Package ch.tocco.nice2.web.core.api.auth

Class AuthenticatedServlet

java.lang.Object
jakarta.servlet.GenericServlet
jakarta.servlet.http.HttpServlet
ch.tocco.nice2.web.core.api.auth.SecureServlet
ch.tocco.nice2.web.core.api.auth.AuthenticatedServlet
All Implemented Interfaces:
jakarta.servlet.Servlet, jakarta.servlet.ServletConfig, Serializable
public abstract class AuthenticatedServlet extends SecureServlet

Base class for servlets that want to have each method run by an authenticated user. If a request to this servlet is made by anonymous user, the client is requested to authenticate using HTTP Basic authentication.

See Also:

  • Field Summary

    Fields inherited from class ch.tocco.nice2.web.core.api.auth.SecureServlet

    runEnvironmentService

    Fields inherited from class jakarta.servlet.http.HttpServlet

    LEGACY_DO_HEAD

  • Constructor Summary

    Constructors
    Constructor
    Description
    AuthenticatedServlet(RunEnvironmentService runEnvironmentService, SecureSettings settings)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected boolean
    authenticate(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse resp)
    Checks whether there is a valid (non-anonymous) principal on the thread.
    protected Principal
    getCurrentPrincipal()
    Gets the current non-anonymous principal from the thread.
    protected abstract String
    getRealm()
    Returns a string that names the authentication realm used for http basic authentication.
    protected void
    service(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse resp)
     
    void
    setUnauthorizedPath(String unauthorizedPath)
    Sets the path that is redirected to, if authentication fails.

    Methods inherited from class ch.tocco.nice2.web.core.api.auth.SecureServlet

    checkSecuredConnection

    Methods inherited from class jakarta.servlet.http.HttpServlet

    doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, init, service

    Methods inherited from class jakarta.servlet.GenericServlet

    destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

  • Method Details

    • setUnauthorizedPath

      public void setUnauthorizedPath(String unauthorizedPath)
      Sets the path that is redirected to, if authentication fails.
      Parameters:
      unauthorizedPath - the path to redirect on authentication error

    • getRealm

      protected abstract String getRealm()
      Returns a string that names the authentication realm used for http basic authentication.

    • service

      protected void service(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse resp) throws jakarta.servlet.ServletException, IOException
      Overrides:
      service in class SecureServlet
      Throws:
      jakarta.servlet.ServletException
      IOException

    • getCurrentPrincipal

      protected Principal getCurrentPrincipal() throws IllegalStateException
      Gets the current non-anonymous principal from the thread.
      Returns:
      current non-anonymous principal
      Throws:
      IllegalStateException - if no principal if found

    • authenticate

      protected boolean authenticate(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse resp) throws IOException, jakarta.servlet.ServletException
      Checks whether there is a valid (non-anonymous) principal on the thread. If not, it redirects the request to use http basic authentication.
      Parameters:
      req - the request
      resp - the response
      Returns:
      true if succesfully authenticated, false otherwise
      Throws:
      IOException
      jakarta.servlet.ServletException