jet.server.api.http
Interface HttpUserSessionManager

All Superinterfaces:

UserSessionManager

public interface HttpUserSessionManager
extends UserSessionManager

HttpUserSessionManager is an extended interface of UserSessionManager for HTTP protocal.

Method Summary

boolean	checkAdminLogin(HttpServletRequest req, HttpServletResponse res, java.lang.String realm, java.util.Properties query) Check if the logged user is a admin user.
boolean	checkAdminLogin(HttpServletRequest req, java.lang.String realm, java.util.Properties query) Deprecated. This method has been deprecated since V8. You should in preference to use its overloaded method checkAdminLogin(req, res, realm, query), if you want to provide a special extra channel feature for admin user.
boolean	checkLogin(HttpServletRequest req, HttpServletResponse res, java.lang.String realm, java.util.Properties query) Do login if the HttpServletRequest has the login infomation.
boolean	checkLogin(HttpServletRequest req, java.lang.String realm, java.util.Properties query) Deprecated. This method has been deprecated since V8. You should in preference to use its overloaded method checkLogin(req, res, realm, query), if you want to provide a special extra channel feature for admin user.
HttpExternalAuthorized	getHttpExternalAuthorized() Get the HttpExternalAuthorized.
java.lang.String	getUser(HttpServletRequest req) Get the user ID of the user session by a HttpServletRequest.
UserSession	getUserSession(HttpServletRequest req) Get the user session by a HttpServletRequest.
boolean	isExtraChannel(HttpServletRequest req) Judge whether the incoming request is generated by the special extra channel or not? You can control and manage any access rights to your resources, if the request is from the special extra channel.
UserSession	loginMD5(java.lang.String realm, java.lang.String userID, java.lang.String digestResponse, java.lang.String unquotedNonce, java.lang.String digestURI, java.lang.String httpMethod, java.lang.Object extObj) Login an user in the digest MD5 method.
UserSession	loginMD5(java.lang.String realm, java.lang.String userID, java.lang.String digestResponse, java.lang.String unquotedNonce, java.lang.String digestURI, java.lang.String httpMethod, java.lang.Object extObj, boolean isWait)
void	logout(HttpServletRequest req) Logout the user session by a HttpServletRequest.
void	removeExpiredUserSessions(HttpServletRequest req) Remove the expired user sessions(exceed the max inactive interval).
void	sendUnauthorizedResponse(HttpServletRequest req, HttpServletResponse res, java.lang.String authScheme, java.lang.String realm) Send a HTTP unauthorized response(HTTP 401) to the client.
void	setHttpExternalAuthorized(HttpExternalAuthorized externalAuthorized) Set the HttpExternalAuthorized.

Methods inherited from interface jet.server.api.UserSessionManager

getAllUserSessions, getAllWaitUserSessions, getAuthenticator, getDefaultMaxInactiveInterval, getLastLoginTime, getLastLogoutTime, isWait, login, loginExternalAuthorized, needSecurity, putSessions, refreshLastAccessTime, setAuthenticator, setDefaultMaxInactiveInterval

Method Detail

getUser

java.lang.String getUser(HttpServletRequest req)

Get the user ID of the user session by a HttpServletRequest.

Parameters:

req - the HttpServletRequest.

Returns:

the user ID of the user session.

getUserSession

UserSession getUserSession(HttpServletRequest req)

Get the user session by a HttpServletRequest.

Specified by:

getUserSession in interface UserSessionManager

Parameters:

req - the HttpServletRequest.

Returns:

the user session.

setHttpExternalAuthorized

void setHttpExternalAuthorized(HttpExternalAuthorized externalAuthorized)

Set the HttpExternalAuthorized.

Parameters:

externalAuthorized - the HttpExternalAuthorized.

See Also:

HttpExternalAuthorized.

getHttpExternalAuthorized

HttpExternalAuthorized getHttpExternalAuthorized()

Get the HttpExternalAuthorized.

Returns:

the HttpExternalAuthorized.

See Also:

HttpExternalAuthorized.

removeExpiredUserSessions

void removeExpiredUserSessions(HttpServletRequest req)

Remove the expired user sessions(exceed the max inactive interval).

Parameters:

req - the HttpServletRequest.

loginMD5

UserSession loginMD5(java.lang.String realm,
                     java.lang.String userID,
                     java.lang.String digestResponse,
                     java.lang.String unquotedNonce,
                     java.lang.String digestURI,
                     java.lang.String httpMethod,
                     java.lang.Object extObj)
                     throws TooManyUsersException

Login an user in the digest MD5 method.

Parameters:

realm - the realm.

userID - the user ID.

digestResponse - the digest response.

unquotedNonce - the unquoted nonce.

digestURI - the digest URI.

httpMethod - the HTTP method.

extObj - the external object attach to the user session.

