com.ibm.as400.util.servlet
Class AuthenticationServlet

java.lang.Object
  javax.servlet.GenericServlet
      javax.servlet.http.HttpServlet
          com.ibm.as400.util.servlet.AuthenticationServlet

All Implemented Interfaces:

Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

Direct Known Subclasses:

AS400Servlet

public class AuthenticationServlet
extends javax.servlet.http.HttpServlet

AuthenticationServlet is an HttpServlet implementation that performs basic authentication for servlets. Subclasses should override the validateAuthority() method to perform the authentication. The bypassValidation() method can be overridden to authenticate only certain requests and the postValidation() method can be overridden for additional processing of the request after authenticating.

See Also:

Serialized Form

Constructor and Description

AuthenticationServlet()
Constructs a default AuthenticationServlet object.

AuthenticationServlet(String user, String password, String realm)
Constructs an AuthenticationServlet object with the specified user, password, and realm.

Method Summary

Modifier and Type	Method and Description
boolean	bypassAuthentication(javax.servlet.http.HttpServletRequest req) Method to check to see if authentication should be performed.
Log	getLog() Get the log object used for tracing and error logging.
String	getRealm() Retrieve the realm that was used for the authentication.
String	getUser() Retrieve the user that was used for the authentication.
void	init(javax.servlet.ServletConfig config) Servlet initialization.
void	log(Exception e, String msg) Log an exception and message to the event log.
void	log(String msg) Log a message to the event log.
boolean	postValidation(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) Method called after validation has occured.
void	service(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) Override the default service() method for HttpServlet.
void	setLog(Log log) Set the log object used for tracing and error logging.
void	setPassword(String password) Set the password.
void	setRealm(String realm) Set the realm that will be used for the authentication.
void	setUser(String user) Set the user ID.
boolean	validateAuthority(String realm, String uid, String pw) Method used to validate.

Methods inherited from class javax.servlet.http.HttpServlet

doDelete, doGet, doOptions, doPost, doPut, doTrace, getLastModified, service

Methods inherited from class javax.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, init, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticationServlet

public AuthenticationServlet()

Constructs a default AuthenticationServlet object.

AuthenticationServlet

public AuthenticationServlet(String user,
                             String password,
                             String realm)

Constructs an AuthenticationServlet object with the specified user, password, and realm.

Parameters:

user - The user ID to use.

password - The password for this user ID.

realm - The realm, which refers to the system name.

Method Detail

bypassAuthentication

public boolean bypassAuthentication(javax.servlet.http.HttpServletRequest req)

Method to check to see if authentication should be performed. The default implementation returns false. Subclasses that wish to implement authentication based on the URL can override this method, interrogate the request object and determine if authentication should be performed.

Parameters:

req - The HttpServletRequest object for this request.

Returns:

true if authentication should not be performed.

getLog

public Log getLog()

Get the log object used for tracing and error logging.

Returns:

The Log object to use for this servlet.

getUser

public String getUser()

Retrieve the user that was used for the authentication.

Returns:

The authenticated user ID.

getRealm

public String getRealm()

Retrieve the realm that was used for the authentication. For the IBM i system, the realm is the system name.

Returns:

The realm.

init

public void init(javax.servlet.ServletConfig config)
          throws javax.servlet.ServletException

Servlet initialization. The realm is initialized at this point to localhost. It can be overridden by the setRealm() method.

Specified by:

init in interface javax.servlet.Servlet

Overrides:

init in class javax.servlet.GenericServlet

Parameters:

config - The servlet configuration.

Throws:

javax.servlet.ServletException - A ServletException is thrown if a problem with the servlet occurs.

log

public void log(String msg)

Log a message to the event log.

Overrides:

log in class javax.servlet.GenericServlet

Parameters:

msg - The message to log.

log

public void log(Exception e,
                String msg)

Log an exception and message to the event log.

Parameters:

e - The exception to log.

msg - The message to log.

setLog

public void setLog(Log log)

Set the log object used for tracing and error logging.

Parameters:

log - The Log.

setPassword

public void setPassword(String password)

Set the password. This method can be used to set the password to a default password after bypassing authentication.

Parameters:

password - The password to use.

service

public void service(javax.servlet.http.HttpServletRequest req,
                    javax.servlet.http.HttpServletResponse resp)
             throws javax.servlet.ServletException,
                    IOException

Override the default service() method for HttpServlet. Subclasses should not override this method unless necessary. If a subclass overrides this method, it should call super.service() or authentication would not occur for the servlet.

Overrides:

service in class javax.servlet.http.HttpServlet

Parameters:

req - The HTTP servlet request.

resp - The HTTP servlet response.

Throws:

javax.servlet.ServletException - A ServletException is thrown if a problem with the servlet occurs.

IOException - An IOException is thrown if a communications error occurs.

setRealm

public void setRealm(String realm)

Set the realm that will be used for the authentication. For the IBM i system, the realm is the system name.

Parameters:

realm - The realm, which refers to the system name.

setUser

public void setUser(String user)

Set the user ID. This method can be used to set the user ID to a default user after bypassing authenticaiton.

Parameters:

user - The user ID to use.

validateAuthority

public boolean validateAuthority(String realm,
                                 String uid,
                                 String pw)
                          throws SecurityException,
                                 IOException

Method used to validate. The default implementation does nothing. Subclasses should override this method and implement appropriate validation scheme.

Parameters:

realm - The realm to validate against.

uid - The user ID to use for validation.

pw - The password to use for validation.

Returns:

true if the servlet should continue authenticating; false otherwise. The default is true;

Throws:

SecurityException - This exception should be thrown if validation fails.

IOException - This exception should be thrown if a communication error occurs during validation.

postValidation

public boolean postValidation(javax.servlet.http.HttpServletRequest req,
                              javax.servlet.http.HttpServletResponse resp)
                       throws javax.servlet.ServletException,
                              IOException

Method called after validation has occured. The default implementation does nothing. Subclasses should override this method to continue processing the request.

Parameters:

req - The HTTP servlet request.

resp - The HTTP servlet response.

Returns:

true if the servlet should continue authenticating; false otherwise. The default is true;

Throws:

javax.servlet.ServletException - A ServletException is thrown if a problem with the servlet occurs.

IOException - An IOException is thrown if a communications error occurs.