public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSession
clientInfo, SESSION_ATTRIBUTE_NAME
Constructor and Description |
---|
AuthenticatedWebSession(Request request)
Construct.
|
Modifier and Type | Method and Description |
---|---|
protected abstract boolean |
authenticate(String username,
String password)
Actual authentication check, has to be implemented by subclasses.
|
static AuthenticatedWebSession |
get() |
void |
invalidate()
Call signOut() and remove the logon data from where ever they have been persisted (e.g.
|
boolean |
isSignedIn() |
protected void |
signIn(boolean value)
Cookie based logins (remember me) may not rely on putting username and password into the
cookie but something else that safely identifies the user.
|
boolean |
signIn(String username,
String password)
Try to logon the user.
|
void |
signOut()
Sign the user out.
|
getRoles
generateNewSessionId, getClientInfo, newBrowserInfoPage
bind, changeSessionId, clear, debug, detach, dirty, dirty, endRequest, error, exists, fatal, getApplication, getAttribute, getAttributeNames, getAuthorizationStrategy, getClassResolver, getFeedbackMessages, getId, getLocale, getMetaData, getPageFactory, getPageManager, getSessionStore, getSizeInBytes, getStyle, info, internalDetach, invalidateNow, isSessionInvalidated, isTemporary, newPageAccessSynchronizer, nextPageId, nextSequenceValue, onEvent, onInvalidate, removeAttribute, replaceSession, setAttribute, setClientInfo, setLocale, setMetaData, setStyle, success, warn
public AuthenticatedWebSession(Request request)
request
- The current request objectpublic static AuthenticatedWebSession get()
public final boolean signIn(String username, String password)
authenticate(String, String)
to do the real work
and that is what you need to subclass to provide your own authentication mechanism.username
- password
- protected abstract boolean authenticate(String username, String password)
username
- The usernamepassword
- The passwordprotected final void signIn(boolean value)
authenticate(String, String)
for 'normal'
authentication).value
- authenticate(String, String)
public final boolean isSignedIn()
isSignedIn
in class AbstractAuthenticatedWebSession
public void signOut()
This method is an alias of invalidate()
public void invalidate()
invalidate
in class WebSession
Session.invalidate()
Copyright © 2006–2022 Apache Software Foundation. All rights reserved.