com.ibm.wps.portletservice.credentialvault.credentials
Class HttpFormBasedAuthCredential
java.lang.Object
|
+--com.ibm.wps.portletservice.credentialvault.credentials.Credential
|
+--com.ibm.wps.portletservice.credentialvault.credentials.ActiveCredential
|
+--com.ibm.wps.portletservice.credentialvault.credentials.UserPasswordCredential
|
+--com.ibm.wps.portletservice.credentialvault.credentials.HttpFormBasedAuthCredential
- All Implemented Interfaces:
- java.io.Serializable
- public class HttpFormBasedAuthCredential
- extends UserPasswordCredential
Credential for authenticating at the back-end via http form based authentication.
To be used in following way:
- Construct (initialize) the credential
- Call login method to authenticate at the back-end system
- Get an authenticated HttpURLConnection from the Credential
- Do business calls over the authenticated connection
- Finally call logout method to logout at the back-end system
Preconditions:
- the configuration data passed to the constructor must define following values:
KEY_USER_ID_ATTRIBUTE, KEY_PASSWORD_ATTRIBUTE, KEY_LOGIN_POST_URL, KEY_LOGOUT_GET_URL, KEY_FORM_DATA and KEY_USE_AUTH_COOKIES
(in addition to the ones required by
UserPasswordCredential)
- loginPostUrl and logoutGetUrl must use HTTP
Assumptions:
- The logout is performed through a HTTP GET request to the logout url
- If the Url uses SSL (https://) the JSSE has already been registered
- If the security information being returned on successful login is not a cookie but url parameters (i.e. URL rewriting is used),
then it is assumed that the response to a successful login is an http redirect (the redirect URL can be found in the header field 'Location').
- See Also:
- Serialized Form
|
Method Summary |
java.net.HttpURLConnection |
getAuthenticatedConnection(java.lang.String url)
Returns a new HttpURLConnection with added authentication data. |
java.net.HttpURLConnection |
getAuthenticatedConnection(java.net.URL url)
Returns a new HttpURLConnection with added authentication data. |
void |
init(java.util.Map config)
Creates a new HttpFormBasedAuthCredential. |
java.net.HttpURLConnection |
login()
Performs the HTTP form based login. |
java.net.HttpURLConnection |
logout()
Performs the logout through an HTTP GET request to the logoutUrl. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
KEY_USERID_ATTRIBUTE_NAME
public static final java.lang.String KEY_USERID_ATTRIBUTE_NAME
KEY_PASSWORD_ATTRIBUTE_NAME
public static final java.lang.String KEY_PASSWORD_ATTRIBUTE_NAME
KEY_LOGIN_URL
public static final java.lang.String KEY_LOGIN_URL
KEY_LOGOUT_URL
public static final java.lang.String KEY_LOGOUT_URL
KEY_FORM_DATA
public static final java.lang.String KEY_FORM_DATA
KEY_USE_AUTH_COOKIES
public static final java.lang.String KEY_USE_AUTH_COOKIES
HttpFormBasedAuthCredential
public HttpFormBasedAuthCredential()
init
public void init(java.util.Map config)
throws java.lang.Exception
- Creates a new HttpFormBasedAuthCredential.
- Overrides:
init in class UserPasswordCredential
- Parameters:
Map - The configuration that is needed to initialize this credential:
- KEY_CREDENTIAL_SECRET UserPasswordCredentialSecret - the credential's secret (mandatory)
- KEY_USERID_ATTRIBUTE_NAME String - the name under which the user id is posted (mandatory)
- KEY_PASSWORD_ATTRIBUTE_NAME String - the name under which the user password is posted (mandatory)
- KEY_LOGIN_URL String - the url to which the login data is posted (mandatory)
- KEY_LOGOUT_URL String - the url to which an HTTP GET request is send in order to log out the user (mandatory)
- KEY_USE_AUTH_COOKIES Boolean - specifies whether the authentication data are cookies [true] or URL rewriting [false] (mandatory)
- KEY_FORM_DATA List - any additional
name=value pairs that need to be posted with the login POST (optional)
- Throws:
java.lang.Exception - If any mandatory parameter is missing or has a wrong object type as value.
login
public java.net.HttpURLConnection login()
throws java.io.IOException
- Performs the HTTP form based login.
- Returns:
- HttpURLConnection
The connection that was used for the login POST request.
- Throws:
java.io.IOException - if the login failed or no cookie has been returned.
logout
public java.net.HttpURLConnection logout()
throws java.io.IOException
- Performs the logout through an HTTP GET request to the logoutUrl.
- Returns:
- HttpURLConnection
The connection that was used for the logou GET request.
- Throws:
java.io.IOException - if the logout failed or credential status is not 'logged in'.
getAuthenticatedConnection
public java.net.HttpURLConnection getAuthenticatedConnection(java.lang.String url)
throws java.io.IOException
- Returns a new HttpURLConnection with added authentication data.
- Parameters:
String - the traget URL for the connection.- Returns:
- HttpURLConnection
A new authenticated (and yet uncommitted) connection.
- Throws:
java.io.IOException - thrown if anything unexpected happens.
getAuthenticatedConnection
public java.net.HttpURLConnection getAuthenticatedConnection(java.net.URL url)
throws java.io.IOException
- Returns a new HttpURLConnection with added authentication data.
- Parameters:
URL - the traget URL for the connection. Note that it need not be opened yet.
Note also that this method may only be called if cookies are used for authentication.- Returns:
- HttpURLConnection
A new authenticated (and yet uncommitted) connection.
- Throws:
java.io.IOException - thrown if anything unexpected happens.