Class DefaultAuthenticationStrategy
- java.lang.Object
-
- org.apache.wicket.authentication.strategy.DefaultAuthenticationStrategy
-
- All Implemented Interfaces:
IAuthenticationStrategy
public class DefaultAuthenticationStrategy extends Object implements IAuthenticationStrategy
Wicket's default implementation of an authentication strategy. It'll concatenate username and password, encrypt it and put it into one Cookie.Note: To support automatic authentication across application restarts you have to use the constructor
DefaultAuthenticationStrategy(String, ICrypt).- Author:
- Juergen Donnerstag
-
-
Field Summary
Fields Modifier and Type Field Description protected StringcookieKeyThe cookie name to store the username and passwordprotected StringencryptionKeyDeprecated, for removal: This API element is subject to removal in a future version.no longer used TODO remove in Wicket 10protected StringVALUE_SEPARATORThe separator used to concatenate the username and password
-
Constructor Summary
Constructors Constructor Description DefaultAuthenticationStrategy(String cookieKey)Deprecated, for removal: This API element is subject to removal in a future version.supply a crypt instead TODO remove in Wicket 10DefaultAuthenticationStrategy(String cookieKey, String encryptionKey)Deprecated, for removal: This API element is subject to removal in a future version.supply a crypt instead TODO remove in Wicket 10DefaultAuthenticationStrategy(String cookieKey, ICrypt crypt)This is the recommended constructor to be used, which allows automatic authentication across application restarts.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected String[]decode(String value)This method will decode decrypted cookie value based on application needsprotected Stringencode(String credential, String... extraCredentials)This method can be overridden to provide different encoding mechanismprotected CookieUtilsgetCookieUtils()Make sure you always return a valid CookieUtilsprotected ICryptgetCrypt()String[]load()If "rememberMe" is enabled, then load the saved credentials (e.g.voidremove()When the user logs out (session invalidation), then remove username and password from the persistence storevoidsave(String credential, String... extraCredentials)If "rememberMe" is enabled and login was successful, then store the given credentials in the persistence store (e.g.
-
-
-
Field Detail
-
encryptionKey
@Deprecated(forRemoval=true) protected final String encryptionKey
Deprecated, for removal: This API element is subject to removal in a future version.no longer used TODO remove in Wicket 10
-
VALUE_SEPARATOR
protected final String VALUE_SEPARATOR
The separator used to concatenate the username and password- See Also:
- Constant Field Values
-
-
Constructor Detail
-
DefaultAuthenticationStrategy
@Deprecated(forRemoval=true) public DefaultAuthenticationStrategy(String cookieKey)
Deprecated, for removal: This API element is subject to removal in a future version.supply a crypt instead TODO remove in Wicket 10Constructor- Parameters:
cookieKey- The name of the cookie
-
DefaultAuthenticationStrategy
@Deprecated(forRemoval=true) public DefaultAuthenticationStrategy(String cookieKey, String encryptionKey)
Deprecated, for removal: This API element is subject to removal in a future version.supply a crypt instead TODO remove in Wicket 10
-
DefaultAuthenticationStrategy
public DefaultAuthenticationStrategy(String cookieKey, ICrypt crypt)
This is the recommended constructor to be used, which allows automatic authentication across application restarts.- Parameters:
cookieKey- The name of the cookiecrypt- the crypt
-
-
Method Detail
-
getCookieUtils
protected CookieUtils getCookieUtils()
Make sure you always return a valid CookieUtils- Returns:
- CookieUtils
-
load
public String[] load()
Description copied from interface:IAuthenticationStrategyIf "rememberMe" is enabled, then load the saved credentials (e.g. username and password) from the persistence storage (e.g. Cookie) for automatic sign in. This is useful for applications which users typically have open the whole day but where the server invalidates the session after a timeout and you want to force the user to sign in again and again during the day.- Specified by:
loadin interfaceIAuthenticationStrategy- Returns:
- The
savedcredentials
-
decode
protected String[] decode(String value)
This method will decode decrypted cookie value based on application needs- Parameters:
value- decrypted cookie value- Returns:
- decomposed values array, or null in case cookie value was empty.
-
save
public void save(String credential, String... extraCredentials)
Description copied from interface:IAuthenticationStrategyIf "rememberMe" is enabled and login was successful, then store the given credentials in the persistence store (e.g. Cookie).The implementation of this method should be symmetrical with the implementation of
IAuthenticationStrategy.load().- Specified by:
savein interfaceIAuthenticationStrategy- Parameters:
credential- The credential to store. For example: a security token or username.extraCredentials- Optional extra credentials. For example: a password
-
encode
protected String encode(String credential, String... extraCredentials)
This method can be overridden to provide different encoding mechanism- Parameters:
credential-extraCredentials-- Returns:
- String representation of the parameters given
-
remove
public void remove()
Description copied from interface:IAuthenticationStrategyWhen the user logs out (session invalidation), then remove username and password from the persistence store- Specified by:
removein interfaceIAuthenticationStrategy
-
-