api: com.opmath.util: Class HttpLogOnServlet

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

OpMath

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.opmath.util.http
Class HttpLogOnServlet

java.lang.Object
  |
  +--javax.servlet.GenericServlet
        |
        +--javax.servlet.http.HttpServlet
              |
              +--com.opmath.util.http.HttpServlet
                    |
                    +--com.opmath.util.http.HttpLogOnServlet

All Implemented Interfaces:: ParamIndex, Serializable, Servlet, ServletConfig

public abstract class HttpLogOnServlet
extends HttpServlet
implements ParamIndex

Provides an abstract class for a servlet that can respond to a log on request.

Servlets of this class have to deal with three distinct outcomes of the log on request:

The requesting subject was authenticated and authorised, and a URL was available for redirection - the redirection URL is typically available if a request is made against an HttpProtectedServlet, without the requester having first logged on. In this case, a redirection is made to the original URL.

The requesting subject was authenticated and authorised, but no URL was available for redirection - this may happen where a log on request is made directly to an HttpLogonServlet. In this case, the requester is redirected to an appropriate resource.

The requesting subject was not authenticated, or not authorised - this typically happens where a log on request is made directly to an HttpLogonServlet. In this case, an appropriate response, noting the unsuccessful log on, is returned.

WARNING: It is up to the programmer to ensure that the use of the HttpSession instance variable (or any other instance variable) has thread safety.

The Terms of Distribution of this software are stipulated in the javadoc Overview for this project.

Since:: J2SE 1.3.0
Version:: HTTP v2.0
Author:: Bruno Beloff bruno.beloff@opmath.com
See Also:: HttpServlet, HttpSessionServlet, HttpLogOffServlet, HttpProtectedServlet, Serialized Form

Fields inherited from class com.opmath.util.http.HttpServlet

EOL, LOGON_DONE, LOGON_TARGET

Constructor Summary

HttpLogOnServlet()


Method Summary

protected boolean allowUser(String account, String password)
          Attempts to authenticate the requester, and authorize the requester's access.

void doGet(HttpServletRequest req, HttpServletResponse rsp)
          Handles an HTTP GET request.

protected String doGetDispatch(HttpServletRequest req)
          Services an HTTP GET request, as handled by the superclass.

void doPost(HttpServletRequest req, HttpServletResponse rsp)
          Handles an HTTP POST request.

protected String doPostDispatch(HttpServletRequest req)
          Services an HTTP POST request, as handled by doPost(HttpServletRequest, HttpServletResponse).

String getServletInfo()
          Returns a String carrying some information about the servlet.

protected String logOnAccount()
          Returns the name of the HTTP request parameter field carrying the account name of the requester.

protected String logOnPassword()
          Returns the name of the HTTP request parameter field carrying the password of the requester.

protected String logOnRedirectURI()
          Returns the URI of the resource that is targetted where authentication and authorisation are successful, but no other URI is available.

Methods inherited from class com.opmath.util.http.HttpServlet

getIndex, getParamIndex, getValueCount, paramIndices, paramMappings, paramNames, paramValues, registerIndex, registerIndices, report, setConfig, setConfig

Methods inherited from class javax.servlet.http.HttpServlet

, doDelete, doHead, doOptions, doPut, doTrace, getLastModified, service, service

Methods inherited from class javax.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletName, init, init, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.opmath.util.http.ParamIndex

getIndex, getParamIndex, getValueCount, paramIndices, paramMappings, paramNames, paramValues, registerIndex

Constructor Detail

HttpLogOnServlet

public HttpLogOnServlet()

Method Detail

logOnRedirectURI

protected String logOnRedirectURI()

Returns the URI of the resource that is targetted where authentication and authorisation are successful, but no other URI is available.

This method attempts to provide the home URI of the Web application - the actual URI String returned is "/".

Returns:: A String carrying the default redirection URI.
Since:: J2SE 1.3

logOnAccount

protected String logOnAccount()

Returns the name of the HTTP request parameter field carrying the account name of the requester. The value returned is the String "account".

