org.apache.wicket.authroles.authentication
Class AuthenticatedWebSession
java.lang.Object
org.apache.wicket.Session
org.apache.wicket.protocol.http.WebSession
org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession
org.apache.wicket.authroles.authentication.AuthenticatedWebSession
- All Implemented Interfaces:
- java.io.Serializable, IEventSink, IClusterable
- Direct Known Subclasses:
- LibrarySession, MyAuthenticatedWebSession, SignIn2Session, SignInSession
public abstract class AuthenticatedWebSession
- extends AbstractAuthenticatedWebSession
Basic authenticated web session. Subclasses must provide a method that authenticates the session
based on a username and password, and a method implementation that gets the Roles
- Author:
- Jonathan Locke
- See Also:
- Serialized Form
Method Summary |
static AuthenticatedWebSession |
get()
|
void |
invalidate()
Call signOut() and remove the logon data from where ever they have been persisted (e.g. |
boolean |
isSignedIn()
|
protected void |
signIn(boolean value)
Cookie based logins (remember me) may not rely on putting username and password into the
cookie but something else that safely identifies the user. |
boolean |
signIn(java.lang.String username,
java.lang.String password)
Try to logon the user. |
void |
signOut()
Sign the user out. |
Methods inherited from class org.apache.wicket.Session |
bind, clear, debug, detach, dirty, error, exists, fatal, getApplication, getAttribute, getAttributeNames, getAuthorizationStrategy, getClassResolver, getFeedbackMessages, getId, getLocale, getMetaData, getPageFactory, getPageManager, getSessionStore, getSizeInBytes, getStyle, info, internalDetach, invalidateNow, isCurrentRequestValid, isSessionInvalidated, isTemporary, nextPageId, nextSequenceValue, onEvent, removeAttribute, replaceSession, setAttribute, setClientInfo, setLocale, setMetaData, setStyle, success, warn |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
AuthenticatedWebSession
public AuthenticatedWebSession(Request request)
- Construct.
- Parameters:
request
- The current request object
get
public static AuthenticatedWebSession get()
- Returns:
- Current authenticated web session
signIn
public final boolean signIn(java.lang.String username,
java.lang.String password)
- Try to logon the user. It'll call
WebSession.authenticate(String, String)
to do the real work
and that is what you need to subclass to provide your own authentication mechanism.
- Parameters:
username
- password
-
- Returns:
- true, if logon was successful
signIn
protected final void signIn(boolean value)
- Cookie based logins (remember me) may not rely on putting username and password into the
cookie but something else that safely identifies the user. This method is meant to support
these use cases.
It is protected (and not public) to enforce that cookie based authentication gets implemented
in a subclass (like you need to subclass authenticate() for 'normal' authentication).
- Parameters:
value
- - See Also:
WebSession.authenticate(String, String)
isSignedIn
public final boolean isSignedIn()
- Specified by:
isSignedIn
in class AbstractAuthenticatedWebSession
- Returns:
- true, if user is signed in
signOut
public void signOut()
- Sign the user out.
invalidate
public void invalidate()
- Call signOut() and remove the logon data from where ever they have been persisted (e.g.
Cookies)
- Overrides:
invalidate
in class WebSession
- See Also:
Session.invalidate()
Copyright © 2006-2011 Apache Software Foundation. All Rights Reserved.