org.apache.wicket.authentication
Class AuthenticatedWebSession

java.lang.Object
  extended by org.apache.wicket.Session
      extended by org.apache.wicket.protocol.http.WebSession
          extended by org.apache.wicket.authentication.AuthenticatedWebSession
All Implemented Interfaces:
Serializable, IClusterable
Direct Known Subclasses:
MyAuthenticatedWebSession

public abstract class AuthenticatedWebSession
extends WebSession

Basic authenticated web session. Subclasses must provide a method that authenticates the session based on a username and password, and a method implementation that gets the Roles

Author:
Jonathan Locke
See Also:
Serialized Form

Nested Class Summary
 
Nested classes/interfaces inherited from class org.apache.wicket.Session
Session.IPageMapVisitor, Session.PageMapAccessMetaData
 
Field Summary
 
Fields inherited from class org.apache.wicket.Session
PAGEMAP_ACCESS_MDK, SESSION_ATTRIBUTE_NAME
 
Constructor Summary
AuthenticatedWebSession(AuthenticatedWebApplication application, Request request)
          Deprecated. Use AuthenticatedWebSession(Request)
AuthenticatedWebSession(Request request)
          Construct.
 
Method Summary
abstract  boolean authenticate(String username, String password)
          Authenticates this session using the given username and password
static AuthenticatedWebSession get()
           
abstract  Roles getRoles()
           
 boolean isSignedIn()
           
protected  void signIn(boolean value)
          Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user.
 boolean signIn(String username, String password)
          Signs user in by authenticating them with a username and password
 void signOut()
          Sign the user out.
 
Methods inherited from class org.apache.wicket.protocol.http.WebSession
cleanupComponentFeedbackMessages, cleanupFeedbackMessages, isCurrentRequestValid
 
Methods inherited from class org.apache.wicket.Session
attach, bind, clear, createAutoPageMap, createAutoPageMapName, currentCreateAutoPageMapCounter, detach, dirty, error, exists, findOrCreate, findOrCreate, getApplication, getAttribute, getAttributeNames, getAuthorizationStrategy, getAutoPageMapNamePrefix, getAutoPageMapNameSuffix, getClassResolver, getClientInfo, getDefaultPageMap, getFeedbackMessages, getId, getLocale, getMetaData, getPage, getPage, getPageFactory, getPageMaps, getSessionStore, getSizeInBytes, getStyle, incrementCreateAutoPageMapCounter, info, invalidate, invalidateNow, isSessionInvalidated, isTemporary, newPageMap, nextPageId, nextSequenceValue, pageMapForName, removeAttribute, removePageMap, replaceSession, set, setApplication, setAttribute, setClientInfo, setLocale, setMetaData, setStyle, touch, unset, untouch, update, visitPageMaps, warn
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AuthenticatedWebSession

@Deprecated
public AuthenticatedWebSession(AuthenticatedWebApplication application,
                                          Request request)
Deprecated. Use AuthenticatedWebSession(Request)

Construct.

Parameters:
application - The web application
request - The current request object

AuthenticatedWebSession

public AuthenticatedWebSession(Request request)
Construct.

Parameters:
request - The current request object
Method Detail

get

public static AuthenticatedWebSession get()
Returns:
Current authenticated web session

authenticate

public abstract boolean authenticate(String username,
                                     String password)
Authenticates this session using the given username and password

Parameters:
username - The username
password - The password
Returns:
True if the user was authenticated successfully

getRoles

public abstract Roles getRoles()
Returns:
Get the roles that this session can play

isSignedIn

public final boolean isSignedIn()
Returns:
True if the user is signed in to this session

signIn

public final boolean signIn(String username,
                            String password)
Signs user in by authenticating them with a username and password

Parameters:
username - The username
password - The password
Returns:
True if the user was signed in successfully

signOut

public void signOut()
Sign the user out.


signIn

protected final void signIn(boolean value)
Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user. This method is meant to support these use cases. It is protected (and not public) to enforce that cookie based authentication gets implemented in a subclass (like you need to subclass authenticate() for 'normal' authentication).

Parameters:
value -
See Also:
authenticate(String, String)


Copyright © 2004-2011 Apache Software Foundation. All Rights Reserved.