: Class AnonSecurityManager

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.xmlserv.app
Class AnonSecurityManager

java.lang.Object
  |
  +--com.xmlserv.security.SecurityManager
        |
        +--com.xmlserv.security.RoleSecurityManager
              |
              +--com.xmlserv.app.AppSecurityManager
                    |
                    +--com.xmlserv.app.AnonSecurityManager

public class AnonSecurityManager
extends AppSecurityManager

This extension of AppSecurityManager implements a 'mixed' Anonymous/Authenticated mode. That means that a user can authenticate himself, but is not required to do so. Until authentication information is available, the user works wit hthe implicit 'anonymous' identity and is authorized according to the privileges of that system account (which will in most cases be the default ACL (deny).
The account 'nobody' is used for the dummy SecurityManager.User object. It must exist in the authentication backend. This user should have an association with the role anonymous which should be granted sufficient access rights for the resource in question. Otherwise the request will of course be rejected.
The following special parameters are used by this SecurityManager:

ForceAuth will show the usual authentication dialog by callign the superclass method after removing the dummy SecurityManager.User object from the session context.
ForceLogout will replace the current SecurityManager.User object with an anonymous user object.

Version:: $Id: AnonSecurityManager.java,v 1.6 2002/12/01 22:38:56 muecke Exp $
Author:: Wolfram Saringer
See Also:: AppSecurityManager

Inner classes inherited from class com.xmlserv.security.SecurityManager

SecurityManager.AccessRight, SecurityManager.Authorization, SecurityManager.Resource, SecurityManager.Role, SecurityManager.User

Fields inherited from class com.xmlserv.security.SecurityManager

DELETE, INSERT, SELECT, UPDATE

Constructor Summary

AnonSecurityManager()

Method Summary

java.lang.String doLogin(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req)
This method changes the behaviour of RoleSecurityManager by allowing anonymous access.

Methods inherited from class com.xmlserv.app.AppSecurityManager

checkAuth, checkoutConn, checkUser, destroy, getEmail, getId, getRoleGroup, getRoleGroupId, getUserById, getUserID, getUserStatus, init, returnConn

Methods inherited from class com.xmlserv.security.RoleSecurityManager

authenticate, authorize, errorPage, getUser, getUserObj, getUserRoleGroup, getUserRoleGroupId, loginPage, loginPage, logout, signout, validate, validate

Methods inherited from class com.xmlserv.security.SecurityManager

addACL, getResource, hasAuth, isAnon, toUserStatus

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AnonSecurityManager

public AnonSecurityManager()

Method Detail

doLogin

public java.lang.String doLogin(javax.servlet.ServletContext context,
                                javax.servlet.http.HttpServletRequest req)

This method changes the behaviour of RoleSecurityManager by allowing anonymous access. Authentication can be forced by adding a request parameter named 'ForceAuth' with any value. In this case the super classes doLogin() method is called which will show the usual login dialog. The placeholder User object is removed before the super method is called.

Overrides:: doLogin in class RoleSecurityManager

Following copied from class: com.xmlserv.security.RoleSecurityManager

Parameters:: context - The servlet context.; req - The client request.
Returns:: null in case everything is OK, an HTML login page otherwise.