org.securityfilter.config

Class SecurityConfig

java.lang.Object

org.securityfilter.config.SecurityConfig

public class SecurityConfig
extends Object

SecurityConfig gathers information from the security-config.xml file to be used by the filter.

Version:

$Revision$ $Date$

Author:

Torgeir Veimo (torgeir@pobox.com), Max Cooper (max@maxcooper.com), Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net), David Reed (dreed10@neo.rr.com)

Constructor Summary

Constructors

Constructor and Description
SecurityConfig(boolean validating) Constructor that takes the validating flag and debug level to be used while parsing.

Method Summary

Modifier and Type	Method and Description
void	addRealm(Object realm) Adds a realm to use for authentication.
void	addSecurityConstraint(SecurityConstraint constraint) Adds a SecurityConstraint.
String	getAuthMethod() Get the authentication method being used to challenge the user.
int	getCookieExpire() Return the amount of seconds the authentication token cookie should remain valid after logging in (in seconds).
String	getCookiePaths() Return the paths for which authentication token cookies should be set.
String	getDefaultPage() Return the default page URL.
String	getErrorPage() Return the error page URL.
String	getExtraHashString() Return the extra hash string for adding salt to the validation hash
String	getLoginPage() Return the login page URL.
String	getLogoutPage() Return the logout page URL.
PersistentLoginManagerInterface	getPersistentLoginManager() Return the StickyLoginManager used for this implementation
SecurityRealmInterface	getRealm() Return the realm to use for authentication.
String	getRealmName() Get the authentication realm name.
String	getSecretKey() Return the secret key for encrypting the authentication token cookie.
List	getSecurityConstraints() Return the configured SecurityConstraints.
boolean	isAcceptCookie()
boolean	isSetCookies()
void	loadConfig(URL configURL) Loads configuration from the specifued configURL.
protected void	registerLocalDTDs(org.apache.commons.digester.Digester digester) Register local copies of the SecurityFilter DTD files.
void	setAcceptCookie(String acceptCookie)
void	setAuthMethod(String authMethod) Set the authentication method being used to challenge the user.
void	setCookieExpire(String cookieExpire) Set cookie validity duration in seconds.
void	setCookiePaths(String cookiePaths) Set cookie paths.
void	setDefaultPage(String defaultPage) Set the default page URL.
void	setErrorPage(String errorPage) Set the error page URL.
void	setExtraHashString(String extraHashString) Set extra hash string
void	setLoginPage(String loginPage) Set the login page URL.
void	setLogoutPage(String logoutPage) Set the logout page URL.
void	setPersistentLoginManager(PersistentLoginManagerInterface persistentLoginManager) Set the PersistentLoginManager to be used for persisting logins.
void	setRealmName(String realmName) Set the authentication realm name.
void	setSecretKey(String secretKey) Set secret key.
void	setSetCookies(String setCookies)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityConfig

public SecurityConfig(boolean validating)

Constructor that takes the validating flag and debug level to be used while parsing.

Parameters:

validating - validate the input file, true = validate, false = don't validate

Method Detail

getLoginPage

public String getLoginPage()

Return the login page URL.

setLoginPage

public void setLoginPage(String loginPage)

Set the login page URL. This is the page the user will be sent to to log in (i.e. the login form).

Parameters:

loginPage - The login page url (relative to site root)

getErrorPage

public String getErrorPage()

Return the error page URL.

setErrorPage

public void setErrorPage(String errorPage)

Set the error page URL. This is the page the user will be sent to if login request fails.

Parameters:

errorPage - The login page URL (relative to site root)

getLogoutPage

public String getLogoutPage()

Return the logout page URL.

setLogoutPage

public void setLogoutPage(String logoutPage)

Set the logout page URL.

