com.zeevbelkin.web.filter.access
Class AjaxLoginPeer

java.lang.Object
  com.zeevbelkin.web.filter.access.AjaxLoginPeer

public abstract class AjaxLoginPeer
extends java.lang.Object

This class is a helper that may be used to implement ajax login/logout procedures with DWR. To use this class a customer should derive a class from it that should be exposed with in allow in the dwr.xml configuration file.

   <allow>
     <create creator="new" javascript="Authenticator">
       <param name="class" value="com.myapp.Authenticator"/>
     </create>
   </allow>
 

This derived class must override at least assignCredentials method. This method sets the user credentials if the authentication info is correct. The method can also return some optional info to the javascript caller. An example of such derived class you can see below (an actual class ordinary checks the authentication info with a database).

 public class Authenticator extends AjaxLoginPeer {
     
    protected  Map assignCredentials(
      Map attributes,
      Yaaf.SessionSecurityInfo ssi,
      HttpServletRequest request,
      HttpServletResponse response
    ) {
      String login=(String)attributes.get("login"),password=(String)attributes.get("password");
      if ("pupkin".equals(login)&&"stam".equals(password)) {
         ssi.setName("pupkin");
      }
      return null;
    }
 }
 

Author:

Zeev (Vladimir) Belkin

Constructor Summary

AjaxLoginPeer()

Method Summary

protected abstract java.util.Map	assignCredentials(java.util.Map attributes, Yaaf.SessionSecurityInfo ssi, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Checks the user authentication info and assigns credentials in case of success.
java.lang.String	getName(javax.servlet.http.HttpServletRequest request) Returns an authenticated user name if any.
java.util.Map	login(java.util.Map attributes, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Performs login.
java.util.Map	loginAndRemember(java.util.Map attributes, int daysToKeepLogin, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) This function is just like login, but stores a user login in a cookie in a case of successful authentication.
void	logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Performs logout.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AjaxLoginPeer

public AjaxLoginPeer()

Method Detail

getName

public java.lang.String getName(javax.servlet.http.HttpServletRequest request)

Returns an authenticated user name if any. This method is intended to be called from the javascript code like this

     <script>
       Authenticator.getName(
          function(str) {
            if (str!=null) {
              $("ajaxLoginForm").style.display='none';
              $("ajaxLogoutForm").style.display='block';
              $("userNameLabel").innerText=str;
            } else {
              $("ajaxLoginForm").style.display='block';
              $("ajaxLogoutForm").style.display='none';
            }
          }
       );
       $("loginError").style.display='none';
     </script>
 

Returns:

authenticated user name if any, otherwise null

logout

public void logout(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response)

Performs logout. This method intended to be called from the javascript code like this

 <script type='text/javascript'>
     function doLogout() {
       Authenticator.logout(
          function() {
             $("ajaxLoginForm").style.display='block';
             $("ajaxLogoutForm").style.display='none';
          }
       );
     }
 </script>
 

login

public java.util.Map login(java.util.Map attributes,
                           javax.servlet.http.HttpServletRequest request,
                           javax.servlet.http.HttpServletResponse response)

Performs login. This method intended to be called from the javascript code like this

 <script>    
 function doLogin() {
       Authenticator.login(
          {
            login: $("user_id").value,
            password: $("password").value
          },AndRemember
          function(hm) {
     // the hashap hm may content some optional
     // info that inform the JS-code how to act to reach sucessful
     // authentication (it is especially important to implement openid login)
            if (hm['name']!=null) {
              $("ajaxLoginForm").style.display='none';
              $("ajaxLogoutForm").style.display='block';
              $("userNameLabel").innerText=hm['name'];
              $("loginError").style.display='none';
            } else {
              $("loginError").style.display='block';
            }
          }
       );
     }
 </script>
 

Parameters:

attributes - various values required to check user identity, ordinaty, them are a user name and a password.

Returns:

a hash map with various parameters. If a user has been authenticated successfully, the map contains a pair with a name key which value is the authenticated user name. Also the map can contain any optional info, ordinary to reach successful authentication in the next call.

loginAndRemember

public java.util.Map loginAndRemember(java.util.Map attributes,
                                      int daysToKeepLogin,
                                      javax.servlet.http.HttpServletRequest request,
                                      javax.servlet.http.HttpServletResponse response)

This function is just like login, but stores a user login in a cookie in a case of successful authentication.

Parameters:

attributes - various values required to check user identity, ordinaty, them are a user name and a password.

daysToKeepLogin - time to keep a successful login in a cookie in days

Returns:

a hash map with various parameters. If a user has been authenticated successfully, the map contains a pair with a name key which value is the authenticated user name. Also the map can contain any optional info, ordinary to reach successful authentication in the next call.

assignCredentials

protected abstract java.util.Map assignCredentials(java.util.Map attributes,
                                                   Yaaf.SessionSecurityInfo ssi,
                                                   javax.servlet.http.HttpServletRequest request,
                                                   javax.servlet.http.HttpServletResponse response)

Checks the user authentication info and assigns credentials in case of success.

Parameters:

request - various values required to check user identity, ordinary, them are a user name and a password.

ssi - Session Security Info object used to assign the credentials in case of success

Returns:

Optional attributes to be passed back to the javascript caller. Them ordinary are used, in case of failure, to reach successful authentication at the next call.