org.benow.web.servlet
Class SecureHandler

java.lang.Object
  org.benow.web.servlet.RequestHandler
      org.benow.web.servlet.SecureHandler

All Implemented Interfaces:

java.lang.Runnable

Direct Known Subclasses:

HttpServiceRequestHandler, WebServiceRequestHandler

public abstract class SecureHandler
extends RequestHandler

UserModuleValidation

On request the user is validated via user.isIntialized(). If not initialized then the user modules are checked for initialization

• if a InitializationURL annotation is given on the class then that URL will be redirected to and the session put in an initialization mode. In this mode only URI prefixes /js|/images|/css and the InitializationURL and any URIs (startsWith) given by the InitializationPrefixes annotation will be allowed. Once isInitialized returns true then initialization mode is disabled and all urls are accessible.
• If no InitializationURL annotation is given then an error is thrown

Author:

andy

See Also:

InitializationURIs

Field Summary

static org.benow.java.config.entry.StringConfigurationEntry	CFG_LOGIN_PAGE
static java.lang.String	COOKIE_USER_INFO

Fields inherited from class org.benow.web.servlet.RequestHandler

ENV_PARAMS, ENV_REQUEST, ENV_REQUEST_URL, ENV_RESPONSE, ENV_SESSION, params, request, response, session, url

Constructor Summary

SecureHandler(HandlerServlet servlet)

Method Summary

protected boolean	beforeRun(RequestHandlerThread thread) Override to add to handler thread environment
void	dirtyRun() Handles the request, throwing any unhandled errors.
static void	doLoginRedirect(java.lang.SecurityException e)
static void	doLoginRedirect(java.lang.SecurityException e, java.io.OutputStream out)
static void	doLoginRedirect(java.lang.SecurityException e, java.io.PrintWriter out)
static java.lang.String	getPasswordHash(org.benow.security.user.User user) Combines the user's (encryped) password with thier remoted address and hashes it to come up with a safe remote representation of the password.
void	removeLoginCookie()
protected void	startRun(java.io.OutputStream out)
org.benow.security.user.User	validateCookie()

Methods inherited from class org.benow.web.servlet.RequestHandler

doRun, doRun, doRun, dumpError, getContentType, handleError, handleError, handleError, handleError, handleRequest, run

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

COOKIE_USER_INFO

public static final java.lang.String COOKIE_USER_INFO

See Also:

Constant Field Values

CFG_LOGIN_PAGE

public static final org.benow.java.config.entry.StringConfigurationEntry CFG_LOGIN_PAGE

Constructor Detail

SecureHandler

public SecureHandler(HandlerServlet servlet)

Method Detail

beforeRun

protected boolean beforeRun(RequestHandlerThread thread)
                     throws WebException

Description copied from class: RequestHandler

Override to add to handler thread environment

Overrides:

beforeRun in class RequestHandler

Returns:

keep going... true to continue processing, false if all processing has been done in this method (ie binary delivery)

Throws:

WebException

dirtyRun

public void dirtyRun()
              throws java.lang.Throwable

Description copied from class: RequestHandler

Handles the request, throwing any unhandled errors. Errors may be handled in descendants. If not handled, they are handled the the default manner.

Overrides:

dirtyRun in class RequestHandler

Throws:

java.lang.Throwable

See Also:

Request is handled with regard to security. If a SecurityException occures while handling the page, the browser is redirected to the auth url (as defined in ServletRunner if running with a descendant of this kind of servlet). After successful auth, user is remembered in session they are redirected to where they came.

startRun

protected void startRun(java.io.OutputStream out)
                 throws java.lang.Exception

Overrides:

startRun in class RequestHandler

Throws:

java.lang.Exception

doLoginRedirect

public static void doLoginRedirect(java.lang.SecurityException e,
                                   java.io.OutputStream out)

doLoginRedirect

public static void doLoginRedirect(java.lang.SecurityException e,
                                   java.io.PrintWriter out)

validateCookie

public org.benow.security.user.User validateCookie()
                                            throws WebException,
                                                   java.lang.SecurityException

Throws:

WebException

java.lang.SecurityException

getPasswordHash

public static java.lang.String getPasswordHash(org.benow.security.user.User user)

Combines the user's (encryped) password with thier remoted address and hashes it to come up with a safe remote representation of the password. Requires crypto (JCA).

Parameters:

user -

Returns:

unique hash for user

removeLoginCookie

public void removeLoginCookie()

Parameters:

params -

doLoginRedirect

public static void doLoginRedirect(java.lang.SecurityException e)