AbstractAuthenticator (API Secure - authorization server 1.3.3 API)

java.lang.Object
- org.surfnet.oaaas.auth.AbstractFilter
- - org.surfnet.oaaas.auth.AbstractAuthenticator

All Implemented Interfaces:

javax.servlet.Filter

Direct Known Subclasses:

NoopAuthenticator
```
public abstract class AbstractAuthenticator
extends AbstractFilter
```
To be implemented by various authentication methods.

Field Summary

Fields
Modifier and Type Field and Description

static String PRINCIPAL
The constant that contains the principal, set by concrete authenticators and consumed by the authorization endpoint.
- Fields inherited from class org.surfnet.oaaas.auth.AbstractFilter
  AUTH_STATE, RETURN_URI

Fields
Modifier and Type	Field and Description
`static String`	`PRINCIPAL` The constant that contains the principal, set by concrete authenticators and consumed by the authorization endpoint.

Constructor Summary

Constructors
Constructor and Description

AbstractAuthenticator()

Constructors
Constructor and Description
`AbstractAuthenticator()`

Method Summary

Methods
Modifier and Type	Method and Description
`abstract void`	`authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, String authStateValue, String returnUri)` Implement this method to perform the actual authentication.
`abstract boolean`	`canCommence(javax.servlet.http.HttpServletRequest request)` Implement this method to state whether the given request is a continuation that can be handled.
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)`
`void`	`init(javax.servlet.FilterConfig filterConfig)`
`protected void`	`setPrincipal(javax.servlet.ServletRequest request, AuthenticatedPrincipal principal)` Set the given principal on the request.

Methods inherited from class org.surfnet.oaaas.auth.AbstractFilter
getAuthStateValue, getReturnUri, setAuthStateValue

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - PRINCIPAL
```
public static final String PRINCIPAL
```
    The constant that contains the principal, set by concrete authenticators and consumed by the authorization endpoint.
    
    See Also:
    Constant Field Values
- Constructor Detail
  - AbstractAuthenticator
```
public AbstractAuthenticator()
```
- Method Detail
  - doFilter
```
public final void doFilter(javax.servlet.ServletRequest request,
            javax.servlet.ServletResponse response,
            javax.servlet.FilterChain chain)
                    throws IOException,
                           javax.servlet.ServletException
```
    Throws:
    
    IOException
    
    javax.servlet.ServletException
  - canCommence
```
public abstract boolean canCommence(javax.servlet.http.HttpServletRequest request)
```
    Implement this method to state whether the given request is a continuation that can be handled. This method will be called for every consecutive request after the initial one.
    Returning true means that the request is part of an ongoing authentication.
    Returning false indicates to the framework that the request is not known.
    Typically this can be determined by the http method or one or more request parameters/attributes being present.
    
    Parameters:
    request - the HttpServletRequest
  - authenticate
```
public abstract void authenticate(javax.servlet.http.HttpServletRequest request,
                javax.servlet.http.HttpServletResponse response,
                javax.servlet.FilterChain chain,
                String authStateValue,
                String returnUri)
                           throws IOException,
                                  javax.servlet.ServletException
```
    Implement this method to perform the actual authentication. Use BasicAuthenticator or FormLoginAuthenticator as an example. In general, the contract is:
    assert that the user is authenticated. You can use the request and response for this. When not yet authenticated:
    - use AbstractFilter.getAuthStateValue(javax.servlet.ServletRequest) to pass-around for user agent communication
    - use AbstractFilter.getReturnUri(javax.servlet.ServletRequest) if you need to step out and return to the current location
    When authenticated:
    - set the authState attribute, by calling AbstractFilter.setAuthStateValue(javax.servlet.ServletRequest, String)
    - set the principal attribute, by calling #setPrincipal(ServletRequest, RolesPrincipal)
    - call chain.doFilter(request, response) to let the flow continue..
    Parameters:
    request - the ServletRequest
    response - the ServletResponse
    chain - the original http servlet filter chain
    authStateValue - the authState nonce to set back on the ServletRequest when done
    returnUri - the startpoint of the chain if you want to return from a form or other (external) component
    
    Throws:
    
    IOException
    
    javax.servlet.ServletException
  - setPrincipal
```
protected final void setPrincipal(javax.servlet.ServletRequest request,
                AuthenticatedPrincipal principal)
```
    Set the given principal on the request.
    
    Parameters:
    request - the original ServletRequest
    principal - the Principal to set.
  - init
```
public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
```
    Throws:
    
    javax.servlet.ServletException
  - destroy
```
public void destroy()
```

Class AbstractAuthenticator

Field Summary

Fields inherited from class org.surfnet.oaaas.auth.AbstractFilter

Constructor Summary

Method Summary

Methods inherited from class org.surfnet.oaaas.auth.AbstractFilter

Methods inherited from class java.lang.Object

Field Detail

PRINCIPAL

Constructor Detail

AbstractAuthenticator

Method Detail

doFilter

canCommence

authenticate

setPrincipal

init

destroy