FormAuthenticator (Apache Tomcat 8.0.15 API Documentation)

java.lang.Object
- org.apache.catalina.util.LifecycleBase
- - org.apache.catalina.util.LifecycleMBeanBase
  - - org.apache.catalina.valves.ValveBase
    - - org.apache.catalina.authenticator.AuthenticatorBase
      - org.apache.catalina.authenticator.FormAuthenticator

All Implemented Interfaces:

MBeanRegistration, Authenticator, Contained, JmxEnabled, Lifecycle, Valve
```
public class FormAuthenticator
extends AuthenticatorBase
```
An Authenticator and Valve implementation of FORM BASED Authentication, as described in the Servlet API Specification.

Author:

Craig R. McClanahan, Remy Maucherat

Field Summary

Fields
Modifier and Type	Field and Description
`protected String`	`characterEncoding` Character encoding to use to read the username and password parameters from the request.
`protected String`	`landingPage` Landing page to use if a user tries to access the login page directly or if the session times out during login.

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sessionIdGenerator, sm, sso

Fields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, next

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase
mserver

Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors
Constructor and Description

FormAuthenticator()

Constructors
Constructor and Description
`FormAuthenticator()`

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`authenticate(Request request, HttpServletResponse response)` Authenticate the user making this request, based on the specified login configuration.
`protected void`	`forwardToErrorPage(Request request, HttpServletResponse response, LoginConfig config)` Called to forward to the error page
`protected void`	`forwardToLoginPage(Request request, HttpServletResponse response, LoginConfig config)` Called to forward to the login page
`protected String`	`getAuthMethod()`
`String`	`getCharacterEncoding()` Return the character encoding to use to read the username and password.
`String`	`getLandingPage()` Return the landing page to use when FORM auth is mis-used.
`protected boolean`	`matchRequest(Request request)` Does this request match the saved one (so that it must be the redirect we signaled after successful authentication?
`protected boolean`	`restoreRequest(Request request, Session session)` Restore the original request from information stored in our session.
`protected String`	`savedRequestURL(Session session)` Return the request URI (with the corresponding query string, if any) from the saved request so that we can redirect to it.
`protected void`	`saveRequest(Request request, Session session)` Save the original request information into our session.
`void`	`setCharacterEncoding(String encoding)` Set the character encoding to be used to read the username and password.
`void`	`setLandingPage(String landingPage)` Set the landing page to use when the FORM auth is mis-used.

Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, event, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Field Detail
  - characterEncoding
```
protected String characterEncoding
```
    Character encoding to use to read the username and password parameters from the request. If not set, the encoding of the request body will be used.
  - landingPage
```
protected String landingPage
```
    Landing page to use if a user tries to access the login page directly or if the session times out during login. If not set, error responses will be sent instead.
- Constructor Detail
  - FormAuthenticator
```
public FormAuthenticator()
```
- Method Detail
  - getCharacterEncoding
```
public String getCharacterEncoding()
```
    Return the character encoding to use to read the username and password.
  - setCharacterEncoding
```
public void setCharacterEncoding(String encoding)
```
    Set the character encoding to be used to read the username and password.
  - getLandingPage
```
public String getLandingPage()
```
    Return the landing page to use when FORM auth is mis-used.
  - setLandingPage
```
public void setLandingPage(String landingPage)
```
    Set the landing page to use when the FORM auth is mis-used.
  - authenticate
```
public boolean authenticate(Request request,
                   HttpServletResponse response)
                     throws IOException
```
    Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.
    
    Specified by:
    
    authenticate in interface Authenticator
    
    Specified by:
    
    authenticate in class AuthenticatorBase
    
    Parameters:
    request - Request we are processing
    response - Response we are creating
    
    Returns:
    true if any specified constraints have been satisfied, or false if one more constraints were not satisfied (in which case an authentication challenge will have been written to the response).
    
    Throws:
    
    IOException - if an input/output error occurs
  - getAuthMethod
```
protected String getAuthMethod()
```
    Specified by:
    
    getAuthMethod in class AuthenticatorBase
  - forwardToLoginPage
```
protected void forwardToLoginPage(Request request,
                      HttpServletResponse response,
                      LoginConfig config)
                           throws IOException
```
    Called to forward to the login page
    
    Parameters:
    request - Request we are processing
    response - Response we are populating
    config - Login configuration describing how authentication should be performed
    
    Throws:
    
    IOException - If the forward to the login page fails and the call to HttpServletResponse.sendError(int, String) throws an IOException
  - forwardToErrorPage
```
protected void forwardToErrorPage(Request request,
                      HttpServletResponse response,
                      LoginConfig config)
                           throws IOException
```
    Called to forward to the error page
    
    Parameters:
    request - Request we are processing
    response - Response we are populating
    config - Login configuration describing how authentication should be performed
    
    Throws:
    
    IOException - If the forward to the error page fails and the call to HttpServletResponse.sendError(int, String) throws an IOException
  - matchRequest
```
protected boolean matchRequest(Request request)
```
    Does this request match the saved one (so that it must be the redirect we signaled after successful authentication?
    
    Parameters:
    request - The request to be verified
  - restoreRequest
```
protected boolean restoreRequest(Request request,
                     Session session)
                          throws IOException
```
    Restore the original request from information stored in our session. If the original request is no longer present (because the session timed out), return false; otherwise, return true.
    
    Parameters:
    request - The request to be restored
    session - The session containing the saved information
    
    Throws:
    
    IOException
  - saveRequest
```
protected void saveRequest(Request request,
               Session session)
                    throws IOException
```
    Save the original request information into our session.
    
    Parameters:
    request - The request to be saved
    session - The session to contain the saved information
    
    Throws:
    
    IOException
  - savedRequestURL
```
protected String savedRequestURL(Session session)
```
    Return the request URI (with the corresponding query string, if any) from the saved request so that we can redirect to it.
    
    Parameters:
    session - Our current session

Class FormAuthenticator

Field Summary

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Fields inherited from class org.apache.catalina.valves.ValveBase

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

Fields inherited from interface org.apache.catalina.Lifecycle

Constructor Summary

Method Summary

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Methods inherited from class org.apache.catalina.valves.ValveBase

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

Methods inherited from class org.apache.catalina.util.LifecycleBase

Methods inherited from class java.lang.Object

Field Detail

characterEncoding

landingPage

Constructor Detail

FormAuthenticator

Method Detail

getCharacterEncoding

setCharacterEncoding

getLandingPage

setLandingPage

authenticate

getAuthMethod

forwardToLoginPage

forwardToErrorPage

matchRequest

restoreRequest

saveRequest

savedRequestURL