java.lang.Object
- org.apache.wicket.Session
- - org.apache.wicket.protocol.http.WebSession
  - - org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession
    - - org.apache.wicket.authroles.authentication.AuthenticatedWebSession

All Implemented Interfaces:

Serializable, IEventSink, IFeedbackContributor, IMetadataContext<Serializable,Session>, IClusterable
```
public abstract class AuthenticatedWebSession
extends AbstractAuthenticatedWebSession
```
Basic authenticated web session. Subclasses must provide a method that authenticates the session based on a username and password, and a method implementation that gets the Roles

Author:

Jonathan Locke

See Also:

Serialized Form

Field Summary
- Fields inherited from class org.apache.wicket.Session
  clientInfo, SESSION_ATTRIBUTE_NAME

Constructor Summary

Constructors
Constructor Description

AuthenticatedWebSession(Request request)
Construct.

Method Summary

All Methods Static Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method	Description
`protected abstract boolean`	`authenticate(String username, String password)`	Actual authentication check, has to be implemented by subclasses.
`static AuthenticatedWebSession`	`get()`
`void`	`invalidate()`	Call signOut() and remove the logon data from where ever they have been persisted (e.g.
`boolean`	`isSignedIn()`
`protected void`	`signIn(boolean value)`	Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user.
`boolean`	`signIn(String username, String password)`	Try to sign in the user.
`void`	`signOut()`	Sign the user out.

Methods inherited from class org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession
getRoles

Methods inherited from class org.apache.wicket.protocol.http.WebSession
generateNewSessionId, getClientInfo, newBrowserInfoPage

Methods inherited from class org.apache.wicket.Session
bind, changeSessionId, clear, debug, detach, dirty, dirty, endRequest, error, exists, fatal, getApplication, getAttribute, getAttributeNames, getAuthorizationStrategy, getClassResolver, getFeedbackMessages, getId, getLocale, getMetaData, getPageFactory, getPageManager, getSessionStore, getSizeInBytes, getStyle, info, internalDetach, invalidateNow, isRtlLanguage, isRtlLocale, isSessionInvalidated, isTemporary, newPageAccessSynchronizer, nextPageId, nextSequenceValue, onEvent, onInvalidate, removeAttribute, replaceSession, setAttribute, setClientInfo, setLocale, setMetaData, setStyle, success, warn

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - AuthenticatedWebSession
```
public AuthenticatedWebSession(Request request)
```
    Construct.
    
    Parameters:
    
    request - The current request object
- Method Detail
  - get
```
public static AuthenticatedWebSession get()
```
    Returns:
    
    Current authenticated web session
  - signIn
```
public final boolean signIn(String username,
                            String password)
```
    Try to sign in the user. It'll call authenticate(String, String) to do the real work and that is what you need to subclass to provide your own authentication mechanism.
    
    Parameters:
    
    username -
    
    password -
    
    Returns:
    
    true, if logon was successful
  - authenticate
```
protected abstract boolean authenticate(String username,
                                        String password)
```
    Actual authentication check, has to be implemented by subclasses.
    
    Parameters:
    
    username - The username
    
    password - The password
    
    Returns:
    
    True if the user was authenticated successfully
  - signIn
```
protected final void signIn(boolean value)
```
    Cookie based logins (remember me) may not rely on putting username and password into the cookie but something else that safely identifies the user. This method is meant to support these use cases. It is protected (and not public) to enforce that cookie based authentication gets implemented in a subclass (like you need to implement authenticate(String, String) for 'normal' authentication).
    
    Parameters:
    
    value -
    
    See Also:
    
    authenticate(String, String)
  - isSignedIn
```
public final boolean isSignedIn()
```
    Specified by:
    
    isSignedIn in class AbstractAuthenticatedWebSession
    
    Returns:
    
    true, if user is signed in
  - signOut
```
public void signOut()
```
    Sign the user out.
    This method is an alias of invalidate()
  - invalidate
```
public void invalidate()
```
    Call signOut() and remove the logon data from where ever they have been persisted (e.g. Cookies)
    
    Overrides:
    
    invalidate in class WebSession
    
    See Also:
    
    Session.invalidate()

Class AuthenticatedWebSession

Field Summary

Fields inherited from class org.apache.wicket.Session

Constructor Summary

Method Summary

Methods inherited from class org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession

Methods inherited from class org.apache.wicket.protocol.http.WebSession

Methods inherited from class org.apache.wicket.Session

Methods inherited from class java.lang.Object

Constructor Detail

AuthenticatedWebSession

Method Detail

get

signIn

authenticate

signIn

isSignedIn

signOut

invalidate