net.sf.deadbolt.handlers
Class DeadboltHandler

java.lang.Object
  net.sf.deadbolt.handlers.DeadboltHandler

Direct Known Subclasses:

IPFilterHandler, SQLInjectionHandler

public abstract class DeadboltHandler

extends java.lang.Object

This is the base class that all handlers extend from. The handler that you write only needs to override the authenticate method that will be called when a resource is requested that is protected by a room with your handler defined.

Author:

Tim Solley

Constructor Summary

DeadboltHandler()

Method Summary

void	addErrorKey(javax.servlet.http.HttpServletRequest request, java.lang.String errorKey) This method will add an error to the request, which can later be used by the DisplayErrorsTag custom tag in a JSP error page.
void	addErrorMessage(javax.servlet.http.HttpServletRequest request, java.lang.String errorMessage) This method adds an error message without the need for a key.
void	addErrors(javax.servlet.http.HttpServletRequest request, java.util.List errors) This method does the same thing as the addError method, but takes in a List as a parameter.
abstract boolean	authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Room room) This method is the main body of the handler, which will tell the framework whether to let the user in or not.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DeadboltHandler

public DeadboltHandler()

Method Detail

authenticate

public abstract boolean authenticate(javax.servlet.http.HttpServletRequest request,
                                     javax.servlet.http.HttpServletResponse response,
                                     Room room)

This method is the main body of the handler, which will tell the framework whether to let the user in or not. You can do whatever you like in this method, such as checking a user's digital certificate, checking LDAP, checking user information stored in the session, or even checking a database. Other uses might be for logging or statistical purposes. Handlers can be chained in Deadbolt, as specified in the deadbolt-config.xml file. It's important to remember that if you're chaining handlers, and one handler depends on information obtained in the previous handler, that the previous handler should put this information in a well known place, such as in the HttpServletRequest.

Parameters:

request -

response -

Returns:

Whether to let the user pass this handler or not.

addErrorKey

public void addErrorKey(javax.servlet.http.HttpServletRequest request,
                        java.lang.String errorKey)

This method will add an error to the request, which can later be used by the DisplayErrorsTag custom tag in a JSP error page. In a user defined handler, just call this method, passing in the request and a error key, as defined in the deadbolt-config.xml file. This will put the actual text of the error message in the request for the JSP page. It's important for a developer writing a handler to make sure that the spelling of the error key is correct. If not, then no message will be found.

Parameters:

request -

errorKey -

addErrors

public void addErrors(javax.servlet.http.HttpServletRequest request,
                      java.util.List errors)

This method does the same thing as the addError method, but takes in a List as a parameter. This List must contain only String objects.

Parameters:

request -

errors - A List of errors

addErrorMessage

public void addErrorMessage(javax.servlet.http.HttpServletRequest request,
                            java.lang.String errorMessage)

This method adds an error message without the need for a key. This is mostly used internally for one off messages.

Parameters:

request -

errorMessage -