Class DefaultAuthenticationStrategy

java.lang.Object
org.apache.wicket.authentication.strategy.DefaultAuthenticationStrategy
All Implemented Interfaces:
IAuthenticationStrategy

Wicket's default implementation of an authentication strategy. It'll concatenate username and password, encrypt it and put it into one Cookie.

Note: To support automatic authentication across application restarts you have to use the constructor DefaultAuthenticationStrategy(String, ICrypt).

Author:
Juergen Donnerstag
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected final String
    The cookie name to store the username and password
    protected final String
    The separator used to concatenate the username and password
  • Constructor Summary

    Constructors
    Constructor
    Description
    This is the recommended constructor to be used, which allows automatic authentication across application restarts.
  • Method Summary

    Modifier and Type
    Method
    Description
    protected String[]
    decode(String value)
    This method will decode decrypted cookie value based on application needs
    protected String
    encode(String credential, String... extraCredentials)
    This method can be overridden to provide different encoding mechanism
    protected CookieUtils
    Make sure you always return a valid CookieUtils
    protected ICrypt
     
    If "rememberMe" is enabled, then load the saved credentials (e.g. username and password) from the persistence storage (e.g.
    void
    When the user logs out (session invalidation), then remove username and password from the persistence store
    void
    save(String credential, String... extraCredentials)
    If "rememberMe" is enabled and login was successful, then store the given credentials in the persistence store (e.g.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Field Details

  • Constructor Details

    • DefaultAuthenticationStrategy

      public DefaultAuthenticationStrategy(String cookieKey, ICrypt crypt)
      This is the recommended constructor to be used, which allows automatic authentication across application restarts.
      Parameters:
      cookieKey - The name of the cookie
      crypt - the crypt
  • Method Details

    • getCookieUtils

      Make sure you always return a valid CookieUtils
      Returns:
      CookieUtils
    • getCrypt

      protected ICrypt getCrypt()
      Returns:
      The crypt engine to be used
    • load

      public String[] load()
      Description copied from interface: IAuthenticationStrategy
      If "rememberMe" is enabled, then load the saved credentials (e.g. username and password) from the persistence storage (e.g. Cookie) for automatic sign in. This is useful for applications which users typically have open the whole day but where the server invalidates the session after a timeout and you want to force the user to sign in again and again during the day.
      Specified by:
      load in interface IAuthenticationStrategy
      Returns:
      The saved credentials
    • decode

      protected String[] decode(String value)
      This method will decode decrypted cookie value based on application needs
      Parameters:
      value - decrypted cookie value
      Returns:
      decomposed values array, or null in case cookie value was empty.
    • save

      public void save(String credential, String... extraCredentials)
      Description copied from interface: IAuthenticationStrategy
      If "rememberMe" is enabled and login was successful, then store the given credentials in the persistence store (e.g. Cookie).

      The implementation of this method should be symmetrical with the implementation of IAuthenticationStrategy.load().

      Specified by:
      save in interface IAuthenticationStrategy
      Parameters:
      credential - The credential to store. For example: a security token or username.
      extraCredentials - Optional extra credentials. For example: a password
    • encode

      protected String encode(String credential, String... extraCredentials)
      This method can be overridden to provide different encoding mechanism
      Parameters:
      credential -
      extraCredentials -
      Returns:
      String representation of the parameters given
    • remove

      public void remove()
      Description copied from interface: IAuthenticationStrategy
      When the user logs out (session invalidation), then remove username and password from the persistence store
      Specified by:
      remove in interface IAuthenticationStrategy