Class AuthenticatedWebSession

All Implemented Interfaces:
Serializable, IEventSink, IFeedbackContributor, IMetadataContext<Serializable,Session>, IClusterable

Basic authenticated web session. Subclasses must provide a method that authenticates the session based on a username and password, and a method implementation that gets the Roles
Author:
Jonathan Locke
See Also:
  • Constructor Details

  • Method Details

    • get

      public static AuthenticatedWebSession get()
      Returns:
      Current authenticated web session
    • signIn

      public final boolean signIn(String username, String password)
      Try to sign in the user. It'll call authenticate(String, String) to do the real work and that is what you need to subclass to provide your own authentication mechanism.
      Parameters:
      username -
      password -
      Returns:
      true, if logon was successful
    • authenticate

      protected abstract boolean authenticate(String username, String password)
      Actual authentication check, has to be implemented by subclasses.
      Parameters:
      username - The username
      password - The password
      Returns:
      True if the user was authenticated successfully
    • signIn

      protected final void signIn(boolean value)
      Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user. This method is meant to support these use cases. It is protected (and not public) to enforce that cookie based authentication gets implemented in a subclass (like you need to implement authenticate(String, String) for 'normal' authentication).
      Parameters:
      value -
      See Also:
    • isSignedIn

      public final boolean isSignedIn()
      Specified by:
      isSignedIn in class AbstractAuthenticatedWebSession
      Returns:
      true, if user is signed in
    • signOut

      public void signOut()
      Sign the user out.

      This method is an alias of invalidate()

    • invalidate

      public void invalidate()
      Call signOut() and remove the logon data from where ever they have been persisted (e.g. Cookies)
      Overrides:
      invalidate in class WebSession
      See Also: