|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectjavax.servlet.GenericServlet
javax.servlet.http.HttpServlet
fc.web.servlet.FCBaseServlet
fc.web.servlet.LoginServlet
public class LoginServlet
Logs in/logs out the user. Works in conjunction with JDBCAuthFilter
and
the login page of the application. (handles the submit from the HTML login
form). Moreover, the application can logout the user by invoking this servlet
with an additional act=logout query string. Uses JDBCSession
to create/delete session id's automatically on successful
logins/logouts.
Requires the following servlet initialization parameters
SID_COOKIE_NAME
the session ID assigned to the
user. After logging in, a session will exist in the database. JDBCSession
can thereafter be used to store any information for that
session in the database via the session ID.
onLogin(java.sql.Connection, java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method is invoked.
This method can be overriden as necessary by subclasses. Similarly, In addition, upon
successful logout, the onLogout(java.sql.Connection, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method is invoked.
The servlet requires the following request parameters from the login form:
AuthFilter
automatically stores the
original target page as a parameter (URLEncoded) so that users are
seamlessly redirected to their original target after a successful
login or logout.
Requires the following database schema:
A Users table must exist. (note: "user" is a reserved word in many databases, the table must be called Users.Since this class usesThe following columns must exist in the Users table.
The class will use the- user_id the user id
- username the name of the user (corresponds to the username parameter in the login form)
- password the password for the user (corresponds to the password parameter in the login form).
DBOMgr
framework so a UserMgr class corresponding to the aforementioned User table must exist in the classpath of this servlet.
JDBCSession
, the default database
tables required by JDBCSession
also must exist.
For security reasons, for logging in, the username/password form must be submitted via a POST (GET is fine when logging out).
Field Summary | |
---|---|
static java.lang.String |
SID_COOKIE_NAME
value = "sid" |
Constructor Summary | |
---|---|
LoginServlet()
|
Method Summary | |
---|---|
void |
doGet(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
|
void |
doPost(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
|
java.lang.String |
encodePassword(java.lang.String password)
For this method to be available from application code, this servlet should be set to load on startup and code similar to the following example invoked. |
static javax.servlet.http.Cookie |
getSIDCookie(javax.servlet.http.HttpServletRequest req)
Returns the cookie corresponding to the "sid". |
void |
init(javax.servlet.ServletConfig conf)
|
void |
onLogin(java.sql.Connection con,
java.lang.String sid,
java.lang.String username,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
This method is invoked upon successful login. |
void |
onLogout(java.sql.Connection con,
java.lang.String sid,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
This method is invoked upon successful login. |
java.lang.String |
validateUser(java.sql.Connection con,
java.lang.String username,
java.lang.String password)
This method validates the specified username/password. |
Methods inherited from class fc.web.servlet.FCBaseServlet |
---|
destroy, getLog, stats, toString |
Methods inherited from class javax.servlet.http.HttpServlet |
---|
service |
Methods inherited from class javax.servlet.GenericServlet |
---|
getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log |
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String SID_COOKIE_NAME
Constructor Detail |
---|
public LoginServlet()
Method Detail |
---|
public void init(javax.servlet.ServletConfig conf) throws javax.servlet.ServletException
init
in interface javax.servlet.Servlet
init
in class FCBaseServlet
javax.servlet.ServletException
public static javax.servlet.http.Cookie getSIDCookie(javax.servlet.http.HttpServletRequest req)
SID_COOKIE_NAME
and the value is the SID
created/set at login time). Returns null is no
sid cookie is found.
public void doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) throws javax.servlet.ServletException, java.io.IOException
doGet
in class javax.servlet.http.HttpServlet
javax.servlet.ServletException
java.io.IOException
public void doPost(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) throws javax.servlet.ServletException, java.io.IOException
doPost
in class javax.servlet.http.HttpServlet
javax.servlet.ServletException
java.io.IOException
public java.lang.String validateUser(java.sql.Connection con, java.lang.String username, java.lang.String password) throws java.sql.SQLException, java.io.IOException
This class should be subclassed to override this method and validate the supplied username/password against a database in a different fashion if desired. The default implmentation of this method works with the following initialization parameters.
JDBCSession
.
java.sql.SQLException
java.io.IOException
public java.lang.String encodePassword(java.lang.String password) throws java.io.IOException
LoginServlet ls = (LoginServlet) WebApp.allServletsMap.get("fc.web.servlet.LoginServlet"); if (ls == null) { //can happen if servlet is not loaded yet throw new Exception("Unexpected error: LoginServlet was null"); } return ls.encodePassword(passwd);
java.io.IOException
public void onLogin(java.sql.Connection con, java.lang.String sid, java.lang.String username, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) throws java.sql.SQLException, java.io.IOException
con
- a connection to the databaseusername
- the username for this user (that was used to login the
user via the login query)sid
- the session id for this user
java.sql.SQLException
java.io.IOException
public void onLogout(java.sql.Connection con, java.lang.String sid, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) throws java.sql.SQLException, java.io.IOException
con
- a connection to the databasesid
- the session id for this user
java.sql.SQLException
java.io.IOException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |