Package org.opencms.security

Class CmsPersistentLoginAuthorizationHandler

java.lang.Object

org.opencms.main.A_CmsAuthorizationHandler

org.opencms.security.CmsDefaultAuthorizationHandler

org.opencms.security.CmsPersistentLoginAuthorizationHandler

All Implemented Interfaces:

I_CmsAuthorizationHandler

public class CmsPersistentLoginAuthorizationHandler
extends CmsDefaultAuthorizationHandler

Authorization handler which uses a special cookie sent by the user's browser for authorization.

The cookie contains a user's name and a key. It will only log that user in if there is a key matching the key from the cookie in the user's additional info map, and if additional info value, when interpreted as a time, is greater than the current time returned by System.currentTimeMillis().

Nested Class Summary

Nested classes/interfaces inherited from interface org.opencms.security.I_CmsAuthorizationHandler

I_CmsAuthorizationHandler.I_PrivilegedLoginAction

Field Summary

Fields

Modifier and Type	Field	Description
static final String	COOKIE_NAME	The name of the cookie.

Fields inherited from class org.opencms.security.CmsDefaultAuthorizationHandler

AUTHORIZATION_BASIC_PREFIX, HEADER_AUTHORIZATION, PARAM_ENCRYPTED_REQUESTED_RESOURCE, PARAM_HTTP_BASICAUTH_USESTARTSETTINGS_PATHS, PARAM_HTTP_BASICAUTH_USESTARTSETTINGS_USERS, SEPARATOR_CREDENTIALS

Fields inherited from class org.opencms.main.A_CmsAuthorizationHandler

m_parameters

Constructor Summary

Constructors

Constructor	Description
CmsPersistentLoginAuthorizationHandler()

Method Summary

Modifier and Type	Method	Description
CmsObject	initCmsObject(javax.servlet.http.HttpServletRequest request, I_CmsAuthorizationHandler.I_PrivilegedLoginAction loginAction)	Creates a new cms object from the given request object.
CmsObject	initCmsObjectFromToken(javax.servlet.http.HttpServletRequest request, I_CmsAuthorizationHandler.I_PrivilegedLoginAction loginAction)	Tries to initialize the CmsObject from a login token given as a cookie in the request.

Methods inherited from class org.opencms.security.CmsDefaultAuthorizationHandler

checkBasicAuthorization, checkPath, checkUser, getLoginFormURL, initCmsObject, initCmsObject, requestAuthorization, shouldUseStartSettingsForHttpBasicAuth

Methods inherited from class org.opencms.main.A_CmsAuthorizationHandler

initCmsObjectFromSession, registerSession, setParameters

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

COOKIE_NAME

public static final String COOKIE_NAME

The name of the cookie.

See Also:

• Constant Field Values

Constructor Details

CmsPersistentLoginAuthorizationHandler

public CmsPersistentLoginAuthorizationHandler()

Method Details

initCmsObject

public CmsObject initCmsObject(javax.servlet.http.HttpServletRequest request,
 I_CmsAuthorizationHandler.I_PrivilegedLoginAction loginAction)

Description copied from interface: I_CmsAuthorizationHandler

Creates a new cms object from the given request object.

This method is called by OpenCms every time a resource is requested and the session can not automatically be authenticated.

Specified by:

initCmsObject in interface I_CmsAuthorizationHandler

Overrides:

initCmsObject in class CmsDefaultAuthorizationHandler

Parameters:

request - the HTTP request to authenticate

loginAction - the privileged login action

Returns:

the cms context object associated to the current session

See Also:

• CmsDefaultAuthorizationHandler.initCmsObject(javax.servlet.http.HttpServletRequest, org.opencms.security.I_CmsAuthorizationHandler.I_PrivilegedLoginAction)

initCmsObjectFromToken

public CmsObject initCmsObjectFromToken(javax.servlet.http.HttpServletRequest request,
 I_CmsAuthorizationHandler.I_PrivilegedLoginAction loginAction)

Tries to initialize the CmsObject from a login token given as a cookie in the request.

Parameters:

request - the request

loginAction - the privileged login action

Returns:

the initialized CmsObject, or null if the user couldn't be authenticated using the login token cookie