Auth2Scheme (qwicap 1.4b25 [350] of 26-Sep-2008 Documentation)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

edu.utexas.its.eis.tools.qwicap.servlet
Interface Auth2Scheme

public interface Auth2Scheme

Classes that implement this interface provide Qwicap with it's authentication & authorization (Auth²) functionality. Every hit is passed to the qwicapAuth2SchemeHit method for approval. Approved hits are passed along to your Qwicap web application, while unapproved hits do nothing. Implementations will probably want to indicate disapproval to users by one of the following means:

Return a standard HTTP error code (probably 401, HttpServletResponse.SC_UNAUTHORIZED), and an informative error message, by using the HttpServletResponse.sendError(int, String) method.
Transmit an explanatory page directly to the client by using the PrintWriter, or ServletOutputStream, object available from the methods ServletResponse.getWriter() and ServletResponse.getOutputStream(), respectively. The HTTP connection is all yours in this case, so don't forget to begin by invoking ServletResponse.setContentType(String) to identify the MIME type of the content that you will be transmitting to the client.
Redirect the user to one, or more, static, explanatory pages using the HttpServletResponse.sendRedirect(String) method. Note that if those static pages are part of this web application, then the Auth2SchemeReply.qwicapCanSendStaticFiles() method must return true, or Qwicap will refuse the user access to those pages.

Instances of Auth2Scheme are provided to Qwicap by an instance of a class implementing the Auth2SchemeFactory interface. Qwicap discovers that factory class through an entry in the web application deployment descriptor ("web.xml" file). See the Auth2SchemeFactory documentation for complete details.

Author:: Chris W. Johnson
See Also:: Auth2SchemeFactory, Auth2SchemeReply

Method Summary
`Auth2SchemeReply`	`qwicapAuth2SchemeHit(Servlet Serv, HttpServletRequest Req, HttpServletResponse Resp)` Implements an authentication & authorization scheme that determines how Qwicap will respond to each hit.
`boolean`	`qwicapShouldRetainThisAuth2SchemeInstance()` Returns `true` to inform the servlet that this `Auth2Scheme` instance should be retained as part of the current user's session state, and should be used to evaluate the next hit received from this user.

Method Detail

qwicapAuth2SchemeHit

Auth2SchemeReply qwicapAuth2SchemeHit(Servlet Serv,
                                      HttpServletRequest Req,
                                      HttpServletResponse Resp)
                                      throws Exception

Implements an authentication & authorization scheme that determines how Qwicap will respond to each hit.

Parameters:: Serv - The active servlet.; Req - The current request.; Resp - The current response.
Returns:: An object implementing the Auth2SchemeReply interface.
Throws:: Exception - Thrown if anything goes wrong. The hit is discarded in such cases.

qwicapShouldRetainThisAuth2SchemeInstance

boolean qwicapShouldRetainThisAuth2SchemeInstance()

Returns true to inform the servlet that this Auth2Scheme instance should be retained as part of the current user's session state, and should be used to evaluate the next hit received from this user. Returns false to indicate that this Auth2Scheme instance should be discarded, in which case a new instance will be created to evaluate the next hit.

Returns:: true, if this instance should be stored and reused by this session, false if it should be discarded.