com.ibm.as400.util.servlet

Class AuthenticationServlet

  • java.lang.Object
    • javax.servlet.GenericServlet
      • javax.servlet.http.HttpServlet
        • com.ibm.as400.util.servlet.AuthenticationServlet
  • All Implemented Interfaces:
    java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
    Direct Known Subclasses:
    AS400Servlet


    public class AuthenticationServlet
    extends javax.servlet.http.HttpServlet
    AuthenticationServlet is an HttpServlet implementation that performs basic authentication for servlets. Subclasses should override the validateAuthority() method to perform the authentication. The bypassValidation() method can be overridden to authenticate only certain requests and the postValidation() method can be overridden for additional processing of the request after authenticating.
    See Also:
    Serialized Form
    • Constructor Summary

      Constructors 
      Constructor and Description
      AuthenticationServlet()
      Constructs a default AuthenticationServlet object.
      AuthenticationServlet(java.lang.String user, java.lang.String password, java.lang.String realm)
      Constructs an AuthenticationServlet object with the specified user, password, and realm.
    • Method Summary

      Methods 
      Modifier and Type Method and Description
      boolean bypassAuthentication(javax.servlet.http.HttpServletRequest req)
      Method to check to see if authentication should be performed.
      Log getLog()
      Get the log object used for tracing and error logging.
      java.lang.String getRealm()
      Retrieve the realm that was used for the authentication.
      java.lang.String getUser()
      Retrieve the user that was used for the authentication.
      void init(javax.servlet.ServletConfig config)
      Servlet initialization.
      void log(java.lang.Exception e, java.lang.String msg)
      Log an exception and message to the event log.
      void log(java.lang.String msg)
      Log a message to the event log.
      boolean postValidation(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
      Method called after validation has occured.
      void service(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
      Override the default service() method for HttpServlet.
      void setLog(Log log)
      Set the log object used for tracing and error logging.
      void setPassword(java.lang.String password)
      Set the password.
      void setRealm(java.lang.String realm)
      Set the realm that will be used for the authentication.
      void setUser(java.lang.String user)
      Set the user ID.
      boolean validateAuthority(java.lang.String realm, java.lang.String uid, java.lang.String pw)
      Method used to validate.
      • Methods inherited from class javax.servlet.http.HttpServlet

        doDelete, doGet, doOptions, doPost, doPut, doTrace, getLastModified, service
      • Methods inherited from class javax.servlet.GenericServlet

        destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, init, log
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • AuthenticationServlet

        public AuthenticationServlet()
        Constructs a default AuthenticationServlet object.
      • AuthenticationServlet

        public AuthenticationServlet(java.lang.String user,
                             java.lang.String password,
                             java.lang.String realm)
        Constructs an AuthenticationServlet object with the specified user, password, and realm.
        Parameters:
        user - The user ID to use.
        password - The password for this user ID.
        realm - The realm, which refers to the system name.
    >
    • Method Detail

      • bypassAuthentication

        public boolean bypassAuthentication(javax.servlet.http.HttpServletRequest req)
        Method to check to see if authentication should be performed. The default implementation returns false. Subclasses that wish to implement authentication based on the URL can override this method, interrogate the request object and determine if authentication should be performed.
        Parameters:
        req - The HttpServletRequest object for this request.
        Returns:
        true if authentication should not be performed.
      • getLog

        public Log getLog()
        Get the log object used for tracing and error logging.
        Returns:
        The Log object to use for this servlet.
      • getUser

        public java.lang.String getUser()
        Retrieve the user that was used for the authentication.
        Returns:
        The authenticated user ID.
      • getRealm

        public java.lang.String getRealm()
        Retrieve the realm that was used for the authentication. For the IBM i system, the realm is the system name.
        Returns:
        The realm.
      • init

        public void init(javax.servlet.ServletConfig config)
                  throws javax.servlet.ServletException
        Servlet initialization. The realm is initialized at this point to localhost. It can be overridden by the setRealm() method.
        Specified by:
        init in interface javax.servlet.Servlet
        Overrides:
        init in class javax.servlet.GenericServlet
        Parameters:
        config - The servlet configuration.
        Throws:
        javax.servlet.ServletException - A ServletException is thrown if a problem with the servlet occurs.
      • log

        public void log(java.lang.String msg)
        Log a message to the event log.
        Overrides:
        log in class javax.servlet.GenericServlet
        Parameters:
        msg - The message to log.
      • log

        public void log(java.lang.Exception e,
               java.lang.String msg)
        Log an exception and message to the event log.
        Parameters:
        e - The exception to log.
        msg - The message to log.
      • setLog

        public void setLog(Log log)
        Set the log object used for tracing and error logging.
        Parameters:
        log - The Log.
      • setPassword

        public void setPassword(java.lang.String password)
        Set the password. This method can be used to set the password to a default password after bypassing authentication.
        Parameters:
        password - The password to use.
      • service

        public void service(javax.servlet.http.HttpServletRequest req,
                   javax.servlet.http.HttpServletResponse resp)
                     throws javax.servlet.ServletException,
                            java.io.IOException
        Override the default service() method for HttpServlet. Subclasses should not override this method unless necessary. If a subclass overrides this method, it should call super.service() or authentication would not occur for the servlet.
        Overrides:
        service in class javax.servlet.http.HttpServlet
        Parameters:
        req - The HTTP servlet request.
        resp - The HTTP servlet response.
        Throws:
        javax.servlet.ServletException - A ServletException is thrown if a problem with the servlet occurs.
        java.io.IOException - An IOException is thrown if a communications error occurs.
      • setRealm

        public void setRealm(java.lang.String realm)
        Set the realm that will be used for the authentication. For the IBM i system, the realm is the system name.
        Parameters:
        realm - The realm, which refers to the system name.
      • setUser

        public void setUser(java.lang.String user)
        Set the user ID. This method can be used to set the user ID to a default user after bypassing authenticaiton.
        Parameters:
        user - The user ID to use.
      • validateAuthority

        public boolean validateAuthority(java.lang.String realm,
                                java.lang.String uid,
                                java.lang.String pw)
                                  throws java.lang.SecurityException,
                                         java.io.IOException
        Method used to validate. The default implementation does nothing. Subclasses should override this method and implement appropriate validation scheme.
        Parameters:
        realm - The realm to validate against.
        uid - The user ID to use for validation.
        pw - The password to use for validation.
        Returns:
        true if the servlet should continue authenticating; false otherwise. The default is true;
        Throws:
        java.lang.SecurityException - This exception should be thrown if validation fails.
        java.io.IOException - This exception should be thrown if a communication error occurs during validation.
      • postValidation

        public boolean postValidation(javax.servlet.http.HttpServletRequest req,
                             javax.servlet.http.HttpServletResponse resp)
                               throws javax.servlet.ServletException,
                                      java.io.IOException
        Method called after validation has occured. The default implementation does nothing. Subclasses should override this method to continue processing the request.
        Parameters:
        req - The HTTP servlet request.
        resp - The HTTP servlet response.
        Returns:
        true if the servlet should continue authenticating; false otherwise. The default is true;
        Throws:
        javax.servlet.ServletException - A ServletException is thrown if a problem with the servlet occurs.
        java.io.IOException - An IOException is thrown if a communications error occurs.