org.restlet.ext.openid

Class RedirectAuthenticator

java.lang.Object

org.restlet.Restlet

org.restlet.routing.Filter

org.restlet.security.Authenticator

org.restlet.ext.openid.RedirectAuthenticator

All Implemented Interfaces:

Uniform

Deprecated.

Will be removed in next minor release.

@Deprecated
public class RedirectAuthenticator
extends Authenticator

An authenticator that redirects the authentication to some external resource. After successful authentication, it will do a redirect to the original request resourceRef. The RedirectAuthenticator keeps track of state using a session cookie which is not automatically cleaned. The typical use case for this Authenticator is to do remote authentication using OpenID. The RedirectAuthenticator has the following logic based on Verifier returns:

1. If the verifier returns Verifier.RESULT_VALID it will clean up any unneeded cookies and do a Response.redirectPermanent(org.restlet.data.Reference) to the original resource
2. If the result is Verifier.RESULT_INVALID or Verifier.RESULT_UNKNOWN it will clean up all cookies and call forbid (default behavior to set Status.CLIENT_ERROR_FORBIDDEN if no errorResource has been set)
3. If the result is any other it will clean up the identifierCookie.

Author:

Martin Svensson

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	DEFAULT_IDENTIFIER_COOKIE Deprecated. The default name of the cookie that contains the identifier.
static java.lang.String	DEFAULT_ORIGINAL_REF_COOKIE Deprecated. The default name of the cookie that contains the original request's reference.
static java.lang.String	ORIGINAL_REF_ATTRIBUTE Deprecated.

Fields inherited from class org.restlet.routing.Filter

CONTINUE, SKIP, STOP

Constructor Summary

Constructors

Constructor and Description
RedirectAuthenticator(Context context, Verifier verifier, Restlet forbiddenResource) Deprecated. Initialize a RedirectAuthenticator with a Verifier.
RedirectAuthenticator(Context context, Verifier verifier, java.lang.String identifierCookie, java.lang.String origRefCookie, Restlet forbiddenResource) Deprecated. Initializes a RedirectAuthenticator with a Verifier.

Method Summary

Modifier and Type	Method and Description
protected boolean	authenticate(Request request, Response response) Deprecated.
protected int	authenticated(Request request, Response response) Deprecated.
static void	clearIdentifierCookie(java.lang.String cookieId, Request req, Response res) Deprecated.
static void	clearIdentiiferCookie(Request req, Response res) Deprecated.
void	forbid(java.lang.String origRef, Request request, Response response) Deprecated. Rejects the call due to a failed authentication or authorization.
protected void	handleUser(User user, boolean cached) Deprecated. Handles the retrieved user from the verifier.
protected int	unauthenticated(Request request, Response response) Deprecated.

Methods inherited from class org.restlet.security.Authenticator

beforeHandle, getEnroler, isMultiAuthenticating, isOptional, setEnroler, setMultiAuthenticating, setOptional

Methods inherited from class org.restlet.routing.Filter

afterHandle, doHandle, getNext, handle, hasNext, setNext, setNext, start, stop

Methods inherited from class org.restlet.Restlet

createFinder, finalize, getApplication, getAuthor, getContext, getDescription, getFinderClass, getLogger, getName, getOwner, handle, handle, handle, isStarted, isStopped, setAuthor, setContext, setDescription, setFinderClass, setName, setOwner

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_IDENTIFIER_COOKIE

public static final java.lang.String DEFAULT_IDENTIFIER_COOKIE

Deprecated.

The default name of the cookie that contains the identifier.

See Also:

Constant Field Values

DEFAULT_ORIGINAL_REF_COOKIE

public static final java.lang.String DEFAULT_ORIGINAL_REF_COOKIE

Deprecated.

The default name of the cookie that contains the original request's reference.

See Also:

Constant Field Values

ORIGINAL_REF_ATTRIBUTE

public static final java.lang.String ORIGINAL_REF_ATTRIBUTE

Deprecated.

See Also:

Constant Field Values

Constructor Detail

RedirectAuthenticator

public RedirectAuthenticator(Context context,
                             Verifier verifier,
                             Restlet forbiddenResource)

Deprecated.

Initialize a RedirectAuthenticator with a Verifier.

Parameters:

context - - Context

verifier - - A Verifier that sets user identifier upon completion

RedirectAuthenticator

public RedirectAuthenticator(Context context,
                             Verifier verifier,
                             java.lang.String identifierCookie,
                             java.lang.String origRefCookie,
                             Restlet forbiddenResource)

Deprecated.

Initializes a RedirectAuthenticator with a Verifier.

Parameters:

context - The context.

verifier - The verifier that sets user identifier upon completion.

identifierCookie - The name of the cookie that contains the identifier.

origRefCookie - The name of the cookie that contains the original request's reference.

forbiddenResource - The Restlet that will handle the call in case of authentication or authorization failure.

Method Detail

clearIdentifierCookie

public static void clearIdentifierCookie(java.lang.String cookieId,
                                         Request req,
                                         Response res)

Deprecated.

clearIdentiiferCookie

public static void clearIdentiiferCookie(Request req,
                                         Response res)

Deprecated.

authenticate

protected boolean authenticate(Request request,
                               Response response)

Deprecated.

Specified by:

authenticate in class Authenticator

authenticated

protected int authenticated(Request request,
                            Response response)

Deprecated.

Overrides:

authenticated in class Authenticator

forbid

public void forbid(java.lang.String origRef,
                   Request request,
                   Response response)

Deprecated.

Rejects the call due to a failed authentication or authorization. This can be overridden to change the default behavior, for example to display an error page. By default, calls errorResource.handle (if provided) otherwise it will set the response status to ClIENT_ERROR_FORBIDDEN

Parameters:

origRef - The original ref stored by the RedirectAuthenticator

request - The rejected request.

response - The reject response.

handleUser

protected void handleUser(User user,
                          boolean cached)

Deprecated.

Handles the retrieved user from the verifier. The only thing that will be stored is the user identifier (in a cookie). Should be overridden as it does nothing by default.

Parameters:

user - The user.

unauthenticated

protected int unauthenticated(Request request,
                              Response response)

Deprecated.

Overrides:

unauthenticated in class Authenticator