Parameters:

logoutPage - The logout page url (relative to site root)

getDefaultPage

public String getDefaultPage()

Return the default page URL.

setDefaultPage

public void setDefaultPage(String defaultPage)

Set the default page URL. This is the page the user will be sent to if they submit a login request without being forced to the login page by the filter.

Parameters:

defaultPage - The default page URL (relative to site root)

getAuthMethod

public String getAuthMethod()

Get the authentication method being used to challenge the user. Currently, only BASIC and FORM based are supported.

Returns:

BASIC or FORM

setAuthMethod

public void setAuthMethod(String authMethod)

Set the authentication method being used to challenge the user. Currently, only BASIC and FORM based are supported.

Parameters:

authMethod - The authentication method to be used by the filter

getRealmName

public String getRealmName()

Get the authentication realm name. This is used for BASIC authentication.

Returns:

the realm-name configured by the application developer

setRealmName

public void setRealmName(String realmName)

Set the authentication realm name. This is used for BASIC authentication.

Parameters:

realmName - the realm name to be used for BASIC authentication

getRealm

public SecurityRealmInterface getRealm()

Return the realm to use for authentication. This is the outer-most realm if nested realms are used. The outer-most realm must be listed first in the configuration file.

addRealm

public void addRealm(Object realm)
              throws NoSuchMethodException,
                     IllegalAccessException,
                     InvocationTargetException

Adds a realm to use for authentication. The first time this method is called, the realm must implement SecurityRealmInterface. Subsequent calls can be any kind of object, and setRealm(realm) will be called on the last realm passed to this method. This allows nesting of realms for caching or when a realm adapter is used.

Parameters:

realm - The realm to use, or nest in deeper realm

Throws:

NoSuchMethodException

IllegalAccessException

InvocationTargetException

isSetCookies

public boolean isSetCookies()

setSetCookies

public void setSetCookies(String setCookies)

isAcceptCookie

public boolean isAcceptCookie()

setAcceptCookie

public void setAcceptCookie(String acceptCookie)

getSecretKey

public String getSecretKey()

Return the secret key for encrypting the authentication token cookie. Format: 8 bytes hex (16 characters).

setSecretKey

public void setSecretKey(String secretKey)

Set secret key. Must be 8 bytes (16 hex characters).

getExtraHashString

public String getExtraHashString()

Return the extra hash string for adding salt to the validation hash

setExtraHashString

public void setExtraHashString(String extraHashString)

Set extra hash string

getCookiePaths

public String getCookiePaths()

Return the paths for which authentication token cookies should be set. Semicolon-separated list of paths.

setCookiePaths

public void setCookiePaths(String cookiePaths)

Set cookie paths.

getCookieExpire

public int getCookieExpire()

Return the amount of seconds the authentication token cookie should remain valid after logging in (in seconds).

setCookieExpire

public void setCookieExpire(String cookieExpire)

Set cookie validity duration in seconds.

getSecurityConstraints

public List getSecurityConstraints()

Return the configured SecurityConstraints.

addSecurityConstraint

public void addSecurityConstraint(SecurityConstraint constraint)

Adds a SecurityConstraint.

Parameters:

constraint - The SecurityConstraint to add

setPersistentLoginManager

public void setPersistentLoginManager(PersistentLoginManagerInterface persistentLoginManager)

Set the PersistentLoginManager to be used for persisting logins.

Parameters:

persistentLoginManager - StickyLoginManager to use for this implementation

getPersistentLoginManager

public PersistentLoginManagerInterface getPersistentLoginManager()

Return the StickyLoginManager used for this implementation

loadConfig

public void loadConfig(URL configURL)
                throws IOException,
                       SAXException

Loads configuration from the specifued configURL.

Parameters:

configURL - The url to load.

Throws:

IOException - if an input/output error occurs

SAXException - if the file has invalid xml syntax

registerLocalDTDs

protected void registerLocalDTDs(org.apache.commons.digester.Digester digester)

Register local copies of the SecurityFilter DTD files.

Parameters:

digester -