org.restlet.security

Class Authenticator

java.lang.Object

org.restlet.Restlet

org.restlet.routing.Filter

org.restlet.security.Authenticator

All Implemented Interfaces:

Uniform

Direct Known Subclasses:

CertificateAuthenticator, ChallengeAuthenticator

public abstract class Authenticator
extends Filter

Filter authenticating the client sending the inbound request. Its main role is to inspect various credentials provided by the client and to add related application roles to the request's ClientInfo property.

Author:

Jerome Louvel

Field Summary

Fields inherited from class org.restlet.routing.Filter

CONTINUE, SKIP, STOP

Constructor Summary

Constructors

Constructor and Description
Authenticator(Context context) Constructor setting the mode to "required".
Authenticator(Context context, boolean optional) Constructor using the context's default enroler.
Authenticator(Context context, boolean multiAuthenticating, boolean optional, Enroler enroler) Constructor.
Authenticator(Context context, boolean optional, Enroler enroler) Constructor.

Method Summary

Modifier and Type	Method and Description
protected abstract boolean	authenticate(Request request, Response response) Attempts to authenticate the subject sending the request.
protected int	authenticated(Request request, Response response) Invoked upon successful authentication.
protected int	beforeHandle(Request request, Response response) Handles the authentication by first invoking the authenticate(Request, Response) method, only if isMultiAuthenticating() returns true and if ClientInfo.isAuthenticated() returns false.
Enroler	getEnroler() Returns the enroler invoked upon successful authentication to update the subject with new principals.
boolean	isMultiAuthenticating() Indicates if the authenticator should attempt to authenticate an already authenticated client.
boolean	isOptional() Indicates if the authenticator is not required to succeed.
void	setEnroler(Enroler enroler) Sets the enroler invoked upon successful authentication.
void	setMultiAuthenticating(boolean multiAuthenticating) Indicates if the authenticator should attempt to authenticate an already authenticated client.
void	setOptional(boolean optional) Indicates if the authenticator is not required to succeed.
protected int	unauthenticated(Request request, Response response) Invoked upon failed authentication.

Methods inherited from class org.restlet.routing.Filter

afterHandle, doHandle, getNext, handle, hasNext, setNext, setNext, start, stop

Methods inherited from class org.restlet.Restlet

createFinder, finalize, getApplication, getAuthor, getContext, getDescription, getFinderClass, getLogger, getName, getOwner, handle, handle, handle, isStarted, isStopped, setAuthor, setContext, setDescription, setFinderClass, setName, setOwner

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Authenticator

public Authenticator(Context context)

Constructor setting the mode to "required".

Parameters:

context - The context.

See Also:

Authenticator(Context, boolean)

Authenticator

public Authenticator(Context context,
                     boolean optional)

Constructor using the context's default enroler.

Parameters:

context - The context.

optional - Indicates if the authenticator is not required to succeed.

See Also:

Authenticator(Context, boolean, Enroler)

Authenticator

public Authenticator(Context context,
                     boolean multiAuthenticating,
                     boolean optional,
                     Enroler enroler)

Constructor.

Parameters:

context - The context.

multiAuthenticating - Indicates if the authenticator should attempt to authenticate an already authenticated client.

optional - Indicates if the authenticator is not required to succeed.

enroler - The enroler to invoke upon successful authentication.

Authenticator

public Authenticator(Context context,
                     boolean optional,
                     Enroler enroler)

Constructor.

Parameters:

context - The context.

optional - Indicates if the authenticator is not required to succeed.

enroler - The enroler to invoke upon successful authentication.

Method Detail

authenticate

protected abstract boolean authenticate(Request request,
                                        Response response)

Attempts to authenticate the subject sending the request.

Parameters:

request - The request sent.

response - The response to update.

Returns:

True if the authentication succeeded.

authenticated

protected int authenticated(Request request,
                            Response response)

Invoked upon successful authentication. By default, it updates the request's clientInfo and challengeResponse "authenticated" properties, clears the existing challenge requests on the response, calls the enroler and finally returns Filter.CONTINUE.

Parameters:

request - The request sent.

response - The response to update.

Returns:

The filter continuation code.

beforeHandle

protected int beforeHandle(Request request,
                           Response response)

Handles the authentication by first invoking the authenticate(Request, Response) method, only if isMultiAuthenticating() returns true and if ClientInfo.isAuthenticated() returns false. If the method is invoked and returns true, the authenticated(Request, Response) is called. Otherwise, if isOptional() returns true it continues to the next Restlet or if it returns false it calls the unauthenticated(Request, Response) method.

Overrides:

beforeHandle in class Filter

Parameters:

request - The request to handle.

response - The response to update.

Returns:

The continuation status. Either Filter.CONTINUE or Filter.SKIP or Filter.STOP.

getEnroler

public Enroler getEnroler()

Returns the enroler invoked upon successful authentication to update the subject with new principals. Typically new Role are added based on the available User instances available.

Returns:

The enroler invoked upon successful authentication

isMultiAuthenticating

public boolean isMultiAuthenticating()

Indicates if the authenticator should attempt to authenticate an already authenticated client. The client is considered authenticated if ClientInfo.isAuthenticated() returns true. By default, it is set to true.

Returns:

True if the authenticator should attempt to authenticate an already authenticated client.

isOptional

public boolean isOptional()

Indicates if the authenticator is not required to succeed. In those cases, the attached Restlet is invoked. Note that authentication will be attempted independently of this property unless the client is already authenticated and the isMultiAuthenticating() prevents multiple authentications.

Returns:

True if the authentication success is optional.

setEnroler

public void setEnroler(Enroler enroler)

Sets the enroler invoked upon successful authentication.

Parameters:

enroler - The enroler invoked upon successful authentication.

setMultiAuthenticating

public void setMultiAuthenticating(boolean multiAuthenticating)

Indicates if the authenticator should attempt to authenticate an already authenticated client. The client is considered authenticated if ClientInfo.isAuthenticated() returns true. By default, it is set to true.

Parameters:

multiAuthenticating - True if the authenticator should attempt to authenticate an already authenticated client.

setOptional

public void setOptional(boolean optional)

Indicates if the authenticator is not required to succeed. In those cases, the attached Restlet is invoked. Note that authentication will be attempted independently of this property unless the client is already authenticated and the isMultiAuthenticating() prevents multiple authentications.

Parameters:

optional - True if the authentication success is optional.

unauthenticated

protected int unauthenticated(Request request,
                              Response response)

Invoked upon failed authentication. By default, it updates the request's clientInfo and challengeResponse "authenticated" properties, and returns Filter.STOP.

Parameters:

request - The request sent.

response - The response to update.

Returns:

The filter continuation code.