com.sap.security.api
Interface IAuthentication

All Superinterfaces:

IConfigurable

All Known Subinterfaces:

ILogonAuthentication

public interface IAuthentication

extends IConfigurable

This interface retrieves the user information of currently logged-in user. Please see also ILogonAuthentication

Method Summary

IUser	forceLoggedInUser(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) Checks whether the user is currently logged in and returns an implementation of IUser
void	forceLogoffUser(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, java.lang.String url) Logoff user by invalidate the user session and deleting the authentication cookies.
IUser	getLoggedInUser() Checks whether the user is currently logged in and returns an implementation of IUser.
IUser	getLoggedInUser(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) Returns the authenticated user.
void	logout(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) Logouts current user.

Methods inherited from interface com.sap.security.api.IConfigurable

initialize

Method Detail

forceLoggedInUser

public IUser forceLoggedInUser(javax.servlet.http.HttpServletRequest req,
                               javax.servlet.http.HttpServletResponse resp)

Checks whether the user is currently logged in and returns an implementation of IUser

If the user is not yet logged in, a respective logon page is written as ServletResponse. In that case (i.e. null is returned) the calling servlet can simply end their doGet or doPost method with return.

Example:

 IUser uid = forceLoggedInUser(req,res);
 if (uid == null) return;
 

Parameters:

req - HttpServletRequest

resp - HttpServletResponse

Returns:

The currently logged in IUser object or null otherwise.

getLoggedInUser

public IUser getLoggedInUser()

Checks whether the user is currently logged in and returns an implementation of IUser. If no user is currently logged in, the default guest user is returned (defined in property ume.login.guest_user.uniqueids).

Returns:

The currently logged in IUser object or the default guest user otherwise.

getLoggedInUser

public IUser getLoggedInUser(javax.servlet.http.HttpServletRequest req,
                             javax.servlet.http.HttpServletResponse resp)

Returns the authenticated user. If no user is found in session, the method performs login with the credentials supplied in the request.

Parameters:

req - as HttpServletRequest

resp - as HttpServletResponse

Returns:

the logged in user or null

logout

public void logout(javax.servlet.http.HttpServletRequest req,
                   javax.servlet.http.HttpServletResponse resp)

Logouts current user.

Some cookies will be deleted in the HttpServletResponse.

Parameters:

req - HttpServletRequest

resp - HttpServletResponse

forceLogoffUser

public void forceLogoffUser(javax.servlet.http.HttpServletRequest req,
                            javax.servlet.http.HttpServletResponse resp,
                            java.lang.String url)

Logoff user by invalidate the user session and deleting the authentication cookies.

The user will also be sent to a logoff page which acknowledges that a logoff has taken place with a link for the user to logon again.

Example:

 forceLogoffUser(req, res, returnURL);
 

Parameters:

req - HttpServletRequest

resp - HttpServletResponse

url - url to use to logon again.