JRunLoginCommand (BlazeDS

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

flex.messaging.security
Class JRunLoginCommand

java.lang.Object
  flex.messaging.security.AppServerLoginCommand
      flex.messaging.security.JRunLoginCommand

All Implemented Interfaces:: LoginCommand

public class JRunLoginCommand
extends AppServerLoginCommand
extends AppServerLoginCommand

A JRun 4 specific implementation of LoginCommand to manually authenticate a user with the current web-app container.

The JRun WebAppSecurityService is located for the current web-app's ServletEngineService JMX MBean.

If authenticated, the login command can also check if the user is authorized in a given list of roles.

Constructor Summary
`JRunLoginCommand()`

Method Summary
`Principal`	`doAuthentication(String username, Object credentials)` The gateway calls this method to perform programmatic, custom authentication.
`boolean`	`doAuthorization(Principal principal, List roles)` The gateway calls this method to perform programmatic authorization.
`boolean`	`logout(Principal principal)` Attempts to log a user out from their session.
`void`	`start(javax.servlet.ServletConfig servletConfig)` Called to initialize a login command prior to authentication/authorization requests.
`void`	`stop()` Called to free up resources used by the login command.

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

JRunLoginCommand

public JRunLoginCommand()

Method Detail

start

public void start(javax.servlet.ServletConfig servletConfig)

Called to initialize a login command prior to authentication/authorization requests.

Specified by:: start in interface LoginCommand
Overrides:: start in class AppServerLoginCommand

Parameters:: servletConfig - The servlet configuration for MessageBrokerServlet.

doAuthentication

public Principal doAuthentication(String username,
                                  Object credentials)
                           throws SecurityException

The gateway calls this method to perform programmatic, custom authentication.

The credentials are passed as a Map to allow for extra properties to be passed in the future. For now, only a "password" property is sent.

Parameters:: username - The principal being authenticated; credentials - A map, typically with string keys and values - holds, for example, a password
Returns:: principal for the authenticated user when authentication is successful; null otherwise
Throws:: SecurityException

doAuthorization

public boolean doAuthorization(Principal principal,
                               List roles)
                        throws SecurityException

The gateway calls this method to perform programmatic authorization.

This implementation will simply iterate over the supplied roles and check that at least one of the roles returned true from a call to HttpServletRequest.isUserInRole(String role).

Specified by:: doAuthorization in interface LoginCommand
Overrides:: doAuthorization in class AppServerLoginCommand

Parameters:: principal - The principal being checked for authorization; roles - A List of role names to check, all members should be strings
Returns:: true if the principal belongs to at least one of the roles
Throws:: SecurityException - Throws SecurityException

logout

public boolean logout(Principal principal)
               throws SecurityException

Attempts to log a user out from their session. NOTE: May not be possible on all application servers.

Parameters:: principal - The principal to logout.
Returns:: true when logout is successful
Throws:: SecurityException

stop

public void stop()

Called to free up resources used by the login command.

Specified by:: stop in interface LoginCommand
Overrides:: stop in class AppServerLoginCommand