Returns:

the user session.

Throws:

TooManyUsersException - if a TooManyUsersException occurs.

See Also:

UserSession

loginMD5

UserSession loginMD5(java.lang.String realm,
                     java.lang.String userID,
                     java.lang.String digestResponse,
                     java.lang.String unquotedNonce,
                     java.lang.String digestURI,
                     java.lang.String httpMethod,
                     java.lang.Object extObj,
                     boolean isWait)
                     throws TooManyUsersException

Throws:

TooManyUsersException

checkLogin

boolean checkLogin(HttpServletRequest req,
                   java.lang.String realm,
                   java.util.Properties query)
                   throws TooManyUsersException,
                          TooManyTimesException,
                          java.io.IOException

Deprecated. This method has been deprecated since V8. You should in preference to use its overloaded method checkLogin(req, res, realm, query), if you want to provide a special extra channel feature for admin user.

Do login if the HttpServletRequest has the login infomation. Also check the HTTP query fields APIConst.TAG_AUTH_UID, APIConst.TAG_AUTH_PWD or APIConst.TAG_AUTHORIZATION if the HttpServletRequest has not the login infomation.

Parameters:

req - the HttpServletRequest.

realm - the realm.

query - the HTTP query fields.

Returns:

if the user attached to the HttpServletRequest login.

Throws:

TooManyUsersException - if a TooManyUsersException occurs.

TooManyTimesException - if a TooManyTimesException occurs.

java.io.IOException - if a IOException occurs.

See Also:

UserSession

checkAdminLogin

boolean checkAdminLogin(HttpServletRequest req,
                        java.lang.String realm,
                        java.util.Properties query)
                        throws TooManyUsersException,
                               TooManyTimesException,
                               java.io.IOException

Deprecated. This method has been deprecated since V8. You should in preference to use its overloaded method checkAdminLogin(req, res, realm, query), if you want to provide a special extra channel feature for admin user.

Check if the logged user is a admin user.

Parameters:

req - the HttpServletRequest.

realm - the realm.

query - the HTTP query fields.

Returns:

if the logged user is a admin user.

Throws:

java.io.IOException - if a IOException occurs.

TooManyUsersException

TooManyTimesException

checkLogin

boolean checkLogin(HttpServletRequest req,
                   HttpServletResponse res,
                   java.lang.String realm,
                   java.util.Properties query)
                   throws TooManyUsersException,
                          TooManyTimesException,
                          java.io.IOException

Do login if the HttpServletRequest has the login infomation. Also check the HTTP query fields APIConst.TAG_AUTH_UID, APIConst.TAG_AUTH_PWD or APIConst.TAG_AUTHORIZATION if the HttpServletRequest has not the login infomation.

Parameters:

req - the HttpServletRequest.

res - the HttpServletResponse.

realm - the realm.

query - the HTTP query fields.

Returns:

if the user attached to the HttpServletRequest login.

Throws:

TooManyUsersException - if a TooManyUsersException occurs.

TooManyTimesException - if a TooManyTimesException occurs.

java.io.IOException - if a IOException occurs.

See Also:

UserSession

checkAdminLogin

boolean checkAdminLogin(HttpServletRequest req,
                        HttpServletResponse res,
                        java.lang.String realm,
                        java.util.Properties query)
                        throws TooManyUsersException,
                               TooManyTimesException,
                               java.io.IOException

Check if the logged user is a admin user.

Parameters:

req - the HttpServletRequest.

res - the HttpServletResponse.

realm - the realm.

query - the HTTP query fields.

Returns:

if the logged user is a admin user.

Throws:

java.io.IOException - if a IOException occurs.

TooManyUsersException

TooManyTimesException

sendUnauthorizedResponse

void sendUnauthorizedResponse(HttpServletRequest req,
                              HttpServletResponse res,
                              java.lang.String authScheme,
                              java.lang.String realm)
                              throws java.io.IOException

Send a HTTP unauthorized response(HTTP 401) to the client.

Parameters:

req - the HttpServletRequest.

res - the HttpServletResponse.

authScheme - the the authentication scheme. The available values are "Basic" or "Digest".

realm - the realm.

Throws:

java.io.IOException - if a IOException occurs.

logout

void logout(HttpServletRequest req)

Logout the user session by a HttpServletRequest.

Specified by:

logout in interface UserSessionManager

Parameters:

req - the HttpServletRequest.

isExtraChannel

boolean isExtraChannel(HttpServletRequest req)

Judge whether the incoming request is generated by the special extra channel or not? You can control and manage any access rights to your resources, if the request is from the special extra channel. For example, you can deny the access action of running reports and submiting schedules to the request coming from the special extra channel.

Parameters:

req - the HttpServletRequest.

Returns:

true, if the request is generated by the special extra channel, else return false.