org.surfnet.oaaas.noop
Class NoopAuthenticator

java.lang.Object
  org.surfnet.oaaas.auth.AbstractFilter
      org.surfnet.oaaas.auth.AbstractAuthenticator
          org.surfnet.oaaas.noop.NoopAuthenticator

All Implemented Interfaces:

javax.servlet.Filter

public class NoopAuthenticator
extends AbstractAuthenticator

A mimimalistic implementation of AbstractAuthenticator that contains no authentication but only fulfills the contract of Authenticators. Useful for testing and demonstration purposes only, of course not safe for production.

Field Summary

Fields inherited from class org.surfnet.oaaas.auth.AbstractAuthenticator

PRINCIPAL

Fields inherited from class org.surfnet.oaaas.auth.AbstractFilter

AUTH_STATE, RETURN_URI

Constructor Summary

NoopAuthenticator()

Method Summary

void	authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, String authStateValue, String returnUri) Implement this method to perform the actual authentication.
boolean	canCommence(javax.servlet.http.HttpServletRequest request) Implement this method to state whether the given request is a continuation that can be handled.

Methods inherited from class org.surfnet.oaaas.auth.AbstractAuthenticator

destroy, doFilter, init, setPrincipal

Methods inherited from class org.surfnet.oaaas.auth.AbstractFilter

getAuthStateValue, getReturnUri, setAuthStateValue

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

NoopAuthenticator

public NoopAuthenticator()

Method Detail

canCommence

public boolean canCommence(javax.servlet.http.HttpServletRequest request)

Description copied from class: AbstractAuthenticator

Implement this method to state whether the given request is a continuation that can be handled. This method will be called for every consecutive request after the initial one.
Returning true means that the request is part of an ongoing authentication.
Returning false indicates to the framework that the request is not known.
Typically this can be determined by the http method or one or more request parameters/attributes being present.

Specified by:

canCommence in class AbstractAuthenticator

Parameters:

request - the HttpServletRequest

authenticate

public void authenticate(javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response,
                         javax.servlet.FilterChain chain,
                         String authStateValue,
                         String returnUri)
                  throws IOException,
                         javax.servlet.ServletException

Description copied from class: AbstractAuthenticator

Implement this method to perform the actual authentication. Use BasicAuthenticator or FormLoginAuthenticator as an example. In general, the contract is:

assert that the user is authenticated. You can use the request and response for this. When not yet authenticated:

• use AbstractFilter.getAuthStateValue(javax.servlet.ServletRequest) to pass-around for user agent communication
• use AbstractFilter.getReturnUri(javax.servlet.ServletRequest) if you need to step out and return to the current location

When authenticated:

• set the authState attribute, by calling AbstractFilter.setAuthStateValue(javax.servlet.ServletRequest, String)
• set the principal attribute, by calling #setPrincipal(ServletRequest, RolesPrincipal)
• call chain.doFilter(request, response) to let the flow continue..

Specified by:

authenticate in class AbstractAuthenticator

Parameters:

request - the ServletRequest

response - the ServletResponse

chain - the original http servlet filter chain

authStateValue - the authState nonce to set back on the ServletRequest when done

returnUri - the startpoint of the chain if you want to return from a form or other (external) component

Throws:

IOException

javax.servlet.ServletException