AuthExampleServlet (Tynamo(TM)-SNAP API)

Overview

Package

Class

Tree

Deprecated

Index

Help

Tynamo™-SNAP
v1.0.4

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.qindesign.servlet.example
Class AuthExampleServlet

java.lang.Object
  javax.servlet.GenericServlet
      javax.servlet.http.HttpServlet
          com.qindesign.servlet.AuthenticatedHttpServlet
              com.qindesign.servlet.example.AuthExampleServlet

All Implemented Interfaces:: com.qindesign.snap.http.Authenticator.Authorizer, Servlet, ServletConfig, SingleThreadModel

public class AuthExampleServlet
extends AuthenticatedHttpServlet
implements SingleThreadModel
extends AuthenticatedHttpServlet
implements SingleThreadModel

Example of an authenticated servlet. The realm is "Realm", and the username and password are "test" and "test".

This servlet implements SingleThreadModel so that the call to isAuthExpired happens for the same request as doGet. This is only necessary, however, if more than one request will be made to this servlet at the same time.

Version:: 1.0.4
Author:: Shawn Silverman

Constructor Summary
`AuthExampleServlet()`

Method Summary
`protected void`	`doGet(HttpServletRequest req, HttpServletResponse resp)` Authorized GET.
`protected void`	`doPost(HttpServletRequest req, HttpServletResponse resp)` Authorized POST.
`protected void`	`doUnauthorizedGet(HttpServletRequest req, HttpServletResponse resp)` Unauthorized GET request.
`protected void`	`doUnauthorizedPost(HttpServletRequest req, HttpServletResponse resp)` Unauthorized POST request.
`String`	`getPassword(String realm, String user)` Required method.
`String`	`getRealm(HttpServletRequest req)` Required method.
`boolean`	`isAuthExpired(long age, HttpServletRequest req)` Checks if the authorization is expired for the given request.

Methods inherited from class com.qindesign.servlet.AuthenticatedHttpServlet
`authorizedService, doUnauthorizedDelete, doUnauthorizedHead, doUnauthorizedOptions, doUnauthorizedPut, doUnauthorizedTrace, getDefaultScheme, getProperty, isSchemeAcceptable, service, service, unauthorizedService`

Methods inherited from class javax.servlet.http.HttpServlet
`doDelete, doOptions, doPut, doTrace, getLastModified`

Methods inherited from class javax.servlet.GenericServlet
`destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, init, log, log`

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

AuthExampleServlet

public AuthExampleServlet()

Method Detail

getRealm

public String getRealm(HttpServletRequest req)

Required method. Gets the realm based on the request. This returns "Realm".

Specified by:: getRealm in interface com.qindesign.snap.http.Authenticator.Authorizer
Specified by:: getRealm in class AuthenticatedHttpServlet

Parameters:: req - the request
Returns:: "Realm".
See Also:: Authenticator.Authorizer

getPassword

public String getPassword(String realm,
                          String user)

Required method. This gets the password for the specified user in the given realm. This checks against "Realm" for the realm, and "test" for the username. The realm should be treated case-insensitively.

Specified by:: getPassword in interface com.qindesign.snap.http.Authenticator.Authorizer
Specified by:: getPassword in class AuthenticatedHttpServlet

Parameters:: realm - the protection space, a case-insensitive value; user - the username
Returns:: the password for the user "test" in the realm "Realm".

isAuthExpired

public boolean isAuthExpired(long age,
                             HttpServletRequest req)

Checks if the authorization is expired for the given request. If the request was successfully authenticated, then this stores the age for display in the response.

This is used by Digest authentication.

Specified by:: isAuthExpired in interface com.qindesign.snap.http.Authenticator.Authorizer
Overrides:: isAuthExpired in class AuthenticatedHttpServlet

Parameters:: age - the age, in ms, of the authorization; req - the request
Returns:: true if the age is greater than 20 seconds.
See Also:: Section 4.3 "Limited Use Nonce Values", RFC 2617, p.21

doGet

protected void doGet(HttpServletRequest req,
                     HttpServletResponse resp)
              throws ServletException,
                     IOException

Authorized GET. This displays a simple message indicating that protected data was accessed.

Overrides:: doGet in class HttpServlet

Throws:: ServletException; IOException

doPost

protected void doPost(HttpServletRequest req,
                      HttpServletResponse resp)
               throws ServletException,
                      IOException

Authorized POST. This calls doGet.

Overrides:: doPost in class HttpServlet

Throws:: ServletException; IOException

doUnauthorizedGet

protected void doUnauthorizedGet(HttpServletRequest req,
                                 HttpServletResponse resp)
                          throws ServletException,
                                 IOException

Unauthorized GET request. This informs the user that the request was unauthorized.

Overrides:: doUnauthorizedGet in class AuthenticatedHttpServlet

Throws:: ServletException; IOException

doUnauthorizedPost

protected void doUnauthorizedPost(HttpServletRequest req,
                                  HttpServletResponse resp)
                           throws ServletException,
                                  IOException

Unauthorized POST request. This calls doUnauthorizedGet.