/** * Delegates to {@link #isLoginAttempt(javax.servlet.ServletRequest, javax.servlet.ServletResponse) isLoginAttempt}. */ @Override protected final boolean isLoginRequest(ServletRequest request, ServletResponse response) { return this.isLoginAttempt(request, response); }
/** * Determines whether the incoming request is an attempt to log in. * <p/> * The default implementation obtains the value of the request's * {@link #AUTHORIZATION_HEADER AUTHORIZATION_HEADER}, and if it is not <code>null</code>, delegates * to {@link #isLoginAttempt(String) isLoginAttempt(authzHeaderValue)}. If the header is <code>null</code>, * <code>false</code> is returned. * * @param request incoming ServletRequest * @param response outgoing ServletResponse * @return true if the incoming request is an attempt to log in based, false otherwise */ protected boolean isLoginAttempt(ServletRequest request, ServletResponse response) { String authzHeader = getAuthzHeader(request); return authzHeader != null && isLoginAttempt(authzHeader); }
/** * Processes unauthenticated requests. It handles the two-stage request/challenge authentication protocol. * * @param request incoming ServletRequest * @param response outgoing ServletResponse * @return true if the request should be processed; false if the request should not continue to be processed */ protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { boolean loggedIn = false; //false by default or we wouldn't be in this method if (isLoginAttempt(request, response)) { loggedIn = executeLogin(request, response); } if (!loggedIn) { sendChallenge(request, response); } return loggedIn; }
@Override protected boolean isLoginAttempt(String authzHeader) { // handle BASIC in the same way as our faked one String authzHeaderScheme = getAuthzScheme().toLowerCase(); if (authzHeader.toLowerCase().startsWith(HttpServletRequest.BASIC_AUTH.toLowerCase())) { return true; } else { return super.isLoginAttempt(authzHeaderScheme); } }
@Override protected boolean isLoginAttempt(final String authzHeader) { return !isEmptyCredentials(authzHeader) && super.isLoginAttempt(authzHeader); }
@Override protected boolean isLoginAttempt( String authzHeader ) { // handle BASIC in the same way as our faked one String authzHeaderScheme = getAuthzScheme().toLowerCase(); if ( authzHeader.toLowerCase().startsWith( HttpServletRequest.BASIC_AUTH.toLowerCase() ) ) { return true; } else { return super.isLoginAttempt( authzHeaderScheme ); } }