org.restlet.ext.openid
Class RedirectAuthenticator

java.lang.Object
  extended by org.restlet.Restlet
      extended by org.restlet.routing.Filter
          extended by org.restlet.security.Authenticator
              extended by org.restlet.ext.openid.RedirectAuthenticator
All Implemented Interfaces:
Uniform

public class RedirectAuthenticator
extends Authenticator

An authenticator that redirects the authentication to some external resource. After successful authentication, it will do a redirect to the original request resourceRef. The RedirectAuthenticator keeps track of state using a session cookie which is not automatically cleaned. The typical use case for this Authenticator is to do remote authentication using OpenID. The RedirectAuthenticator has the following logic based on Verifier returns:

  1. If the verifier returns Verifier.RESULT_VALID it will clean up any unneeded cookies and do a Response.redirectPermanent(org.restlet.data.Reference) to the original resource
  2. If the result is Verifier.RESULT_INVALID or Verifier.RESULT_UNKNOWN it will clean up all cookies and call forbid (default behavior to set Status.CLIENT_ERROR_FORBIDDEN if no errorResource has been set)
  3. If the result is any other it will clean up the identifierCookie.
 
 

Author:
Martin Svensson

Field Summary
static String DEFAULT_IDENTIFIER_COOKIE
          The default name of the cookie that contains the identifier.
static String DEFAULT_ORIGINAL_REF_COOKIE
          The default name of the cookie that contains the original request's reference.
static String ORIGINAL_REF_ATTRIBUTE
           
 
Fields inherited from class org.restlet.routing.Filter
CONTINUE, SKIP, STOP
 
Constructor Summary
RedirectAuthenticator(Context context, Verifier verifier, Restlet forbiddenResource)
          Initialize a RedirectAuthenticator with a Verifier.
RedirectAuthenticator(Context context, Verifier verifier, String identifierCookie, String origRefCookie, Restlet forbiddenResource)
          Initializes a RedirectAuthenticator with a Verifier.
 
Method Summary
protected  boolean authenticate(Request request, Response response)
           
protected  int authenticated(Request request, Response response)
           
static void clearIdentifierCookie(String cookieId, Request req, Response res)
           
static void clearIdentiiferCookie(Request req, Response res)
           
 void forbid(String origRef, Request request, Response response)
          Rejects the call due to a failed authentication or authorization.
protected  void handleUser(User user)
          Handles the retrieved user from the verifier.
protected  int unauthenticated(Request request, Response response)
           
 
Methods inherited from class org.restlet.security.Authenticator
beforeHandle, getEnroler, isMultiAuthenticating, isOptional, setEnroler, setMultiAuthenticating, setOptional
 
Methods inherited from class org.restlet.routing.Filter
afterHandle, doHandle, getNext, handle, hasNext, setNext, setNext, start, stop
 
Methods inherited from class org.restlet.Restlet
createFinder, finalize, getApplication, getAuthor, getContext, getDescription, getFinderClass, getLogger, getName, getOwner, handle, handle, handle, isStarted, isStopped, setAuthor, setContext, setDescription, setFinderClass, setName, setOwner
 
Methods inherited from class java.lang.Object
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT_IDENTIFIER_COOKIE

public static final String DEFAULT_IDENTIFIER_COOKIE
The default name of the cookie that contains the identifier.

See Also:
Constant Field Values

DEFAULT_ORIGINAL_REF_COOKIE

public static final String DEFAULT_ORIGINAL_REF_COOKIE
The default name of the cookie that contains the original request's reference.

See Also:
Constant Field Values

ORIGINAL_REF_ATTRIBUTE

public static final String ORIGINAL_REF_ATTRIBUTE
See Also:
Constant Field Values
Constructor Detail

RedirectAuthenticator

public RedirectAuthenticator(Context context,
                             Verifier verifier,
                             Restlet forbiddenResource)
Initialize a RedirectAuthenticator with a Verifier.

Parameters:
context - - Context
verifier - - A Verifier that sets user identifier upon completion

RedirectAuthenticator

public RedirectAuthenticator(Context context,
                             Verifier verifier,
                             String identifierCookie,
                             String origRefCookie,
                             Restlet forbiddenResource)
Initializes a RedirectAuthenticator with a Verifier.

Parameters:
context - The context.
verifier - The verifier that sets user identifier upon completion.
identifierCookie - The name of the cookie that contains the identifier.
origRefCookie - The name of the cookie that contains the original request's reference.
forbiddenResource - The Restlet that will handle the call in case of authentication or authorization failure.
Method Detail

clearIdentifierCookie

public static void clearIdentifierCookie(String cookieId,
                                         Request req,
                                         Response res)

clearIdentiiferCookie

public static void clearIdentiiferCookie(Request req,
                                         Response res)

authenticate

protected boolean authenticate(Request request,
                               Response response)
Specified by:
authenticate in class Authenticator

forbid

public void forbid(String origRef,
                   Request request,
                   Response response)
Rejects the call due to a failed authentication or authorization. This can be overridden to change the default behavior, for example to display an error page. By default, calls errorResource.handle (if provided) otherwise it will set the response status to ClIENT_ERROR_FORBIDDEN

Parameters:
origRef - The original ref stored by the RedirectAuthenticator
request - The rejected request.
response - The reject response.

handleUser

protected void handleUser(User user)
Handles the retrieved user from the verifier. The only thing that will be stored is the user identifier (in a cookie). Should be overridden as it does nothing by default.

Parameters:
user - The user.

unauthenticated

protected int unauthenticated(Request request,
                              Response response)
Overrides:
unauthenticated in class Authenticator

authenticated

protected int authenticated(Request request,
                            Response response)
Overrides:
authenticated in class Authenticator


Copyright © 2005-2013 Restlet.