Package org.apache.felix.webconsole

Interface WebConsoleSecurityProvider2

All Superinterfaces:

WebConsoleSecurityProvider

All Known Subinterfaces:

WebConsoleSecurityProvider3

@Deprecated
@ConsumerType
public interface WebConsoleSecurityProvider2
extends WebConsoleSecurityProvider

Deprecated.

Use the SecurityProvider instead.

The WebConsoleSecurityProvider2 extends the WebConsoleSecurityProvider interface allowing for full control of the authentication process to access the Web Console.

If a registered WebConsoleSecurityProvider service implements this interface the authenticate(HttpServletRequest, HttpServletResponse) method is called instead of the WebConsoleSecurityProvider.authenticate(String, String) method.

Since:

3.1.2; Web Console Bundle 3.1.4

Field Summary

Fields

Modifier and Type	Field	Description
static final String	USER_ATTRIBUTE	Deprecated. The name of the request attribute providing the object representing the authenticated user.

Method Summary

Modifier and Type	Method	Description
boolean	authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)	Deprecated. Authenticates the given request or asks the client for credentials.

Methods inherited from interface org.apache.felix.webconsole.WebConsoleSecurityProvider

authenticate, authorize

Field Details

USER_ATTRIBUTE

static final String USER_ATTRIBUTE

Deprecated.

The name of the request attribute providing the object representing the authenticated user. This object is used to call the WebConsoleSecurityProvider.authorize(Object, String) to authorize access for certain roles.

See Also:

• Constant Field Values

Method Details

authenticate

boolean authenticate(javax.servlet.http.HttpServletRequest request,
 javax.servlet.http.HttpServletResponse response)

Deprecated.

Authenticates the given request or asks the client for credentials.

Implementations of this method are expected to respect and implement the semantics of the ServletContextHelper.handleSecurity method as specified in the OSGi HTTP Service specification.

If this method returns true it is assumed the request provided valid credentials identifying the user as accepted to access the web console. In addition, the USER_ATTRIBUTE request attribute must be set to a non-null object reference identifying the authenticated user.

If this method returns false the request to the web console is terminated without any more response sent back to the client. That is the implementation is expected to have informed the client in case of non-granted access.

Parameters:

request - The request object

response - The response object

Returns:

true If the request provided valid credentials.