org.apache.shindig.auth

Class UrlParameterAuthenticationHandler

java.lang.Object

org.apache.shindig.auth.UrlParameterAuthenticationHandler

All Implemented Interfaces:

AuthenticationHandler

public class UrlParameterAuthenticationHandler
extends Object
implements AuthenticationHandler

Produces security tokens by extracting the "st" parameter from the request url or post body.

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.shindig.auth.AuthenticationHandler

AuthenticationHandler.InvalidAuthenticationException

Field Summary

Fields inherited from interface org.apache.shindig.auth.AuthenticationHandler

STASHED_BODY

Constructor Summary

Constructors

Constructor and Description
UrlParameterAuthenticationHandler(SecurityTokenCodec securityTokenCodec)

Method Summary

Methods

Modifier and Type	Method and Description
protected String	getActiveUrl(javax.servlet.http.HttpServletRequest request)
protected Map<String,String>	getMappedParameters(javax.servlet.http.HttpServletRequest request)
String	getName()
protected SecurityTokenCodec	getSecurityTokenCodec()
SecurityToken	getSecurityTokenFromRequest(javax.servlet.http.HttpServletRequest request) Produce a security token extracted from the HTTP request.
String	getWWWAuthenticateHeader(String realm) Return a String to be used for a WWW-Authenticate header.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UrlParameterAuthenticationHandler

@Inject
public UrlParameterAuthenticationHandler(SecurityTokenCodec securityTokenCodec)

Method Detail

getName

public String getName()

Specified by:

getName in interface AuthenticationHandler

Returns:

The name of the authentication handler. This value is bound to the security token and can be used to determine the authentication mechanism by which the security token was created. The value is expected to be one of the values in AuthenticationMode but string is used here to allow containers to have custom authentication modes

getSecurityTokenFromRequest

public SecurityToken getSecurityTokenFromRequest(javax.servlet.http.HttpServletRequest request)
                                          throws AuthenticationHandler.InvalidAuthenticationException

Description copied from interface: AuthenticationHandler

Produce a security token extracted from the HTTP request.

Specified by:

getSecurityTokenFromRequest in interface AuthenticationHandler

Parameters:

request - The request to extract a token from.

Returns:

A valid security token for the request, or null if it wasn't possible to authenticate.

Throws:

AuthenticationHandler.InvalidAuthenticationException

getWWWAuthenticateHeader

public String getWWWAuthenticateHeader(String realm)

Description copied from interface: AuthenticationHandler

Return a String to be used for a WWW-Authenticate header. This will be called if the call to getSecurityTokenFromRequest returns null. If non-null/non-blank it will be added to the Response. See Section 6.1.3 of the Portable Contacts Specification

Specified by:

getWWWAuthenticateHeader in interface AuthenticationHandler

Parameters:

realm - the name of the realm to use for the authenticate header

Returns:

Header value for a WWW-Authenticate Header

getSecurityTokenCodec

protected SecurityTokenCodec getSecurityTokenCodec()

getMappedParameters

protected Map<String,String> getMappedParameters(javax.servlet.http.HttpServletRequest request)

getActiveUrl

protected String getActiveUrl(javax.servlet.http.HttpServletRequest request)