info.magnolia.cms.security.auth.login

Class FormLogin

java.lang.Object

info.magnolia.cms.security.auth.login.LoginHandlerBase

info.magnolia.cms.security.auth.login.FormLogin

All Implemented Interfaces:

LoginHandler

public class FormLogin
extends LoginHandlerBase
implements LoginHandler

Uses the the "mgnlUserId" and "mgnlUserPSWD" parameters to login.

Field Summary

Fields

Modifier and Type	Field and Description
static Set<String>	AUTHENTICATION_ATTRIBUTES
static String	PARAMETER_PSWD
static String	PARAMETER_REALM
static String	PARAMETER_RETURN_TO
static String	PARAMETER_USER_ID

Constructor Summary

Constructors

Constructor and Description
FormLogin()

Method Summary

Modifier and Type	Method and Description
String	getJaasChain()
LoginResult	handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Returns a login result or LoginResult.NOT_HANDLED if the handler can't handle the request.
protected boolean	requiresRedirect(javax.servlet.http.HttpServletRequest request) We can assume that a redirect is needed in case the following criteria is met: We are dealing with a POST http request Request query string does not contain any of the authentication parameters, because otherwise we are probably dealing with e.g. some XHR (e.g. a Vaadin request in AdminCentral web-app) and authentication was triggered just because the attributes leaked into the request's attribute map via query string => demanding redirect in such case only might cause some damage.
void	setJaasChain(String jaasChain)

Methods inherited from class info.magnolia.cms.security.auth.login.LoginHandlerBase

authenticate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PARAMETER_USER_ID

public static final String PARAMETER_USER_ID

See Also:

Constant Field Values

PARAMETER_PSWD

public static final String PARAMETER_PSWD

See Also:

Constant Field Values

PARAMETER_REALM

public static final String PARAMETER_REALM

See Also:

Constant Field Values

PARAMETER_RETURN_TO

public static final String PARAMETER_RETURN_TO

See Also:

Constant Field Values

AUTHENTICATION_ATTRIBUTES

public static final Set<String> AUTHENTICATION_ATTRIBUTES

Constructor Detail

FormLogin

public FormLogin()

Method Detail

handle

public LoginResult handle(javax.servlet.http.HttpServletRequest request,
                          javax.servlet.http.HttpServletResponse response)

Description copied from interface: LoginHandler

Returns a login result or LoginResult.NOT_HANDLED if the handler can't handle the request.

Specified by:

handle in interface LoginHandler

requiresRedirect

protected boolean requiresRedirect(javax.servlet.http.HttpServletRequest request)

We can assume that a redirect is needed in case the following criteria is met:

• We are dealing with a POST http request
• Request query string does not contain any of the authentication parameters, because otherwise we are probably dealing with e.g. some XHR (e.g. a Vaadin request in AdminCentral web-app) and authentication was triggered just because the attributes leaked into the request's attribute map via query string => demanding redirect in such case only might cause some damage.

getJaasChain

public String getJaasChain()

setJaasChain

public void setJaasChain(String jaasChain)