Module org.apache.wicket.auth.roles
Class AuthenticatedWebSession
java.lang.Object
org.apache.wicket.Session
org.apache.wicket.protocol.http.WebSession
org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession
org.apache.wicket.authroles.authentication.AuthenticatedWebSession
- All Implemented Interfaces:
Serializable
,IEventSink
,IFeedbackContributor
,IMetadataContext<Serializable,
,Session> IClusterable
Basic authenticated web session. Subclasses must provide a method that authenticates the session
based on a username and password, and a method implementation that gets the Roles
- Author:
- Jonathan Locke
- See Also:
-
Field Summary
Fields inherited from class org.apache.wicket.Session
clientInfo, SESSION_ATTRIBUTE_NAME
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected abstract boolean
authenticate
(String username, String password) Actual authentication check, has to be implemented by subclasses.static AuthenticatedWebSession
get()
void
Call signOut() and remove the logon data from where ever they have been persisted (e.g.final boolean
protected final void
signIn
(boolean value) Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user.final boolean
Try to sign in the user.void
signOut()
Sign the user out.Methods inherited from class org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession
getRoles
Methods inherited from class org.apache.wicket.protocol.http.WebSession
generateNewSessionId, getClientInfo, newBrowserInfoPage
Methods inherited from class org.apache.wicket.Session
bind, changeSessionId, clear, debug, detach, dirty, dirty, endRequest, error, exists, fatal, getApplication, getAttribute, getAttributeNames, getAuthorizationStrategy, getClassResolver, getFeedbackMessages, getId, getLocale, getMetaData, getPageFactory, getPageManager, getSessionStore, getSizeInBytes, getStyle, info, internalDetach, invalidateNow, isRtlLanguage, isRtlLocale, isSessionInvalidated, isTemporary, newPageAccessSynchronizer, nextPageId, nextSequenceValue, onEvent, onInvalidate, removeAttribute, replaceSession, setAttribute, setClientInfo, setLocale, setMetaData, setStyle, success, warn
-
Constructor Details
-
AuthenticatedWebSession
Construct.- Parameters:
request
- The current request object
-
-
Method Details
-
get
- Returns:
- Current authenticated web session
-
signIn
Try to sign in the user. It'll callauthenticate(String, String)
to do the real work and that is what you need to subclass to provide your own authentication mechanism.- Parameters:
username
-password
-- Returns:
- true, if logon was successful
-
authenticate
Actual authentication check, has to be implemented by subclasses.- Parameters:
username
- The usernamepassword
- The password- Returns:
- True if the user was authenticated successfully
-
signIn
Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user. This method is meant to support these use cases. It is protected (and not public) to enforce that cookie based authentication gets implemented in a subclass (like you need to implementauthenticate(String, String)
for 'normal' authentication).- Parameters:
value
-- See Also:
-
isSignedIn
- Specified by:
isSignedIn
in classAbstractAuthenticatedWebSession
- Returns:
- true, if user is signed in
-
signOut
Sign the user out.This method is an alias of
invalidate()
-
invalidate
Call signOut() and remove the logon data from where ever they have been persisted (e.g. Cookies)- Overrides:
invalidate
in classWebSession
- See Also:
-