com.sap.security.api

Interface IAuthentication

All Superinterfaces:

IConfigurable

All Known Subinterfaces:

ILogonAuthentication

public interface IAuthentication
extends IConfigurable

This interface retrieves the user information of currently logged-in user. Please see also ILogonAuthentication

Method Summary

IUser	forceLoggedInUser(HttpServletRequest req, HttpServletResponse resp) Checks whether the user is currently logged in.
void	forceLogoffUser(HttpServletRequest req, HttpServletResponse resp, String url) Does the same as method logout.
IUser	getLoggedInUser() Checks whether the user is currently logged in and returns an implementation of IUser.
IUser	getLoggedInUser(HttpServletRequest req, HttpServletResponse resp) Returns the authenticated user.
void	logout(HttpServletRequest req, HttpServletResponse resp) Loggs off the current user.

Methods inherited from interface com.sap.security.api.IConfigurable

initialize

Method Detail

forceLoggedInUser

IUser forceLoggedInUser(HttpServletRequest req,
                        HttpServletResponse resp)

Checks whether the user is currently logged in. If he's not, the method returns null and performs authentication with the login module stack of the current application. If the authentication is successful, the method returns implementation of IUser, otherwise the returned response depends on the login modules which are in the stack.

Example:

 IUser uid = forceLoggedInUser(req,res);
 if (uid == null) return;
 

Parameters:

req - HttpServletRequest

resp - HttpServletResponse

Returns:

The currently logged in IUser object or null otherwise.

getLoggedInUser

IUser getLoggedInUser()

Checks whether the user is currently logged in and returns an implementation of IUser. If no user is currently logged in, the default guest user is returned (defined in property ume.login.guest_user.uniqueids).

Returns:

The currently logged in IUser object or the default guest user otherwise.

getLoggedInUser

IUser getLoggedInUser(HttpServletRequest req,
                      HttpServletResponse resp)

Returns the authenticated user. If no user is found in session, the method performs login with the credentials supplied in the request.

Parameters:

req - as HttpServletRequest

resp - as HttpServletResponse

Returns:

the logged in user or null

logout

void logout(HttpServletRequest req,
            HttpServletResponse resp)

Loggs off the current user. Performs logout for the authentication stack configured for the application this method is being called within. Also invalidates all the http sessions associated with the current JSESSIONID.

Parameters:

req - HttpServletRequest

resp - HttpServletResponse

forceLogoffUser

void forceLogoffUser(HttpServletRequest req,
                     HttpServletResponse resp,
                     String url)

Does the same as method logout. After that redirects to a logoff page which acknowledges that a logoff has taken place. The logoff page contains a button to log on again which points to the URL given by the caller of this method. If the given URL is null, then the logoff page does not contain a button to log on again.

Example:

 forceLogoffUser(req, res, returnURL);
 

Parameters:

req - HttpServletRequest

resp - HttpServletResponse

url - URL to use to log on again.

Access Rights

This class can be accessed from:

SC	DC
[sap.com] ENGINEAPI	[sap.com] com.sap.security.api.sda
[sap.com] ENGFACADE	[sap.com] tc/je/usermanagement/api
[sap.com] CORE-TOOLS	[sap.com] com.sap.engine.client.lib