org.apache.felix.webconsole.internal.servlet

Class BasicWebConsoleSecurityProvider

java.lang.Object

org.apache.felix.webconsole.internal.servlet.BasicWebConsoleSecurityProvider

All Implemented Interfaces:

WebConsoleSecurityProvider, WebConsoleSecurityProvider2

public class BasicWebConsoleSecurityProvider
extends Object
implements WebConsoleSecurityProvider2

Basic implementation of WebConsoleSecurityProvider to replace logic that was previously in OsgiManagerHttpContext

Field Summary

Fields inherited from interface org.apache.felix.webconsole.WebConsoleSecurityProvider2

USER_ATTRIBUTE

Constructor Summary

Constructors

Constructor and Description
BasicWebConsoleSecurityProvider(org.osgi.framework.BundleContext bundleContext, String username, String password, String realm)

Method Summary

Modifier and Type	Method and Description
boolean	authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Authenticates the given request or asks the client for credentials.
Object	authenticate(String username, String password) Authenticates the user with the given user name and password.
boolean	authorize(Object user, String role) All users authenticated with the repository are granted access for all roles in the Web Console.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BasicWebConsoleSecurityProvider

public BasicWebConsoleSecurityProvider(org.osgi.framework.BundleContext bundleContext,
                                       String username,
                                       String password,
                                       String realm)

Method Detail

authenticate

public Object authenticate(String username,
                           String password)

Description copied from interface: WebConsoleSecurityProvider

Authenticates the user with the given user name and password.

Specified by:

authenticate in interface WebConsoleSecurityProvider

Parameters:

username - The name of the user presented by the client

password - The password presented by the client

Returns:

Some object representing the authenticated user indicating general access to be granted to the web console. If the user cannot be authenticated (e.g. unknown user name or wrong password) or the user must not be allowed access to the web console at all null must be returned from this method.

authorize

public boolean authorize(Object user,
                         String role)

All users authenticated with the repository are granted access for all roles in the Web Console.

Specified by:

authorize in interface WebConsoleSecurityProvider

Parameters:

user - The object referring to the authenticated user. This is the object returned from the WebConsoleSecurityProvider.authenticate(String, String) method and will never be null.

role - The requested role

Returns:

true if the user is given permission for the given role.

authenticate

public boolean authenticate(javax.servlet.http.HttpServletRequest request,
                            javax.servlet.http.HttpServletResponse response)

Description copied from interface: WebConsoleSecurityProvider2

Authenticates the given request or asks the client for credentials.

Implementations of this method are expected to respect and implement the semantics of the HttpContext.handleSecurity method as specified in the OSGi HTTP Service specification.

If this method returns true it is assumed the request provided valid credentials identifying the user as accepted to access the web console. In addition, the WebConsoleSecurityProvider2.USER_ATTRIBUTE request attribute must be set to a non-null object reference identifying the authenticated user.

If this method returns false the request to the web console is terminated without any more response sent back to the client. That is the implementation is expected to have informed the client in case of non-granted access.

Specified by:

authenticate in interface WebConsoleSecurityProvider2

Parameters:

request - The request object

response - The response object

Returns:

true If the request provided valid credentials.