Module org.apache.wicket.core
Class DefaultAuthenticationStrategy
java.lang.Object
org.apache.wicket.authentication.strategy.DefaultAuthenticationStrategy
- All Implemented Interfaces:
IAuthenticationStrategy
Wicket's default implementation of an authentication strategy. It'll concatenate username and
password, encrypt it and put it into one Cookie.
Note: To support automatic authentication across application restarts you have to use
the constructor DefaultAuthenticationStrategy(String, ICrypt)
.
- Author:
- Juergen Donnerstag
-
Field Summary
-
Constructor Summary
ConstructorDescriptionDefaultAuthenticationStrategy
(String cookieKey, ICrypt crypt) This is the recommended constructor to be used, which allows automatic authentication across application restarts. -
Method Summary
Modifier and TypeMethodDescriptionprotected String[]
This method will decode decrypted cookie value based on application needsprotected String
This method can be overridden to provide different encoding mechanismprotected CookieUtils
Make sure you always return a valid CookieUtilsprotected ICrypt
getCrypt()
String[]
load()
If "rememberMe" is enabled, then load the saved credentials (e.g. username and password) from the persistence storage (e.g.void
remove()
When the user logs out (session invalidation), then remove username and password from the persistence storevoid
If "rememberMe" is enabled and login was successful, then store the given credentials in the persistence store (e.g.
-
Field Details
-
cookieKey
The cookie name to store the username and password -
VALUE_SEPARATOR
The separator used to concatenate the username and password- See Also:
-
-
Constructor Details
-
DefaultAuthenticationStrategy
This is the recommended constructor to be used, which allows automatic authentication across application restarts.- Parameters:
cookieKey
- The name of the cookiecrypt
- the crypt
-
-
Method Details
-
getCookieUtils
Make sure you always return a valid CookieUtils- Returns:
- CookieUtils
-
getCrypt
- Returns:
- The crypt engine to be used
-
load
Description copied from interface:IAuthenticationStrategy
If "rememberMe" is enabled, then load the saved credentials (e.g. username and password) from the persistence storage (e.g. Cookie) for automatic sign in. This is useful for applications which users typically have open the whole day but where the server invalidates the session after a timeout and you want to force the user to sign in again and again during the day.- Specified by:
load
in interfaceIAuthenticationStrategy
- Returns:
- The
saved
credentials
-
decode
This method will decode decrypted cookie value based on application needs- Parameters:
value
- decrypted cookie value- Returns:
- decomposed values array, or null in case cookie value was empty.
-
save
Description copied from interface:IAuthenticationStrategy
If "rememberMe" is enabled and login was successful, then store the given credentials in the persistence store (e.g. Cookie).The implementation of this method should be symmetrical with the implementation of
IAuthenticationStrategy.load()
.- Specified by:
save
in interfaceIAuthenticationStrategy
- Parameters:
credential
- The credential to store. For example: a security token or username.extraCredentials
- Optional extra credentials. For example: a password
-
encode
This method can be overridden to provide different encoding mechanism- Parameters:
credential
-extraCredentials
-- Returns:
- String representation of the parameters given
-
remove
Description copied from interface:IAuthenticationStrategy
When the user logs out (session invalidation), then remove username and password from the persistence store- Specified by:
remove
in interfaceIAuthenticationStrategy
-