Docjar: A Java Source and Docuemnt Enginecom.*    java.*    javax.*    org.*    all    new    plug-in

Quick Search    Search Deep
Overview  Package   Class  Use  Deprecated  Index 
Home >> All >> net >> sf >> acegisecurity >> ui >> [ rememberme overview ]  PREV CLASS  NEXT CLASS
SUMMARY: JavaDoc of net.sf.acegisecurity.ui.rememberme.RememberMeServices JAVADOC | Sourc code of net.sf.acegisecurity.ui.rememberme.RememberMeServices SOURCE | Download net.sf.acegisecurity.ui.rememberme.RememberMeServices DOWNLOAD | NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

net.sf.acegisecurity.ui.rememberme
Interface RememberMeServices  view RememberMeServices download RememberMeServices.java

All Known Implementing Classes:
NullRememberMeServices, TokenBasedRememberMeServices
public interface RememberMeServices

Implement by a class that is capable of providing a remember-me service.

Acegi Security filters (namely net.sf.acegisecurity.ui.AbstractProcessingFilter and RememberMeProcessingFilter will call the methods provided by an implementation of this interface.

Implementations may implement any type of remember-me capability they wish. Rolling cookies (as per http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice) can be used, as can simple implementations that don't require a persistent store. Implementations also determine the validity period of a remember-me cookie. This interface has been designed to accommodate any of these remember-me models.

This interface does not define how remember-me services should offer a "cancel all remember-me tokens" type capability, as this will be implementation specific and requires no hooks into Acegi Security.

Version:
$Id: RememberMeServices.java,v 1.1 2005/03/01 02:30:31 benalex Exp $

Method Summary
 net.sf.acegisecurity.Authentication autoLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          This method will be called whenever the ContextHolder does not contain an Authentication and the Acegi Security system wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities.
 void loginFail(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.
 void loginSuccess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, net.sf.acegisecurity.Authentication successfulAuthentication)
          Called whenever an interactive authentication attempt is successful.
 

Method Detail

autoLogin

public net.sf.acegisecurity.Authentication autoLogin(javax.servlet.http.HttpServletRequest request,
                                                     javax.servlet.http.HttpServletResponse response)
This method will be called whenever the ContextHolder does not contain an Authentication and the Acegi Security system wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities. Acegi Security makes no attempt whatsoever to determine whether the browser has requested remember-me services or presented a vaild cookie. Such determinations are left to the implementation. If a browser has presented an unauthorised cookie for whatever reason, it should be silently ignored and invalidated using the HttpServletResponse object.

The returned Authentication must be acceptable to net.sf.acegisecurity.AuthenticationManager or net.sf.acegisecurity.providers.AuthenticationProvider defined by the web application. It is recommended net.sf.acegisecurity.providers.rememberme.RememberMeAuthenticationToken be used in most cases, as it has a corresponding authentication provider.

loginFail

public void loginFail(javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response)
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid. Implementations should invalidate any and all remember-me tokens indicated in the HttpServletRequest.

loginSuccess

public void loginSuccess(javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response,
                         net.sf.acegisecurity.Authentication successfulAuthentication)
Called whenever an interactive authentication attempt is successful. An implementation may automatically set a remember-me token in the HttpServletResponse, although this is not recommended. Instead, implementations should typically look for a request parameter that indicates the browser has presented an explicit request for authentication to be remembered, such as the presence of a HTTP POST parameter.

Overview  Package   Class  Use  Deprecated  Index 
Home >> All >> net >> sf >> acegisecurity >> ui >> [ rememberme overview ]  PREV CLASS  NEXT CLASS
SUMMARY: JavaDoc of net.sf.acegisecurity.ui.rememberme.RememberMeServices JAVADOC | Sourc code of net.sf.acegisecurity.ui.rememberme.RememberMeServices SOURCE | Download net.sf.acegisecurity.ui.rememberme.RememberMeServices DOWNLOAD | NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD