Class AuthenticatedWebSession
- java.lang.Object
-
- org.apache.wicket.Session
-
- org.apache.wicket.protocol.http.WebSession
-
- org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession
-
- org.apache.wicket.authroles.authentication.AuthenticatedWebSession
-
- All Implemented Interfaces:
Serializable
,IEventSink
,IFeedbackContributor
,IMetadataContext<Serializable,Session>
,IClusterable
public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSession
Basic authenticated web session. Subclasses must provide a method that authenticates the session based on a username and password, and a method implementation that gets the Roles- Author:
- Jonathan Locke
- See Also:
- Serialized Form
-
-
Field Summary
-
Fields inherited from class org.apache.wicket.Session
clientInfo, SESSION_ATTRIBUTE_NAME
-
-
Constructor Summary
Constructors Constructor Description AuthenticatedWebSession(Request request)
Construct.
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected abstract boolean
authenticate(String username, String password)
Actual authentication check, has to be implemented by subclasses.static AuthenticatedWebSession
get()
void
invalidate()
Call signOut() and remove the logon data from where ever they have been persisted (e.g.boolean
isSignedIn()
protected void
signIn(boolean value)
Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user.boolean
signIn(String username, String password)
Try to sign in the user.void
signOut()
Sign the user out.-
Methods inherited from class org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession
getRoles
-
Methods inherited from class org.apache.wicket.protocol.http.WebSession
generateNewSessionId, getClientInfo, newBrowserInfoPage
-
Methods inherited from class org.apache.wicket.Session
bind, changeSessionId, clear, debug, detach, dirty, dirty, endRequest, error, exists, fatal, getApplication, getAttribute, getAttributeNames, getAuthorizationStrategy, getClassResolver, getFeedbackMessages, getId, getLocale, getMetaData, getPageFactory, getPageManager, getSessionStore, getSizeInBytes, getStyle, info, internalDetach, invalidateNow, isRtlLanguage, isRtlLocale, isSessionInvalidated, isTemporary, newPageAccessSynchronizer, nextPageId, nextSequenceValue, onEvent, onInvalidate, removeAttribute, replaceSession, setAttribute, setClientInfo, setLocale, setMetaData, setStyle, success, warn
-
-
-
-
Constructor Detail
-
AuthenticatedWebSession
public AuthenticatedWebSession(Request request)
Construct.- Parameters:
request
- The current request object
-
-
Method Detail
-
get
public static AuthenticatedWebSession get()
- Returns:
- Current authenticated web session
-
signIn
public final boolean signIn(String username, String password)
Try to sign in the user. It'll callauthenticate(String, String)
to do the real work and that is what you need to subclass to provide your own authentication mechanism.- Parameters:
username
-password
-- Returns:
- true, if logon was successful
-
authenticate
protected abstract boolean authenticate(String username, String password)
Actual authentication check, has to be implemented by subclasses.- Parameters:
username
- The usernamepassword
- The password- Returns:
- True if the user was authenticated successfully
-
signIn
protected final void signIn(boolean value)
Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user. This method is meant to support these use cases. It is protected (and not public) to enforce that cookie based authentication gets implemented in a subclass (like you need to implementauthenticate(String, String)
for 'normal' authentication).- Parameters:
value
-- See Also:
authenticate(String, String)
-
isSignedIn
public final boolean isSignedIn()
- Specified by:
isSignedIn
in classAbstractAuthenticatedWebSession
- Returns:
- true, if user is signed in
-
signOut
public void signOut()
Sign the user out.This method is an alias of
invalidate()
-
invalidate
public void invalidate()
Call signOut() and remove the logon data from where ever they have been persisted (e.g. Cookies)- Overrides:
invalidate
in classWebSession
- See Also:
Session.invalidate()
-
-