignon: if the user has already authenticated via another container (using its own login configuration), then associate this Session with the SSOEntry so it inherits the already-established security Principal and associated Roles. Note: This particular session will become a full member of the SingleSignOnEntry Session collection and so will potentially keep the SSOE "alive", even if all the other properly authenticated Sessions expire first... until it expires too.

Specified by:

authenticate in interface Authenticator

Specified by:

authenticate in class AuthenticatorBase

Parameters:

request - Request we are processing

response - Response we are creating

config - Login configuration describing how authentication should be performed

Returns:

boolean to indicate whether the user is authenticated

Throws:

IOException - if an input/output error occurs

getAuthMethod

protected String getAuthMethod()

Return the authentication method, which is vendor-specific and not defined by HttpServletRequest.

Specified by:

getAuthMethod in class AuthenticatorBase