Class AuthenticatedWebSession
java.lang.Object
org.apache.wicket.Session
org.apache.wicket.protocol.http.WebSession
org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession
org.apache.wicket.authroles.authentication.AuthenticatedWebSession
- All Implemented Interfaces:
Serializable,IEventSink,IFeedbackContributor,IMetadataContext<Serializable,,Session> IClusterable
Basic authenticated web session. Subclasses must provide a method that authenticates the session
based on a username and password, and a method implementation that gets the Roles
- Author:
- Jonathan Locke
- See Also:
-
Field Summary
Fields inherited from class org.apache.wicket.Session
clientInfo, SESSION_ATTRIBUTE_NAME -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected abstract booleanauthenticate(String username, String password) Actual authentication check, has to be implemented by subclasses.static AuthenticatedWebSessionget()voidCall signOut() and remove the logon data from where ever they have been persisted (e.g.final booleanprotected final voidsignIn(boolean value) Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user.final booleanTry to sign in the user.voidsignOut()Sign the user out.Methods inherited from class org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession
getRolesMethods inherited from class org.apache.wicket.protocol.http.WebSession
generateNewSessionId, getClientInfo, newBrowserInfoPageMethods inherited from class org.apache.wicket.Session
bind, changeSessionId, clear, debug, detach, dirty, dirty, endRequest, error, exists, fatal, getApplication, getAttribute, getAttributeNames, getAuthorizationStrategy, getClassResolver, getFeedbackMessages, getId, getLocale, getMetaData, getPageFactory, getPageManager, getSessionStore, getSizeInBytes, getStyle, info, internalDetach, invalidateNow, isRtlLanguage, isRtlLocale, isSessionInvalidated, isTemporary, newPageAccessSynchronizer, nextPageId, nextSequenceValue, onEvent, onInvalidate, removeAttribute, replaceSession, setAttribute, setClientInfo, setLocale, setMetaData, setStyle, success, warn
-
Constructor Details
-
AuthenticatedWebSession
Construct.- Parameters:
request- The current request object
-
-
Method Details
-
get
- Returns:
- Current authenticated web session
-
signIn
Try to sign in the user. It'll callauthenticate(String, String)to do the real work and that is what you need to subclass to provide your own authentication mechanism.- Parameters:
username-password-- Returns:
- true, if logon was successful
-
authenticate
Actual authentication check, has to be implemented by subclasses.- Parameters:
username- The usernamepassword- The password- Returns:
- True if the user was authenticated successfully
-
signIn
Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user. This method is meant to support these use cases. It is protected (and not public) to enforce that cookie based authentication gets implemented in a subclass (like you need to implementauthenticate(String, String)for 'normal' authentication).- Parameters:
value-- See Also:
-
isSignedIn
- Specified by:
isSignedInin classAbstractAuthenticatedWebSession- Returns:
- true, if user is signed in
-
signOut
Sign the user out.This method is an alias of
invalidate() -
invalidate
Call signOut() and remove the logon data from where ever they have been persisted (e.g. Cookies)- Overrides:
invalidatein classWebSession- See Also:
-