com.uwyn.rife.authentication.sessionvalidators
Class BasicSessionValidator
java.lang.Object
com.uwyn.rife.authentication.sessionvalidators.AbstractSessionValidator
com.uwyn.rife.authentication.sessionvalidators.BasicSessionValidator
- All Implemented Interfaces:
- SessionValidator
public class BasicSessionValidator
- extends AbstractSessionValidator
Non-optimized session validator. This is a naive implementation of the
SessionValidator interface, suitable for cases where there is no
need for optimization of session validity checking. For example, it is
used as the session validator for RIFE's built-in "mixed" and "memory"
authentication elements.
- Since:
- 1.6
- Version:
- $Revision: $
- Author:
- Steven Grimm (koreth[remove] at midwinter dot com), Geert Bevin (gbevin[remove] at uwyn dot com)
- See Also:
SessionValidator
|
Method Summary |
boolean |
isAccessAuthorized(int id)
Indicates if the provided validity identifier is considered as
valid and that the access to the secured resource is thus
authorized. |
int |
validateSession(String authId,
String hostIp,
SessionAttributes attributes)
Validates an existing session according to a set of attributes that
define the context in which this validation occurs. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
BasicSessionValidator
public BasicSessionValidator()
isAccessAuthorized
public boolean isAccessAuthorized(int id)
- Description copied from interface:
SessionValidator
- Indicates if the provided validity identifier is considered as
valid and that the access to the secured resource is thus
authorized.
Normally, specific business logic is only required for the situations in
which access has prohibited. This method is used to make it possible to
provide automatic access to the secured resource.
- Parameters:
id - The numeric identifier that is returned by the
validateSession method.
- Returns:
true if access to the secured resource was
authorized; or
false if access was prohibited.
validateSession
public int validateSession(String authId,
String hostIp,
SessionAttributes attributes)
throws SessionValidatorException
- Description copied from interface:
SessionValidator
- Validates an existing session according to a set of attributes that
define the context in which this validation occurs.
This method is typically executed for each access to a secured resource,
performance is thus of critical importance.
The implementation of this method should be optimal for the combination
of the used CredentialsManager and
SessionManager. Specific code that combines the features of
both managers should be written, instead of relying on the abstracted api
of each manager. Paying attention to the implementation of this method
can dramatically reduce the overhead of securing resources.
- Parameters:
authId - The unique id of the authentication session that needs
to be validated.hostIp - The ip address of the host from which the user accesses
the application.attributes - Access to the attributes that define that context
in which the session has to be validated.
- Returns:
- A number that indicates the validation state of the session.
This allows the application to go beyond valid or
invalid. Additional states like for example : blocked,
initial login and disabled, can be used by using
different numbers.
- Throws:
SessionValidatorException - An undefined number of exceptional
cases or error situations can occur when a session is validated. They are
all indicated by throwing an instance of
SessionValidatorException. It's up to the implementations of
this interface to give more specific meanings to these exceptions.
Copyright © 2001-2007 Uwyn sprl/bvba. All Rights Reserved.