/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/Authenticator.java,v 1.1 2003/07/07 13:12:56 maxcooper Exp $
- * $Revision: 1.1 $
- * $Date: 2003/07/07 13:12:56 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/Authenticator.java,v 1.2 2004/01/26 07:11:30 anoncvs_webpanels Exp $
+ * $Revision: 1.2 $
+ * $Date: 2004/01/26 07:11:30 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
* method, such as FORM or BASIC (others are possible).
*
* @author Max Cooper (max@maxcooper.com)
- * @version $Revision: 1.1 $ $Date: 2003/07/07 13:12:56 $
+ * @version $Revision: 1.2 $ $Date: 2004/01/26 07:11:30 $
*/
public interface Authenticator {
public void showLogin(HttpServletRequest request, HttpServletResponse response) throws IOException;
/**
+ * Return true if this is a logout request.
+ *
+ * @param request
+ * @return true if this is a logout request, false otherwise
+ */
+ public boolean isLogoutRequest(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) throws Exception;
+
+ /**
* Return true if security checks should be bypassed for this request.
*
* Example: for FORM based authentication, the login and error pages should always be viewable without being
/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/BasicAuthenticator.java,v 1.2 2003/07/14 18:55:14 maxcooper Exp $
- * $Revision: 1.2 $
- * $Date: 2003/07/14 18:55:14 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/BasicAuthenticator.java,v 1.3 2004/01/26 07:11:30 anoncvs_webpanels Exp $
+ * $Revision: 1.3 $
+ * $Date: 2004/01/26 07:11:30 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
*
* @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net)
* @author Max Cooper (max@maxcooper.com)
- * @version $Revision: 1.2 $ $Date: 2003/07/14 18:55:14 $
+ * @version $Revision: 1.3 $ $Date: 2004/01/26 07:11:30 $
*/
public class BasicAuthenticator implements Authenticator {
public static final String LOGIN_ATTEMPTS = BasicAuthenticator.class.getName() + ".LOGIN_ATTEMPTS";
protected String realmName;
protected Base64 base64Helper;
-
/**
* Initialize this Authenticator.
*
}
/**
- * All requests should be subject to security checking for BASIC authentication.
- *
- * @param request
- * @return always false -- check all requests
- */
- public boolean bypassSecurityForThisRequest(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) {
- return false;
- }
-
- /**
* Show the login page.
*
* @param request the current request
}
/**
+ * Return true if security checks should be bypassed for this request.
+ * Always returns false for BASIC authenticator.
+ *
+ * @param request
+ * @param patternMatcher
+ * @return always returns false
+ */
+ public boolean bypassSecurityForThisRequest(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) {
+ return false;
+ }
+
+ /**
+ * Return true if this is a logout request.
+ * Always returns false for BASIC authenticator.
+ *
+ * @param request
+ * @param patternMatcher
+ * @return always returns false
+ */
+ public boolean isLogoutRequest(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) {
+ return false;
+ }
+
+ /**
* Parse the username out of the BASIC authorization header string.
* @param decoded
* @return username parsed out of decoded string
/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/FormAuthenticator.java,v 1.4 2003/10/27 10:32:05 maxcooper Exp $
- * $Revision: 1.4 $
- * $Date: 2003/10/27 10:32:05 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/FormAuthenticator.java,v 1.5 2004/01/26 07:11:30 anoncvs_webpanels Exp $
+ * $Revision: 1.5 $
+ * $Date: 2004/01/26 07:11:30 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
* FormAuthenticator - authenticator implementation for the FORM auth method.
*
* @author Max Cooper (max@maxcooper.com)
- * @version $Revision: 1.4 $ $Date: 2003/10/27 10:32:05 $
+ * @version $Revision: 1.5 $ $Date: 2004/01/26 07:11:30 $
*/
public class FormAuthenticator implements Authenticator {
protected String errorPage;
protected URLPattern errorPagePattern;
+ protected URLPattern logoutPagePattern;
+
protected String defaultPage;
protected SecurityRealmInterface realm;
// error page
errorPage = securityConfig.getErrorPage();
errorPagePattern = patternFactory.createURLPattern(stripQueryString(errorPage), null, null, 0);
+
+ // error page
+ String logoutPage = securityConfig.getLogoutPage();
+ logoutPagePattern = patternFactory.createURLPattern(stripQueryString(logoutPage), null, null, 0);
}
/**
}
/**
- * FormAuthenticator has a special case where the user should be sent to a default page if the user
- * spontaneously submits a login request.
+ * Return true if this is a logout request. Always returns false for this Authenticator.
*
* @param request
- * @return a URL to send the user to after logging in
+ * @return true if this is a logout request, false otherwise
*/
- private String getContinueToURL(HttpServletRequest request) {
- String savedURL = SecurityFilter.getContinueToURL(request);
- if (savedURL != null) {
- return savedURL;
- } else {
- return request.getContextPath() + defaultPage;
- }
+ public boolean isLogoutRequest(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) throws Exception {
+ String requestURL = request.getMatchableURL();
+ return patternMatcher.match(requestURL, logoutPagePattern);
}
/**
}
/**
+ * FormAuthenticator has a special case where the user should be sent to a default page if the user
+ * spontaneously submits a login request.
+ *
+ * @param request
+ * @return a URL to send the user to after logging in
+ */
+ private String getContinueToURL(HttpServletRequest request) {
+ String savedURL = SecurityFilter.getContinueToURL(request);
+ if (savedURL != null) {
+ return savedURL;
+ } else {
+ return request.getContextPath() + defaultPage;
+ }
+ }
+
+ /**
* Utility method to strip the query string from a uri.
*
* @param uri
projects / securityfilter.git / commitdiff