public final class NonLoginAuthenticator extends AuthenticatorBase
AuthenticatorBase.AllowCorsPreflightLifecycle.SingleUsealwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, ssoasyncSupported, container, containerLog, nextmserverAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT| Constructor and Description |
|---|
NonLoginAuthenticator() |
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
doAuthenticate(Request request,
HttpServletResponse response)
Authenticate the user making this request, based on the fact that no
login-config has been defined
for the container. |
protected java.lang.String |
getAuthMethod()
Return the authentication method, which is vendor-specific and not defined by HttpServletRequest.
|
allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isPreemptiveAuthPossible, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, startInternal, stopInternalbackgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toStringdestroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregisteraddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stopprotected boolean doAuthenticate(Request request, HttpServletResponse response) throws java.io.IOException
Authenticate the user making this request, based on the fact that no login-config has been defined
for the container.
This implementation means "login the user even though there is no self-contained way to establish a security Principal for that user".
This method is called by the AuthenticatorBase super class to establish a Principal for the user BEFORE the
container security constraints are examined, i.e. it is not yet known whether the user will eventually be
permitted to access the requested resource. Therefore, it is necessary to always return true to
indicate the user has not failed authentication.
There are two cases:
auth-method to
authenticate the user, so leave Request's Principal as null. Note: AuthenticatorBase will later examine the
security constraints to determine whether the resource is accessible by a user without a security Principal and
Role (i.e. unauthenticated).doAuthenticate in class AuthenticatorBaserequest - Request we are processingresponse - Response we are creatingjava.io.IOException - if an input/output error occursprotected java.lang.String getAuthMethod()
AuthenticatorBasegetAuthMethod in class AuthenticatorBaseCopyright © 2000-2024 Apache Software Foundation.
Apache Tomcat, Tomcat, Apache, the Apache Tomcat logo and the Apache logo are either registered trademarks or trademarks of the Apache Software Foundation.