AuthenticationHandler (Apache Shindig Common Code 2012-2.8.1-COIN API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.shindig.auth
Interface AuthenticationHandler

All Known Implementing Classes:: AnonymousAuthenticationHandler, UrlParameterAuthenticationHandler

public interface AuthenticationHandler

Implements a specific authentication mechanism and produces a SecurityToken when authentication is successful.

Nested Class Summary
`static class`	`AuthenticationHandler.InvalidAuthenticationException` An exception thrown by an AuthenticationHandler in the situation where a malformed credential or token is passed.

Field Summary
`static String`	`STASHED_BODY` Some authentication handlers need to read the request body to perform verification.

Method Summary
`String`	`getName()`
`SecurityToken`	`getSecurityTokenFromRequest(javax.servlet.http.HttpServletRequest request)` Produce a security token extracted from the HTTP request.
`String`	`getWWWAuthenticateHeader(String realm)` Return a String to be used for a WWW-Authenticate header.

Field Detail

STASHED_BODY

static final String STASHED_BODY

Some authentication handlers need to read the request body to perform verification. Because the servlet stream can only be read once, making the content unavailable to the receiving servlet. An authentication handler that fully reads the body should stash the raw content byte array using request.setAttribute(STASHED_BODY, )

See Also:: Constant Field Values

Method Detail

getName

String getName()

Returns:: The name of the authentication handler. This value is bound to the security token and can be used to determine the authentication mechanism by which the security token was created. The value is expected to be one of the values in AuthenticationMode but string is used here to allow containers to have custom authentication modes

getSecurityTokenFromRequest

SecurityToken getSecurityTokenFromRequest(javax.servlet.http.HttpServletRequest request)
                                          throws AuthenticationHandler.InvalidAuthenticationException

Produce a security token extracted from the HTTP request.

Parameters:: request - The request to extract a token from.
Returns:: A valid security token for the request, or null if it wasn't possible to authenticate.
Throws:: AuthenticationHandler.InvalidAuthenticationException

getWWWAuthenticateHeader

String getWWWAuthenticateHeader(String realm)

Return a String to be used for a WWW-Authenticate header. This will be called if the call to getSecurityTokenFromRequest returns null. If non-null/non-blank it will be added to the Response. See Section 6.1.3 of the Portable Contacts Specification

Parameters:: realm - the name of the realm to use for the authenticate header
Returns:: Header value for a WWW-Authenticate Header