public class SunNetAuthHandler extends java.lang.Object implements Handler
The purpose of this handler is to provide an authenticated "front end"
to one or more web sites, using (hopefully) arbitrary challenge-
response based authentication via a plug-in authentication interface.
It can bridge disparate DNS domains by selectively mapping servers
on one domain into another, based on the supplied credentials, by using
the MultiProxyHandler
.
The authentication step is expected to yield a list of roles, each of which represents permission to access a specific foreign site. Once authentication is complete, and the roles are obtained, the handler keeps a set of credentials (a lease) on behalf of the user, which can be tuned at setup time for a variety of expiration conditions. Once a lease expires, re-authentication is required.
This handler starts two sets of handlers of its own, an authentication handler -
responsible for doing the authentication, and one of more virtual
proxy handlers - one for each possible role. In the current
implementation, the authentication handler is specified and a configuration
property, and the proxy handlers are all instances of
MultiProxyHandler
, one per role.
Operation of the handler proceeds in the following steps:
MultiProxyHandler
is started for each possible role
The login template is ordinary HTML, except contructs of the form:
<insert property=xx default=yy>may be used to substitute
Request.props
into the template. The properties challenge
and
Message
are automatically set to indicate the random
challange and error message (if any) from a previous attempt, respectively.
The following configuration parameters are recgnized:
NOTE: This handler is included for historical purposes. It should be upated to take advantage of features not available when it was first written.
Constructor and Description |
---|
SunNetAuthHandler() |
Modifier and Type | Method and Description |
---|---|
boolean |
init(Server server,
java.lang.String prefix)
Set up all of the handlers
- Secure Token Services for authentication
- MultiProxyHandler for dispatching to hosts
|
static java.lang.String |
processTemplate(java.lang.String template,
java.util.Hashtable data)
Process a template page, and send to the client.
|
boolean |
respond(Request request)
Act like a "gatekeeper".
|
void |
returnLogin(Request request,
java.lang.String message)
return the login page with the appropriate message substituted in
|
public boolean init(Server server, java.lang.String prefix)
init
in interface Handler
server
- The HTTP server that created this Handler
.
Typical Handler
s will use Server.props
to obtain run-time configuration information.prefix
- The handlers name.
The string this Handler
may prepend to all
of the keys that it uses to extract configuration information
from Server.props
. This is set (by the Server
and ChainHandler
) to help avoid configuration parameter
namespace collisions.true
if this Handler
initialized
successfully, false
otherwise. If
false
is returned, this Handler
should not be used.public boolean respond(Request request) throws java.io.IOException
respond
in interface Handler
request
- The Request
object that represents the HTTP
request.true
if the request was handled. A request was
handled if a response was supplied to the client, typically
by calling Request.sendResponse()
or
Request.sendError
.java.io.IOException
- if there was an I/O error while sending the response to
the client. Typically, in that case, the Server
will (try to) send an error message to the client and then
close the client's connection.
The IOException
should not be used to silently
ignore problems such as being unable to access some
server-side resource (for example getting a
FileNotFoundException
due to not being able
to open a file). In that case, the Handler
's
duty is to turn that IOException
into a
HTTP response indicating, in this case, that a file could
not be found.
public void returnLogin(Request request, java.lang.String message)
public static java.lang.String processTemplate(java.lang.String template, java.util.Hashtable data)
template
- The template to processdata
- The hashtable containing the data to subst