Class AnonSecurityManager


public class AnonSecurityManager
extends AppSecurityManager

This extension of AppSecurityManager implements a 'mixed' Anonymous/Authenticated mode. That means that a user can authenticate himself, but is not required to do so. Until authentication information is available, the user works wit hthe implicit 'anonymous' identity and is authorized according to the privileges of that system account (which will in most cases be the default ACL (deny).
The account 'nobody' is used for the dummy SecurityManager.User object. It must exist in the authentication backend. This user should have an association with the role anonymous which should be granted sufficient access rights for the resource in question. Otherwise the request will of course be rejected.
The following special parameters are used by this SecurityManager:

$Id:,v 1.6 2002/12/01 22:38:56 muecke Exp $
Wolfram Saringer
See Also:

Inner classes inherited from class
SecurityManager.AccessRight, SecurityManager.Authorization, SecurityManager.Resource, SecurityManager.Role, SecurityManager.User
Fields inherited from class
Constructor Summary
Method Summary
 java.lang.String doLogin(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req)
          This method changes the behaviour of RoleSecurityManager by allowing anonymous access.
Methods inherited from class
checkAuth, checkoutConn, checkUser, destroy, getEmail, getId, getRoleGroup, getRoleGroupId, getUserById, getUserID, getUserStatus, init, returnConn
Methods inherited from class
authenticate, authorize, errorPage, getUser, getUserObj, getUserRoleGroup, getUserRoleGroupId, loginPage, loginPage, logout, signout, validate, validate
Methods inherited from class
addACL, getResource, hasAuth, isAnon, toUserStatus
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail


public AnonSecurityManager()
Method Detail


public java.lang.String doLogin(javax.servlet.ServletContext context,
                                javax.servlet.http.HttpServletRequest req)
This method changes the behaviour of RoleSecurityManager by allowing anonymous access. Authentication can be forced by adding a request parameter named 'ForceAuth' with any value. In this case the super classes doLogin() method is called which will show the usual login dialog. The placeholder User object is removed before the super method is called.
doLogin in class RoleSecurityManager
Following copied from class:
context - The servlet context.
req - The client request.
null in case everything is OK, an HTML login page otherwise.