com.uwyn.rife.authentication.sessionvalidators
Class BasicSessionValidator

java.lang.Object
  extended by com.uwyn.rife.authentication.sessionvalidators.AbstractSessionValidator
      extended by com.uwyn.rife.authentication.sessionvalidators.BasicSessionValidator
All Implemented Interfaces:
SessionValidator

public class BasicSessionValidator
extends AbstractSessionValidator

Non-optimized session validator. This is a naive implementation of the SessionValidator interface, suitable for cases where there is no need for optimization of session validity checking. For example, it is used as the session validator for RIFE's built-in "mixed" and "memory" authentication elements.

Since:
1.6
Version:
$Revision: $
Author:
Steven Grimm (koreth[remove] at midwinter dot com), Geert Bevin (gbevin[remove] at uwyn dot com)
See Also:
SessionValidator

Field Summary
 
Fields inherited from class com.uwyn.rife.authentication.sessionvalidators.AbstractSessionValidator
mCredentialsManager, mRememberManager, mSessionManager, SESSION_INVALID, SESSION_VALID
 
Constructor Summary
BasicSessionValidator()
           
 
Method Summary
 boolean isAccessAuthorized(int id)
          Indicates if the provided validity identifier is considered as valid and that the access to the secured resource is thus authorized.
 int validateSession(String authId, String hostIp, SessionAttributes attributes)
          Validates an existing session according to a set of attributes that define the context in which this validation occurs.
 
Methods inherited from class com.uwyn.rife.authentication.sessionvalidators.AbstractSessionValidator
getCredentialsManager, getRememberManager, getSessionManager, setCredentialsManager, setRememberManager, setSessionManager
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BasicSessionValidator

public BasicSessionValidator()
Method Detail

isAccessAuthorized

public boolean isAccessAuthorized(int id)
Description copied from interface: SessionValidator
Indicates if the provided validity identifier is considered as valid and that the access to the secured resource is thus authorized.

Normally, specific business logic is only required for the situations in which access has prohibited. This method is used to make it possible to provide automatic access to the secured resource.

Parameters:
id - The numeric identifier that is returned by the validateSession method.
Returns:
true if access to the secured resource was authorized; or

false if access was prohibited.


validateSession

public int validateSession(String authId,
                           String hostIp,
                           SessionAttributes attributes)
                    throws SessionValidatorException
Description copied from interface: SessionValidator
Validates an existing session according to a set of attributes that define the context in which this validation occurs.

This method is typically executed for each access to a secured resource, performance is thus of critical importance.

The implementation of this method should be optimal for the combination of the used CredentialsManager and SessionManager. Specific code that combines the features of both managers should be written, instead of relying on the abstracted api of each manager. Paying attention to the implementation of this method can dramatically reduce the overhead of securing resources.

Parameters:
authId - The unique id of the authentication session that needs to be validated.
hostIp - The ip address of the host from which the user accesses the application.
attributes - Access to the attributes that define that context in which the session has to be validated.
Returns:
A number that indicates the validation state of the session. This allows the application to go beyond valid or invalid. Additional states like for example : blocked, initial login and disabled, can be used by using different numbers.
Throws:
SessionValidatorException - An undefined number of exceptional cases or error situations can occur when a session is validated. They are all indicated by throwing an instance of SessionValidatorException. It's up to the implementations of this interface to give more specific meanings to these exceptions.


Copyright © 2001-2007 Uwyn sprl/bvba. All Rights Reserved.