Package org.apache.wicket.authroles.authentication

Class AuthenticatedWebSession

  • All Implemented Interfaces:
    Serializable, org.apache.wicket.event.IEventSink, org.apache.wicket.feedback.IFeedbackContributor, org.apache.wicket.IMetadataContext<Serializable,​org.apache.wicket.Session>, org.apache.wicket.util.io.IClusterable
    public abstract class AuthenticatedWebSession
extends AbstractAuthenticatedWebSession
    Basic authenticated web session. Subclasses must provide a method that authenticates the session based on a username and password, and a method implementation that gets the Roles
    Author:
    Jonathan Locke
    See Also:
    Serialized Form

    • Field Summary

      • Fields inherited from class org.apache.wicket.Session

        clientInfo, SESSION_ATTRIBUTE_NAME

    • Constructor Summary

      Constructors 
      Constructor Description
      AuthenticatedWebSession​(org.apache.wicket.request.Request request)
      Construct.

    • Method Summary

      All Methods Static Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      protected abstract boolean authenticate​(String username, String password)
      Actual authentication check, has to be implemented by subclasses.
      static AuthenticatedWebSession get()  
      void invalidate()
      Call signOut() and remove the logon data from where ever they have been persisted (e.g.
      boolean isSignedIn()  
      protected void signIn​(boolean value)
      Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user.
      boolean signIn​(String username, String password)
      Try to sign in the user.
      void signOut()
      Sign the user out.

      • Methods inherited from class org.apache.wicket.protocol.http.WebSession

        generateNewSessionId, getClientInfo, newBrowserInfoPage

      • Methods inherited from class org.apache.wicket.Session

        bind, changeSessionId, clear, debug, detach, dirty, dirty, endRequest, error, exists, fatal, getApplication, getAttribute, getAttributeNames, getAuthorizationStrategy, getClassResolver, getFeedbackMessages, getId, getLocale, getMetaData, getPageFactory, getPageManager, getSessionStore, getSizeInBytes, getStyle, info, internalDetach, invalidateNow, isRtlLanguage, isRtlLocale, isSessionInvalidated, isTemporary, newPageAccessSynchronizer, nextPageId, nextSequenceValue, onEvent, onInvalidate, removeAttribute, replaceSession, setAttribute, setClientInfo, setLocale, setMetaData, setStyle, success, warn

    • Constructor Detail

      • AuthenticatedWebSession

        public AuthenticatedWebSession​(org.apache.wicket.request.Request request)
        Construct.
        Parameters:
        request - The current request object

    • Method Detail

      • signIn

        public final boolean signIn​(String username,
                            String password)
        Try to sign in the user. It'll call authenticate(String, String) to do the real work and that is what you need to subclass to provide your own authentication mechanism.
        Parameters:
        username -
        password -
        Returns:
        true, if logon was successful

      • authenticate

        protected abstract boolean authenticate​(String username,
                                        String password)
        Actual authentication check, has to be implemented by subclasses.
        Parameters:
        username - The username
        password - The password
        Returns:
        True if the user was authenticated successfully

      • signIn

        protected final void signIn​(boolean value)
        Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user. This method is meant to support these use cases. It is protected (and not public) to enforce that cookie based authentication gets implemented in a subclass (like you need to implement authenticate(String, String) for 'normal' authentication).
        Parameters:
        value -
        See Also:
        authenticate(String, String)

      • invalidate

        public void invalidate()
        Call signOut() and remove the logon data from where ever they have been persisted (e.g. Cookies)
        Overrides:
        invalidate in class org.apache.wicket.protocol.http.WebSession