org.wicketstuff.security.hive.authentication

Class LoginContext

java.lang.Object

org.wicketstuff.security.hive.authentication.LoginContext

Direct Known Subclasses:

UsernamePasswordContext

public abstract class LoginContext
extends Object

A LoginContext is little more than a factory to create a Subject and can be discarded afterwards. Usually it contains some credentials such as username and password. Note that generally it is no a good idea to store those type of credentials in the session, so if you plan on keeping this context in the session be sure to clear them before you return a Subject in login(). Some applications will require you to login with two or more different LoginContexts before a user is fully authenticated. For that purpose a sortOrder is available in the context. which is used in descending order to pass authentication requests to the subjects until one of them authenticates. Sort orders are >=0 and are not required to have an interval of 1. For example 0, 5,6 are all perfectly legal sort orders for one user. Duplicates are also allowed, in that case they are queried in reverse order of login. The context also contains a flag to indicate if an additional login is allowed. Note that both the sort order and the additional login flag must be constant. Also note that all LoginContexts of the same class and with the same sort order are equal, thus for logoff you do not need to keep a reference to the context but can simply use a new instance.

Author:

marrink

See Also:

preventsAdditionalLogins()

Constructor Summary

Constructors

Constructor and Description
LoginContext() Constructs a context for single login applications.
LoginContext(boolean allowAdditionalLogings) Constructs a new context with sort order 0 and a customizable flag for preventing additional logins.
LoginContext(int sortOrder) Constructs a new context at the specified sort order.
LoginContext(int sortOrder, boolean allowAdditionalLogins) Constructs a new context with customizable sort order and flag for preventing additional logins.

Method Summary

Methods

Modifier and Type	Method and Description
boolean	equals(Object obj) A loginContext is equal to a LoginContext of the same class (not subclass) and level.
protected int	getSortOrder() Indicates the sort order of this context.
int	hashCode()
abstract Subject	login() Perform a login.
void	notifyLogoff(Subject subject) Callback to take some action after a subject has been logged off.
boolean	preventsAdditionalLogins() Signals that no additional context should be allowed to login.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LoginContext

public LoginContext()

Constructs a context for single login applications. At sortorder 0 and preventing additional logins.

LoginContext

public LoginContext(int sortOrder)

Constructs a new context at the specified sort order. Additional logins are prevented. This constructor is usually used in mult-login scenario's for the context with the the highest sort order.

Parameters:

sortOrder - a number of 0 or higher.

LoginContext

public LoginContext(boolean allowAdditionalLogings)

Constructs a new context with sort order 0 and a customizable flag for preventing additional logins. This constructor is mostly used in multi-login scenario's.

Parameters:

allowAdditionalLogings - indicates if this context allows multiple subjects for one user and thus allows the user to gain more permissions on the fly.

LoginContext

public LoginContext(int sortOrder,
            boolean allowAdditionalLogins)

Constructs a new context with customizable sort order and flag for preventing additional logins. This constructor is mostly used in multi-login scenario's.

Parameters:

sortOrder -

allowAdditionalLogins -

Method Detail

login

public abstract Subject login()
                       throws LoginException

Perform a login. If the login fails in any way a LoginException must be thrown rather then returning null. You should clear all sensitive data stored in this context before returning the subject or throwing an exception.

Returns:

a Subject, never null.

Throws:

LoginException - if an exception occurs or if the subject could not login for some other reason

getSortOrder

protected final int getSortOrder()

Indicates the sort order of this context. the higher the value the more you are authorized / authenticated for.

Returns:

the level

hashCode

public final int hashCode()

Overrides:

hashCode in class Object

See Also:

Object.hashCode()

equals

public final boolean equals(Object obj)

A loginContext is equal to a LoginContext of the same class (not subclass) and level.

Overrides:

equals in class Object

See Also:

Object.equals(java.lang.Object)

preventsAdditionalLogins

public boolean preventsAdditionalLogins()

Signals that no additional context should be allowed to login. The return value must be constant from one invocation to another for this instance. This flag is checked once by the container immediately after login(). Note in a multi login environment you will want your logincontext with the highest possible sort order to prevent additional logins. In a single login environment your logincontext should always prevent additional logins.

Returns:

true if you do not want additional logins for this session, false otherwise.

notifyLogoff

public void notifyLogoff(Subject subject)

Callback to take some action after a subject has been logged off. Note that the LoginContext receiving this notification is not necessarily the same instance that created the subject. This is because Swarm does not store LoginContexts as they may contain sensitive data. By default this method does nothing.

Parameters:

subject - the user that has just been logged off