Returns:: A String carrying the name of the account field.
Since:: J2SE 1.3

logOnPassword

protected String logOnPassword()

Returns the name of the HTTP request parameter field carrying the password of the requester. The value returned is the String "password".

Returns:: A String carrying the name of the password field.
Since:: J2SE 1.3

doGet

public final void doGet(HttpServletRequest req,
                        HttpServletResponse rsp)
                 throws ServletException,
                        IOException

Handles an HTTP GET request. Specified as final to maintain security.

Overrides:: doGet in class HttpServlet

Parameters:: req - an HttpServletRequest object that contains the request the client has made of the servlet.; rsp - an HttpServletResponse object that contains the response the servlet sends to the client.
Throws:: ServletException - an exception thrown if the request could not be handled.; IOException - an exception thrown if an input or output error is detected when the servlet handles the GET request.
Since:: J2SE 1.3
See Also:: doGetDispatch(com.opmath.util.http.HttpServletRequest)

doGetDispatch

protected String doGetDispatch(HttpServletRequest req)
                        throws Exception

Services an HTTP GET request, as handled by the superclass. This method is normally invoked when a GET request is made directly to the implementing servlet.

Overrides:: doGetDispatch in class HttpServlet

Parameters:: req - an com.opmath.util.http.HttpServletRequest created by doGet(HttpServletRequest, HttpServletResponse).
Returns:: A String carrying the report.
Throws:: Exception - if a subclass's method encounters any error state.
Since:: J2SE 1.3
See Also:: HttpServlet.doGet(HttpServletRequest, HttpServletResponse)

doPost

public final void doPost(HttpServletRequest req,
                         HttpServletResponse rsp)
                  throws ServletException,
                         IOException

Handles an HTTP POST request. As with the doPost(HttpServletRequest, HttpServletResponse) method on its superclass, the idea here is to do any essential preparatory work, then hand over control to the doPostDispatch(HttpServletRequest, HttpServletResponse) method of the subclass. Once the subclass's doPostDispatch(HttpServletRequest, HttpServletResponse)method has completed, any essantial cleaning up is done.

Specifically in this case, an attempt is made to authenticate and authorize the user by accessing the appropriate request fields, and passing these to the allowUser(String, String) method. If authentication and authoriztion are successful, a redirection takes place. Otherwise, doPostDispatch(com.opmath.util.http.HttpServletRequest) is executed.

Overrides:: doPost in class HttpServlet

Parameters:: req - a javax.servlet.http.HttpServletRequest carrying the request environmental variables.; rsp - a javax.servlet.http.HttpServletResponse carrying the response objects.
Throws:: ServletException - if the method encounters any method-internal error.; IOException - if one of the method's resources could not be used.
Since:: J2SE 1.3
See Also:: logOnAccount(), logOnPassword(), doPostDispatch(com.opmath.util.http.HttpServletRequest)

doPostDispatch

protected String doPostDispatch(HttpServletRequest req)
                         throws Exception

Services an HTTP POST request, as handled by doPost(HttpServletRequest, HttpServletResponse).

In parctice, this method will only be invoked when a redirection could not take place - that is, when either authenication failed, or authorization was declined. This method should be overriden by any real-world application.

Overrides:: doPostDispatch in class HttpServlet

Parameters:: req - an com.opmath.util.http.HttpServletRequest created by doPost(HttpServletRequest, HttpServletResponse).
Returns:: A String carrying the report.
Throws:: Exception - if a subclass's method encounters any error state.
Since:: J2SE 1.3
See Also:: doPost(HttpServletRequest, HttpServletResponse)

allowUser

protected boolean allowUser(String account,
                            String password)

Attempts to authenticate the requester, and authorize the requester's access.

This method always returns false - in other words, access is always denied. The method should be overriden by any real-world application.

Parameters:: account - a String carrying the value of the account name.; password - a String carrying value of the password.
Returns:: A boolean reporting access permission.
Since:: J2SE 1.3

getServletInfo

public String getServletInfo()

Returns a String carrying some information about the servlet. This method should be overridden by any subclass.

Overrides:: getServletInfo in class HttpServlet

Returns:: a String describing the class.
Since:: J2SE 1.3