org.apache.sling.auth.core.spi

Class DefaultAuthenticationFeedbackHandler

java.lang.Object

org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler

All Implemented Interfaces:

AuthenticationFeedbackHandler

Direct Known Subclasses:

AbstractAuthenticationHandler

public class DefaultAuthenticationFeedbackHandler
extends java.lang.Object
implements AuthenticationFeedbackHandler

Constructor Summary

Constructors

Constructor and Description
DefaultAuthenticationFeedbackHandler()

Method Summary

Modifier and Type	Method and Description
void	authenticationFailed(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationInfo authInfo) This default implementation does nothing.
boolean	authenticationSucceeded(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationInfo authInfo) This default implementation calls the handleRedirect(HttpServletRequest, HttpServletResponse) method to optionally redirect the request after successful authentication.
static boolean	handleRedirect(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Handles an optional request for a redirect after successful authentication and true if the request has been redirected.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultAuthenticationFeedbackHandler

public DefaultAuthenticationFeedbackHandler()

Method Detail

handleRedirect

public static boolean handleRedirect(javax.servlet.http.HttpServletRequest request,
                                     javax.servlet.http.HttpServletResponse response)

Handles an optional request for a redirect after successful authentication and true if the request has been redirected.

This method checks AuthenticationSupport.REDIRECT_PARAMETER request parameter for the redirect target. This parameter is handled as follows:

• If the parameter does not exist, the method does not redirect and false is returned.
• If the parameter is the string true or is empty, a redirect response to the request URI (HttpServletRequest.getRequestURI()) is sent and true is returned.
• If the parameter is a relative path, the path is made absolute by resolving it relative to the request URI (HttpServletRequest.getRequestURI()). The resulting target is validated with the AbstractAuthenticationHandler.isRedirectValid(HttpServletRequest, String) method. If valid a redirect to that target is sent back and true is returned. Otherwise a redirect to the servlet context root is sent back and true is returned.
• If the parameter is an absolute path it is validated with the AbstractAuthenticationHandler.isRedirectValid(HttpServletRequest, String) method. If valid a redirect to that path is sent back and true is returned. Otherwise a redirect to the servlet context root is sent back and true is returned.

If sending the redirect response fails due to some IO problems, the request is still terminated but an error message is logged indicating the problem.

Parameters:

request - The servlet request

response - The servlet response

Returns:

true if redirect was requested. Otherwise false is returned. Note, that true is returned regardless of whether sending the redirect response succeeded or not.

Since:

1.0.4 (bundle version 1.0.8) the target is validated with the AbstractAuthenticationHandler.isRedirectValid(HttpServletRequest, String) method.

authenticationFailed

public void authenticationFailed(javax.servlet.http.HttpServletRequest request,
                                 javax.servlet.http.HttpServletResponse response,
                                 AuthenticationInfo authInfo)

This default implementation does nothing.

Extensions of this class may overwrite to cleanup any internal state.

Specified by:

authenticationFailed in interface AuthenticationFeedbackHandler

Parameters:

request - The current request

response - The current response

authInfo - The AuthenticationInfo object used to authenticate the request.

authenticationSucceeded

public boolean authenticationSucceeded(javax.servlet.http.HttpServletRequest request,
                                       javax.servlet.http.HttpServletResponse response,
                                       AuthenticationInfo authInfo)

This default implementation calls the handleRedirect(HttpServletRequest, HttpServletResponse) method to optionally redirect the request after successful authentication.

Extensions of this class may overwrite this method to perform additional cleanup etc.

Specified by:

authenticationSucceeded in interface AuthenticationFeedbackHandler

Parameters:

request - The current request

response - The current response

authInfo - The AuthenticationInfo object used to authenticate the request.

Returns:

the result of calling the handleRedirect(HttpServletRequest, HttpServletResponse) method.