com.predic8.membrane.core.interceptor.authentication.session

Class LoginInterceptor

java.lang.Object

com.predic8.membrane.core.interceptor.AbstractInterceptor

com.predic8.membrane.core.interceptor.authentication.session.LoginInterceptor

All Implemented Interfaces:

Interceptor

public class LoginInterceptor
extends AbstractInterceptor

Description

The login interceptor can be used to restrict and secure end user access to an arbitrary web application.

Users firstly have to authenticate themselves against a directory server using a username and password. Secondly, a numeric token is then sent to the user's cell phone using a text message service. After token verification, access to the web application is granted for the user's session. Single Sign On can easily be realized using a small source code extension or modification of a web application.

Explanation

The login interceptor combines 4 modules to implement its functionality. One implementation of each of the 4 module types is required. (The session manager and account blocker have default implementations.)

• The user data provider checks user passwords and provides additional data for each user (e.g. cell phone number, Single Sign On data, etc.).

• The session manager tracks the users' sessions across different HTTP requests (e.g. using a session cookie).

• The account blocker tracks the number of failed login attempts and might block future login attempts for a specified amount of time.

• The token provider generates the numeric token (possibly transmitting it to the user via a secondary channel like text messaging).

(Whether text messages and LDAP is actually used depends on the configuration. Alternatives are possible.)

The login interceptor realizes the login workflow. If all information entered by the user is valid, the workflow is as follows:

• The unauthenticated user is redirected to a login dialog.
• The user enters her username and password. (Step 1.)
• (A numeric token is sent to the user via text message, in case the telekomSMSTokenProvider is used. Steps 5 and 6.)
• The user enters her token. (Step 7.)
• The user is redirected to the originally requested URL (or a generic URL, in case the login dialog was directly requested). (Step 8.)

Topic

6. Security

Nested Class Summary

Nested classes/interfaces inherited from interface com.predic8.membrane.core.interceptor.Interceptor

Interceptor.Flow

Field Summary

Fields inherited from class com.predic8.membrane.core.interceptor.AbstractInterceptor

id, name, router

Constructor Summary

Constructors

Constructor and Description
LoginInterceptor()

Method Summary

Modifier and Type	Method and Description
AccountBlocker	getAccountBlocker()
String	getLocation()
String	getMessage()
String	getPath()
SessionManager	getSessionManager()
TokenProvider	getTokenProvider()
UserDataProvider	getUserDataProvider()
Outcome	handleRequest(Exchange exc)
Outcome	handleResponse(Exchange exc)
void	init() Called after parsing is complete and this has been added to the object tree (whose root is Router).
void	init(Router router)
boolean	isExposeUserCredentialsToSession()
void	setAccountBlocker(AccountBlocker accountBlocker)
void	setExposeUserCredentialsToSession(boolean exposeUserCredentialsToSession)
void	setLocation(String location)
void	setMessage(String message)
void	setPath(String path)
void	setSessionManager(SessionManager sessionManager)
void	setTokenProvider(TokenProvider tokenProvider)
void	setUserDataProvider(UserDataProvider userDataProvider)

Methods inherited from class com.predic8.membrane.core.interceptor.AbstractInterceptor

getDisplayName, getFlow, getHelpId, getId, getLongDescription, getRouter, getRule, getShortDescription, handleAbort, setDisplayName, setFlow, setId

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LoginInterceptor

public LoginInterceptor()

Method Detail

init

public void init()
          throws Exception

Description copied from class: AbstractInterceptor

Called after parsing is complete and this has been added to the object tree (whose root is Router).

Overrides:

init in class AbstractInterceptor

Throws:

Exception

init

public void init(Router router)
          throws Exception

Specified by:

init in interface Interceptor

Overrides:

init in class AbstractInterceptor

Throws:

Exception

handleRequest

public Outcome handleRequest(Exchange exc)
                      throws Exception

Specified by:

handleRequest in interface Interceptor

Overrides:

handleRequest in class AbstractInterceptor

Throws:

Exception

handleResponse

public Outcome handleResponse(Exchange exc)
                       throws Exception

Specified by:

handleResponse in interface Interceptor

Overrides:

handleResponse in class AbstractInterceptor

Throws:

Exception

getLocation

public String getLocation()

setLocation

public void setLocation(String location)

Description

location of the login dialog template (a directory containing the index.html file as well as possibly other resources)

Example

file:c:/work/login/

getPath

public String getPath()

setPath

public void setPath(String path)

Description

context path of the login dialog

Example

/login/

getUserDataProvider

public UserDataProvider getUserDataProvider()

setUserDataProvider

public void setUserDataProvider(UserDataProvider userDataProvider)

Description

The user data provider verifying a combination of a username with a password.

getTokenProvider

public TokenProvider getTokenProvider()

setTokenProvider

public void setTokenProvider(TokenProvider tokenProvider)

Description

The token provider computing or generating a numeric value used for two-factor authentication.

getSessionManager

public SessionManager getSessionManager()

setSessionManager

public void setSessionManager(SessionManager sessionManager)

Description

The sessionManager. (Default values will be used, if the element is not specified.)

getAccountBlocker

public AccountBlocker getAccountBlocker()

setAccountBlocker

public void setAccountBlocker(AccountBlocker accountBlocker)

Description

The accountBlocker. (Default values will be used, if the element is not specified.)

isExposeUserCredentialsToSession

public boolean isExposeUserCredentialsToSession()

setExposeUserCredentialsToSession

public void setExposeUserCredentialsToSession(boolean exposeUserCredentialsToSession)

Description

Whether the user's credentials should be copied over to the session. This means they will stay in memory and will be available to all Membrane components.

getMessage

public String getMessage()

setMessage

public void setMessage(String message)

Description

Set the message displayed during redirect.