Package com.groiss.org

Class AuthUtil

java.lang.Object
com.groiss.org.AuthUtil
public class AuthUtil extends Object
Utilities for writing an authorization class.

  • Method Details

    • authorizeBrowser

      public static String authorizeBrowser(HttpServletRequest req, HttpServletResponse res, User u) throws IOException
      This function can be called from the client to instantiate a session. No cookie is being send back. The caller is responsible for dispatching the correct request. This can be accomplished via req.getRequestDispatcher(path).forward(req,res);
      Parameters:
      req - the HttpServletRequest
      res - the HttpServletResponse
      u - the user
      Returns:
      null, if no error condition occurred, or a string containing the error message which should be written back to the client; via res.getWriter().println(result);
      Throws:
      IOException

    • authorizeBrowser

      public static void authorizeBrowser(HttpServletRequest req, HttpServletResponse res, User u, String nextUrl) throws IOException
      This function can be called from the client to instantiate a session and send the session cookie to the browser.
      Parameters:
      req - the HttpServletRequest
      res - the HttpServletResponse
      u - the user
      nextUrl - the url for redirection When referer check is enabled (ep.check.http.referer), nextUrl must be also be in ep.check.http.referer.exempt, or annotated via EntryPoint.
      Throws:
      IOException

    • checkUser

      public static Principal checkUser(String userId, String passwd, String clientAddr) throws Exception
      Checks the user. Compares the password and checks whether the user is active. If one of the check fails an Exception is thrown. If the password is not correct an unsuccessful login will be recorded.
      Parameters:
      userId - the id of the user
      passwd - the passwd
      clientAddr - the ip address of the client
      Returns:
      the user with the given id, if found.
      Throws:
      Exception

    • checkUser

      public static Principal checkUser(String userId, String passwd, String clientAddr, boolean ignoreUnsuccessfulLogin) throws Exception
      Checks the user. Compares the password and checks whether the user is active. If one of the check fails an Exception is thrown. If the password is not correct an unsuccessful login will be recorded but only if parameter ignoreUnsuccessfulLogin ist not true.
      Parameters:
      userId - the id of the user
      passwd - the passwd
      clientAddr - the ip address of the client
      ignoreUnsuccessfulLogin - if true unsuccessful logins will not be recorded
      Returns:
      the user with the given id, if found.
      Throws:
      Exception

    • checkSysadmPasswd

      public static void checkSysadmPasswd(String passwd)

    • equalUserIds

      public static boolean equalUserIds(String firstId, String secondId)
      Checks if both id strings are equal respecting the configuration value for case sensitive user Id checking
      Parameters:
      firstId - a user Id string
      secondId - a user Id string to compare with firstId
      Returns:
      true if the ids are considered as equal, false otherwise

    • getNodeCookieName

      public static String getNodeCookieName()

    • addNodeCookie

      public static void addNodeCookie(HttpServletResponse res, String rn)

    • deleteNodeCookie

      public static void deleteNodeCookie(HttpServletResponse res)