Docjar: A Java Source and Docuemnt Enginecom.*    java.*    javax.*    org.*    all    new    plug-in

Quick Search    Search Deep
Overview  Package   Class  Use  Deprecated  Index 
Home >> All >> com >> clra >> [ member overview ]  PREV CLASS  NEXT CLASS
SUMMARY: JavaDoc of com.clra.member.Authentication JAVADOC | Sourc code of com.clra.member.Authentication SOURCE | Download com.clra.member.Authentication DOWNLOAD | NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.clra.member
Class Authentication  view Authentication download Authentication.java

java.lang.Object
  extended bycom.clra.member.Authentication
All Implemented Interfaces:
javax.security.auth.callback.CallbackHandler, java.io.Serializable
public class Authentication
extends java.lang.Object
implements javax.security.auth.callback.CallbackHandler, java.io.Serializable

Authenticates a user during login, and releases the authentication during logout.

Note: This class is NOT secure, because it stores passwords in plain text. This isn't an issue unless the rowing association starts doing e-commerce. The plain-text issue is important when web objects use Authentication instances, because they typically stick them into HttpSessions, where they can be deserialized to any old location.

Version:
$Id: Authentication.java,v 1.4 2003/02/26 03:38:45 rphall Exp $

Field Summary
private static java.lang.String base
           
private  javax.security.auth.login.LoginContext ctx
           
private  java.lang.String password
           
private static org.apache.log4j.Category theLog
           
private  java.lang.String user
           
 
Constructor Summary
Authentication(java.lang.String user, java.lang.String password)
           
 
Method Summary
protected  void finalize()
          Called on an object by the Virtual Machine at most once, at some point after the Object is determined unreachable but before it is destroyed.
 void handle(javax.security.auth.callback.Callback[] callbacks)
          Retrieve or display the information requested in the provided javax.security.auth.callback.Callbacks.
 void login()
           
 void logout()
           
 
Methods inherited from class java.lang.Object
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

base

private static final java.lang.String base

theLog

private static final org.apache.log4j.Category theLog

user

private final java.lang.String user

password

private final java.lang.String password

ctx

private javax.security.auth.login.LoginContext ctx
Constructor Detail

Authentication

public Authentication(java.lang.String user,
                      java.lang.String password)
Method Detail

login

public void login()
           throws javax.security.auth.login.LoginException

logout

public void logout()
            throws javax.security.auth.login.LoginException

finalize

protected void finalize()
Description copied from class: java.lang.Object
Called on an object by the Virtual Machine at most once, at some point after the Object is determined unreachable but before it is destroyed. You would think that this means it eventually is called on every Object, but this is not necessarily the case. If execution terminates abnormally, garbage collection does not always happen. Thus you cannot rely on this method to always work. For finer control over garbage collection, use references from the java.lang.ref package.

Virtual Machines are free to not call this method if they can determine that it does nothing important; for example, if your class extends Object and overrides finalize to do simply super.finalize().

finalize() will be called by a java.lang.Thread that has no locks on any Objects, and may be called concurrently. There are no guarantees on the order in which multiple objects are finalized. This means that finalize() is usually unsuited for performing actions that must be thread-safe, and that your implementation must be use defensive programming if it is to always work.

If an Exception is thrown from finalize() during garbage collection, it will be patently ignored and the Object will still be destroyed.

It is allowed, although not typical, for user code to call finalize() directly. User invocation does not affect whether automatic invocation will occur. It is also permitted, although not recommended, for a finalize() method to "revive" an object by making it reachable from normal code again.

Unlike constructors, finalize() does not get called for an object's superclass unless the implementation specifically calls super.finalize().

The default implementation does nothing.

handle

public void handle(javax.security.auth.callback.Callback[] callbacks)
            throws java.io.IOException,
                   javax.security.auth.callback.UnsupportedCallbackException
Description copied from interface: javax.security.auth.callback.CallbackHandler

Retrieve or display the information requested in the provided javax.security.auth.callback.Callbacks.

The handle() method implementation checks the instance(s) of the javax.security.auth.callback.Callback object(s) passed in to retrieve or display the requested information. The following example is provided to help demonstrate what an handle() method implementation might look like. This example code is for guidance only. Many details, including proper error handling, are left out for simplicity.

public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
   for (int i = 0; i < callbacks.length; i++) {
      if (callbacks[i] instanceof TextOutputCallback) {
         // display the message according to the specified type
         TextOutputCallback toc = (TextOutputCallback)callbacks[i];
         switch (toc.getMessageType()) {
         case TextOutputCallback.INFORMATION:
            System.out.println(toc.getMessage());
            break;
         case TextOutputCallback.ERROR:
            System.out.println("ERROR: " + toc.getMessage());
            break;
         case TextOutputCallback.WARNING:
            System.out.println("WARNING: " + toc.getMessage());
            break;
         default:
            throw new IOException("Unsupported message type: "
                  + toc.getMessageType());
         }
      } else if (callbacks[i] instanceof NameCallback) {
         // prompt the user for a username
         NameCallback nc = (NameCallback)callbacks[i];
         // ignore the provided defaultName
         System.err.print(nc.getPrompt());
         System.err.flush();
         nc.setName((new BufferedReader(
               new InputStreamReader(System.in))).readLine());
      } else if (callbacks[i] instanceof PasswordCallback) {
         // prompt the user for sensitive information
         PasswordCallback pc = (PasswordCallback)callbacks[i];
         System.err.print(pc.getPrompt());
         System.err.flush();
         pc.setPassword(readPassword(System.in));
      } else {
         throw new UnsupportedCallbackException(
               callbacks[i], "Unrecognized Callback");
      }
   }
}

 // Reads user password from given input stream.
private char[] readPassword(InputStream in) throws IOException {
   // insert code to read a user password from the input stream
}

Specified by:
handle in interface javax.security.auth.callback.CallbackHandler
Overview  Package   Class  Use  Deprecated  Index 
Home >> All >> com >> clra >> [ member overview ]  PREV CLASS  NEXT CLASS
SUMMARY: JavaDoc of com.clra.member.Authentication JAVADOC | Sourc code of com.clra.member.Authentication SOURCE | Download com.clra.member.Authentication DOWNLOAD | NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD