uk.co.weft.htform
Class AuthenticatedForm

java.lang.Object
  javax.servlet.GenericServlet
      javax.servlet.http.HttpServlet
          uk.co.weft.maybeupload.MaybeUploadServlet
              uk.co.weft.htform.Servlet
                  uk.co.weft.htform.WithExceptionHandlerServlet
                      uk.co.weft.htform.Page
                          uk.co.weft.htform.Form
                              uk.co.weft.htform.AuthenticatedForm

All Implemented Interfaces:

DocumentGenerator, ResourceConsumer, java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

Direct Known Subclasses:

ChangePasswordForm, DiaryMonth, FirstTime, List, PasswordForm, TableWrapperForm

public abstract class AuthenticatedForm

extends Form

An HTML form with a guaranteed, authenticated database connection, persistent for the life of the session. In order to get to this point, the procedure is:

• User requests this URL.
• If I have an existing session, I see whether the session has a connection. If so, procede as normal.
• If not, see whether I have a user name and password for the user (e.g. from a previous loop).
• If so, attempt to create a database connection with that username and password.
• If that fails, prompt for a new username and password with POST URL back to me.

This class (and consequently all servlets which are subclasses of this class) know about the following configuration parameters, in addition to those handled by Form:

allow_logout

if set and not 'true', suppress the logout widget

authenticator_class

String: the fully qualified name of the class I shall use to authenticate users. Must implement the Authenticator interface. Optional. Defaults to uk.co.weft.dbutil.JDBCAuthenticator.

on_logout_redirect

String: URL to redirect to following logout. Optional but advised. No default (i.e. defaults to this Servlet).

logout_prompt

String: the prompt to use for the logout widget. Optional. Defaults to When you have finished editing.

Version:

$Revision: 1.42.4.3 $ This revision: $Author: simon $

Author:

Simon Brooke

See Also:

Serialized Form

Field Summary

protected boolean	allowLogout Whether to offer the user a logout button
static java.lang.String	ALLOWLOGOUTCONFIGTOKEN a token on which to look in the ocnfiguration for whether to allow logout
static java.lang.String	AUTHENTICATEDUSERMAGICTOKEN A token on which to store the authenticated user in the context
protected Authenticator	authenticator the authenticator I use to authenticate my users
static java.lang.String	AUTHENTICATORCLASSMAGICTOKEN A token on which to look for the authenticator class in the config
protected WidgetSet	authentificationWidgets An alternate set of widgets to be used for authentification
protected java.lang.String	logoutPrompt prompt strong for my logout widget
static java.lang.String	LOGOUTPROMPTCONFIGTOKEN a token on which to look in the configuration for a logout prompt
protected ActionWidget	logoutWidget The logout widget, created at instanitation time.
protected java.lang.String	onLogoutRedirect The URL to redirect to following logout

Fields inherited from class uk.co.weft.htform.Form

action, actionExecutedToken, ACTIONEXECUTEDTOKEN, auxiliaries, contextMenuMagicToken, CONTEXTMENUMAGICTOKEN, cssHelp, CSSHELP, cssPrompt, CSSPROMPT, defaultScriptBase, mandatoryPrompt, MIN_WIDGETS, onloadFunctionToken, ONLOADFUNCTIONTOKEN, optionalPrompt, selectedWidgetSetMagicToken, SELECTEDWIDGETSETMAGICTOKEN, showHeadline, submitMethod, SUBMITMETHODCONFIGTOKEN, SUBMITMETHODGET, SUBMITMETHODPOST, validationWhingeToken, VALIDATIONWHINGETOKEN, whingeHeader, widgets, widgetSets

Fields inherited from class uk.co.weft.htform.Page

DOCTYPECONFIGTOKEN, dynamicFootInclude, dynamicHeadInclude, footInclude, footIncludeURL, headInclude, headIncludeURL, imageUrlBase, layout, printStylesheet, PRINTSTYLESHEETCONFIGTOKEN, stylesheet, STYLESHEETCONFIGTOKEN, title, titleMagicToken, TITLEMAGICTOKEN

Fields inherited from class uk.co.weft.htform.WithExceptionHandlerServlet

EXCEPTIONHANDLERCLASSCONFIGTOKEN

Fields inherited from class uk.co.weft.htform.Servlet

calendar, conf, contentType, CONTENTTYPECONFIGTOKEN, cookieDomain, cookiePath, COOKIESCONFIGTOKEN, cookieTTL, dbPassword, dbUrl, dbUsername, debug, DEBUGCONFIGTOKEN, driverName, embedded, here, identity, localeMagicToken, LOCALEMAGICTOKEN, outputStreamMagicToken, OUTPUTSTREAMMAGICTOKEN, parsePathInfo, PATHINFOMAGICTOKEN, ready, redirectMagicToken, REDIRECTMAGICTOKEN, requestMagicToken, REQUESTMAGICTOKEN, resourceBundleName, responseMagicToken, RESPONSEMAGICTOKEN, servletMagicToken, SERVLETMAGICTOKEN, sessionMagicToken, SESSIONMAGICTOKEN, USEHTTPSCONFIGTOKEN, zone

Fields inherited from class uk.co.weft.maybeupload.MaybeUploadServlet

allowOverwrite, maxUpload, saveUploadedFilesToDisk, silentlyRename, uploadDir, uploadDirPath, uploadDirURL

Fields inherited from interface uk.co.weft.htform.ResourceConsumer

RESOURCEBUNDLEMAGICTOKEN

Constructor Summary

AuthenticatedForm()

Method Summary

void	init(Context config) Set up my authentification widgets: username and password.
protected boolean	login(Context context) If authentication is successful, cache the interesting tokens on the session so the user doesn't get prompted to login at every form (s)he sees.
protected void	logout(Context context) clear the interesting tokens cached on the session at login time.

Methods inherited from class uk.co.weft.htform.Form

addAuxiliary, addWidget, defaultActionHandler, doBody, doHead, doHeadBodySep, fixupMagicValues, generate, getLayout, getNextActionURL, getSelectedWidgetSet, getTitle, getTransformURL, getWidgetSetByName, handleAction, hasWidgets, makeReady, postForm, postProcess, preForm, preProcess, selectNextWidgetSet, setContextMenuQuery

Methods inherited from class uk.co.weft.htform.Page

doFoot, doFoot, generateContent, getFootInclude, getFootIncludeURL, getFootIncludeURL, getHeadInclude, getHeadIncludeURL, getHeadIncludeURL, getStylesheet, getStylesheets, getTables, getTitle, outputRedirectBlock, readStringFromURL

Methods inherited from class uk.co.weft.htform.WithExceptionHandlerServlet

whinge, whinge, whinge

Methods inherited from class uk.co.weft.htform.Servlet

addCookie, addCookie, coerceCookiesToContext, coerceToContext, coerceToContext, coerceToContext, coerceToContext, coerceToUrl, createContext, doGet, doPost, getCalendar, getContentType, getDebug, getLocale, getOutputStream, getResource, getResourceString, getServletInfo, grs, grs, handleCookies, handleRedirect, init, setCookieValues, storeOnSession

Methods inherited from class uk.co.weft.maybeupload.MaybeUploadServlet

doDelete, doHead, doOptions, doPut, doTrace, getUploadDir, getUploadURL, service

Methods inherited from class javax.servlet.http.HttpServlet

doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service

Methods inherited from class javax.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletName, init, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface uk.co.weft.domutil.DocumentGenerator

destroy

Field Detail

AUTHENTICATEDUSERMAGICTOKEN

public static final java.lang.String AUTHENTICATEDUSERMAGICTOKEN

A token on which to store the authenticated user in the context

See Also:

Constant Field Values

AUTHENTICATORCLASSMAGICTOKEN

public static final java.lang.String AUTHENTICATORCLASSMAGICTOKEN

A token on which to look for the authenticator class in the config

See Also:

Constant Field Values

ALLOWLOGOUTCONFIGTOKEN

public static final java.lang.String ALLOWLOGOUTCONFIGTOKEN

a token on which to look in the ocnfiguration for whether to allow logout

See Also:

Constant Field Values

LOGOUTPROMPTCONFIGTOKEN

public static final java.lang.String LOGOUTPROMPTCONFIGTOKEN

a token on which to look in the configuration for a logout prompt

See Also:

Constant Field Values

logoutWidget

protected ActionWidget logoutWidget

The logout widget, created at instanitation time. To override the default updateWidget, a specialisation must set updateWidget to an instantiation of an ActionWidget before calling super.init()

authenticator

protected Authenticator authenticator

the authenticator I use to authenticate my users

logoutPrompt

protected java.lang.String logoutPrompt

prompt strong for my logout widget

onLogoutRedirect

protected java.lang.String onLogoutRedirect

The URL to redirect to following logout

authentificationWidgets

protected WidgetSet authentificationWidgets

An alternate set of widgets to be used for authentification

allowLogout

protected boolean allowLogout

Whether to offer the user a logout button

Constructor Detail

AuthenticatedForm

public AuthenticatedForm()

Method Detail

init

public void init(Context config)
          throws InitialisationException

Set up my authentification widgets: username and password.

Specified by:

init in interface DocumentGenerator

Overrides:

init in class Form

Throws:

InitialisationException

login

protected boolean login(Context context)
                 throws java.lang.Exception

If authentication is successful, cache the interesting tokens on the session so the user doesn't get prompted to login at every form (s)he sees. Then do the default action of the form.

Returns:

true if login succeeded (since Jacquar 1.10.9)

Throws:

java.lang.Exception

logout

protected void logout(Context context)

clear the interesting tokens cached on the session at login time.